Louis69 0 Posted January 9 Share Posted January 9 (edited) Hi, is there a way of mitigating the protocol filtering function,please? It divides my upload speed by two and consumes 12% of my 3770K which is plain catastrophic. If this filtering function is disabled, everything goes back to normal. Help ! Edited January 9 by Louis69 Orthographe Link to post Share on other sites
Administrators Marcos 3,631 Posted January 9 Administrators Share Posted January 9 Please create 2 advanced oper. system logs and adv. network protection logs, one with protocol filtering enabled and the other with PF disabled. Use the same url/file to test the download speed. To enable adv. OS logging, navigate to Tools -> Diagnostics in the adv. setup. The esetperf.etl logs will be generated in C:\ProgramData\ESET\ESET Security\Diagnostics. After generating each log and disabling adv. OS logging, rename the file so that it's clear if it was generated with PF on or off. Finally collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a download link. Note: in order to enable adv. network filtering logging, temporarily uninstall EAV, install ESET Internet Security and activate a 30-day trial version. Link to post Share on other sites
itman 952 Posted January 9 Share Posted January 9 How are you performing file uploads? Via a browser or outside of a browser? Link to post Share on other sites
Louis69 0 Posted January 9 Author Share Posted January 9 (edited) Hi Marcos and Itman ! ok, so I've been reading this: https://support.eset.com/en/kb3126-disable-ssl-filtering-in-eset-windows-products and it is actually working ! But what I don't understand is why the Google certificate hasn't been added to the "The list of known certificates" as a default setting.I realise it's technically a website among many others but then it's quite popular so...Anyways, I added manually the certificate to the list and I choose "Allow/Ignore". Is it all right ? Thanks PS: I was uling to Google drive from the browser, Itman. Edited January 9 by Louis69 Link to post Share on other sites
itman 952 Posted January 9 Share Posted January 9 Eset SSL/TLS protocol filtering uses an internal whitelist to exclude web sites from scanning. I believe it is URL/domain name based although EV certificate status might play a factor. Unfortunately, the only exclusion method other than by certificate is by IP address which is not suitable to most. Note: unless the Google certificate you excluded is specific to the Google drive web site, this exclusion would apply to any other web site using the same cert.. Link to post Share on other sites
itman 952 Posted January 9 Share Posted January 9 Assuming you're accessing the French language Google drive web site, you can add this domain; www.google.com/intl/fr/drive/* to Eset Web access protection -> URL Address Management -> Address list -> List of allowed addresses -> Edit -> Add. Note: doing so will prevent all Eset scanning for this domain/sub-domains. That includes not only uploads but also any downloads. This also applies to the Google certificate exclusion you added. This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites. Therefore, you should remove this certificate exclusion. Link to post Share on other sites
Louis69 0 Posted January 12 Author Share Posted January 12 Hi, Itman apologies for the late reply. "This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites" Thank you for looking into my problem and I have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. Link to post Share on other sites
itman 952 Posted January 12 Share Posted January 12 27 minutes ago, Louis69 said: have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. The answer is any web site can be compromised. This is why Eset is scanning HTTPS incoming Internet traffic. Link to post Share on other sites
Recommended Posts