Jump to content

Does Web Protection scan application traffic?


Recommended Posts

Hi there,

Just noted that the com.eset.network process shows activities around 10% when opening Mac apps such as App Store or Music. Shouldn't it be restricted to "browsers" as per Help section: https://help.eset.com/ecs/6/de-DE/?ud_web_email.html ?

If it scans App traffic, how can it be customized to scan Safari only? I've already excluded many applications under "General/Exclusions/Web and Email", but it doesn't seem to work....

Thanks!

Link to comment
Share on other sites

6 hours ago, Marcos said:

On Mac it is not possible to exclude particular applications from protocol filtering.

Could you please shortly explain what you mean?

 General/Exclusions/Web and Email: "Applications or IP addresses removed from scanning"351375711_Bildschirmfoto2021-11-17um08_11_57.thumb.png.3e2b1b1f5d452fde248eaf3fa3e3140b.png

 

Further, is it desired that when I deactivate the "Enable HTTP protocol checking", but leave Web Access and anti spyware protection on, internet connection is blocked because the Network Protection Proxy can't connect any longer? I want only phishing protection....

 

 

Bildschirmfoto 2021-11-17 um 08.18.07.png

Link to comment
Share on other sites

  • Administrators

1, Unfortunately I have no clue why Safari doesn't appear in the list of applications. Please raise a support ticket. I'd expect you could leave only Safari in the list.

2, HTTP filtering is crucial for Antiphishing to work. Without scanning HTTP communication the scanner would not know what websites you open.

Link to comment
Share on other sites

16 minutes ago, Marcos said:

1, Unfortunately I have no clue why Safari doesn't appear in the list of applications.

Because I have not listed it. The list is manually filled by me. 

It would better to allow defining which applications should be scanned rather than exclude everything that should not be scanned. I want to exclude everything except Safari. But as explained, even when entered in the list and thus excluded, it may be that ESET is still scanning the traffic as CPU goes up for com.eset.network when opening one of the applications.

 

17 minutes ago, Marcos said:

2, HTTP filtering is crucial for Antiphishing to work. Without scanning HTTP communication the scanner would not know what websites you open.

Why is it then possible to enable/deactivate protocol filtering when it is a crucial part of Web Access Protection?

Link to comment
Share on other sites

  • Administrators

I can check with colleagues how it behaves on Mac but on Windows disabling HTTP scanning triggers a warning:

image.png

Link to comment
Share on other sites

Not sure why you have port 443 as that is HTTPS not used by HTTP.

The anti phishing in ESET uses the Web Access Antivirus and anti spyware protection, and on new macOS versions they added a proxy (ESET Network Protection Proxy) for it to be able to scan urls (due to recent macOS security requirements from Apple).

Link to comment
Share on other sites

  • Administrators
6 minutes ago, Chas4 said:

Not sure why you have port 443 as that is HTTPS not used by HTTP.

Port 443 must be in the list in order for domains accessed in https communication to be recognized and possibly filtered.

Link to comment
Share on other sites

7 hours ago, Marcos said:

Port 443 must be in the list in order for domains accessed in https communication to be recognized and possibly filtered.

Last I knew ESET could not scan HTTPS on macOS and is not in the default ports, which are 80 and 8080

Link to comment
Share on other sites

  • Administrators
11 minutes ago, Chas4 said:

Last I knew ESET could not scan HTTPS on macOS and is not in the default ports, which are 80 and 8080

The HTTPS communication will not be scanned even with port 443 added in the list, however, it will enable the product to perform filtering by hostname.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...