Protocol filtering and upload dramatic limitation

[Louis69 0]

Hi,

is there a way of mitigating the protocol filtering function,please? It divides my upload speed by two and consumes 12% of my 3770K which is plain catastrophic. If this filtering function is disabled, everything goes back to normal.

Help !

 

Edited January 9 by Louis69
Orthographe

[Marcos 3,573]

Please create 2 advanced oper. system logs and adv. network protection logs, one with protocol filtering enabled and the other with PF disabled. Use the same url/file to test the download speed. To enable adv. OS logging, navigate to Tools -> Diagnostics in the adv. setup.

The esetperf.etl logs will be generated in C:\ProgramData\ESET\ESET Security\Diagnostics. After generating each log and disabling adv. OS logging, rename the file so that it's clear if it was generated with PF on or off. Finally collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a download link.

Note: in order to enable adv. network filtering logging, temporarily uninstall EAV, install ESET Internet Security and activate a 30-day trial version.

[itman 927]

How are you performing file uploads? Via a browser or outside of a browser?

[Louis69 0]

Hi Marcos and Itman !

ok, so I've been reading this:

https://support.eset.com/en/kb3126-disable-ssl-filtering-in-eset-windows-products

and it is actually working ! But what I don't understand is why the Google certificate hasn't been added to the "The list of known certificates" as a default setting.I realise it's technically a website among many others but then it's quite popular so...Anyways, I added manually the certificate to the list and I choose "Allow/Ignore". Is it all right ? Thanks

PS:

I was uling to Google drive from the browser, Itman.

Edited January 9 by Louis69

[itman 927]

Eset SSL/TLS protocol filtering uses an internal whitelist to exclude web sites from scanning. I believe it is URL/domain name based although EV certificate status might play a factor.

Unfortunately, the only exclusion method other than by certificate is by IP address which is not suitable to most.

Note: unless the Google certificate you excluded is specific to the Google drive web site, this exclusion would apply to any other web site using the same cert..

[itman 927]

Assuming you're accessing the French language Google drive web site, you can add this domain;

www.google.com/intl/fr/drive/*

to Eset Web access protection -> URL Address Management -> Address list -> List of allowed addresses -> Edit -> Add.

Note: doing so will prevent all Eset scanning for this domain/sub-domains. That includes not only uploads but also any downloads. This also applies to the Google certificate exclusion you added. This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites. Therefore, you should remove this certificate exclusion.

[Louis69 0]

Hi, Itman

apologies for the late reply.

"This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites"

Thank you for looking into my problem and I have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. 

[itman 927]

27 minutes ago, Louis69 said:

have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. 

The answer is any web site can be compromised. This is why Eset is scanning HTTPS incoming Internet traffic.