Louis69 0 Posted January 9, 2021 Share Posted January 9, 2021 (edited) Hi, is there a way of mitigating the protocol filtering function,please? It divides my upload speed by two and consumes 12% of my 3770K which is plain catastrophic. If this filtering function is disabled, everything goes back to normal. Help ! Edited January 9, 2021 by Louis69 Orthographe Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 9, 2021 Administrators Share Posted January 9, 2021 Please create 2 advanced oper. system logs and adv. network protection logs, one with protocol filtering enabled and the other with PF disabled. Use the same url/file to test the download speed. To enable adv. OS logging, navigate to Tools -> Diagnostics in the adv. setup. The esetperf.etl logs will be generated in C:\ProgramData\ESET\ESET Security\Diagnostics. After generating each log and disabling adv. OS logging, rename the file so that it's clear if it was generated with PF on or off. Finally collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a download link. Note: in order to enable adv. network filtering logging, temporarily uninstall EAV, install ESET Internet Security and activate a 30-day trial version. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 9, 2021 Share Posted January 9, 2021 How are you performing file uploads? Via a browser or outside of a browser? Link to comment Share on other sites More sharing options...
Louis69 0 Posted January 9, 2021 Author Share Posted January 9, 2021 (edited) Hi Marcos and Itman ! ok, so I've been reading this: https://support.eset.com/en/kb3126-disable-ssl-filtering-in-eset-windows-products and it is actually working ! But what I don't understand is why the Google certificate hasn't been added to the "The list of known certificates" as a default setting.I realise it's technically a website among many others but then it's quite popular so...Anyways, I added manually the certificate to the list and I choose "Allow/Ignore". Is it all right ? Thanks PS: I was uling to Google drive from the browser, Itman. Edited January 9, 2021 by Louis69 Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 9, 2021 Share Posted January 9, 2021 Eset SSL/TLS protocol filtering uses an internal whitelist to exclude web sites from scanning. I believe it is URL/domain name based although EV certificate status might play a factor. Unfortunately, the only exclusion method other than by certificate is by IP address which is not suitable to most. Note: unless the Google certificate you excluded is specific to the Google drive web site, this exclusion would apply to any other web site using the same cert.. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 9, 2021 Share Posted January 9, 2021 Assuming you're accessing the French language Google drive web site, you can add this domain; www.google.com/intl/fr/drive/* to Eset Web access protection -> URL Address Management -> Address list -> List of allowed addresses -> Edit -> Add. Note: doing so will prevent all Eset scanning for this domain/sub-domains. That includes not only uploads but also any downloads. This also applies to the Google certificate exclusion you added. This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites. Therefore, you should remove this certificate exclusion. Link to comment Share on other sites More sharing options...
Louis69 0 Posted January 12, 2021 Author Share Posted January 12, 2021 Hi, Itman apologies for the late reply. "This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites" Thank you for looking into my problem and I have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 12, 2021 Share Posted January 12, 2021 27 minutes ago, Louis69 said: have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. The answer is any web site can be compromised. This is why Eset is scanning HTTPS incoming Internet traffic. Link to comment Share on other sites More sharing options...
Recommended Posts