Jump to content

Protocol filtering and upload dramatic limitation


Recommended Posts

Hi,

is there a way of mitigating the protocol filtering function,please? It divides my upload speed by two and consumes 12% of my 3770K which is plain catastrophic. If this filtering function is disabled, everything goes back to normal.

Help !

 

Edited by Louis69
Orthographe
Link to post
Share on other sites
  • Administrators

Please create 2 advanced oper. system logs and adv. network protection logs, one with protocol filtering enabled and the other with PF disabled. Use the same url/file to test the download speed. To enable adv. OS logging, navigate to Tools -> Diagnostics in the adv. setup.

The esetperf.etl logs will be generated in C:\ProgramData\ESET\ESET Security\Diagnostics. After generating each log and disabling adv. OS logging, rename the file so that it's clear if it was generated with PF on or off. Finally collect logs with ESET Log Collector, upload the generated archive to a safe location and drop me a personal message with a download link.

Note: in order to enable adv. network filtering logging, temporarily uninstall EAV, install ESET Internet Security and activate a 30-day trial version.

Link to post
Share on other sites
Posted (edited)

Hi Marcos and Itman ! :)

ok, so I've been reading this:

https://support.eset.com/en/kb3126-disable-ssl-filtering-in-eset-windows-products

and it is actually working ! But what I don't understand is why the Google certificate hasn't been added to the "The list of known certificates" as a default setting.I realise it's technically a website among many others but then it's quite popular so...Anyways, I added manually the certificate to the list and I choose "Allow/Ignore". Is it all right ? Thanks

PS:

I was uling to Google drive from the browser, Itman.

Edited by Louis69
Link to post
Share on other sites

Eset SSL/TLS protocol filtering uses an internal whitelist to exclude web sites from scanning. I believe it is URL/domain name based although EV certificate status might play a factor.

Unfortunately, the only exclusion method other than by certificate is by IP address which is not suitable to most.

Note: unless the Google certificate you excluded is specific to the Google drive web site, this exclusion would apply to any other web site using the same cert..

Link to post
Share on other sites

Assuming you're accessing the French language Google drive web site, you can add this domain;

www.google.com/intl/fr/drive/*

to Eset Web access protection -> URL Address Management -> Address list -> List of allowed addresses -> Edit -> Add.

Note: doing so will prevent all Eset scanning for this domain/sub-domains. That includes not only uploads but also any downloads. This also applies to the Google certificate exclusion you added. This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites. Therefore, you should remove this certificate exclusion.

Link to post
Share on other sites

Hi, Itman

apologies for the late reply.

"This URL method is preferable to the Google cert. exclusion since it appears that cert. is used for multiple Google web sites"

Thank you for looking into my problem and I have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. 

Link to post
Share on other sites
27 minutes ago, Louis69 said:

have a question: how is it that you don't seem to trust the certificate exclusion method. Google seems to have done a good job with SSL certificates being now mandatory. They've hardened everything after all. 

The answer is any web site can be compromised. This is why Eset is scanning HTTPS incoming Internet traffic.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...