Does Web Protection scan application traffic?

[bEeReE 4]

Hi there,

Just noted that the com.eset.network process shows activities around 10% when opening Mac apps such as App Store or Music. Shouldn't it be restricted to "browsers" as per Help section: https://help.eset.com/ecs/6/de-DE/?ud_web_email.html ?

If it scans App traffic, how can it be customized to scan Safari only? I've already excluded many applications under "General/Exclusions/Web and Email", but it doesn't seem to work....

Thanks!

[Marcos 4,707]

On Mac it is not possible to exclude particular applications from protocol filtering. As for the performance / cpu utilization issue, please collect logs as per https://support.eset.com/en/kb3404 and raise a support ticket.

[bEeReE 4]

6 hours ago, Marcos said:

On Mac it is not possible to exclude particular applications from protocol filtering.

Could you please shortly explain what you mean?

 General/Exclusions/Web and Email: "Applications or IP addresses removed from scanning"

 

Further, is it desired that when I deactivate the "Enable HTTP protocol checking", but leave Web Access and anti spyware protection on, internet connection is blocked because the Network Protection Proxy can't connect any longer? I want only phishing protection....

 

 

[Marcos 4,707]

1, Unfortunately I have no clue why Safari doesn't appear in the list of applications. Please raise a support ticket. I'd expect you could leave only Safari in the list.

2, HTTP filtering is crucial for Antiphishing to work. Without scanning HTTP communication the scanner would not know what websites you open.

[bEeReE 4]

16 minutes ago, Marcos said:

1, Unfortunately I have no clue why Safari doesn't appear in the list of applications.

Because I have not listed it. The list is manually filled by me. 

It would better to allow defining which applications should be scanned rather than exclude everything that should not be scanned. I want to exclude everything except Safari. But as explained, even when entered in the list and thus excluded, it may be that ESET is still scanning the traffic as CPU goes up for com.eset.network when opening one of the applications.

 

17 minutes ago, Marcos said:

2, HTTP filtering is crucial for Antiphishing to work. Without scanning HTTP communication the scanner would not know what websites you open.

Why is it then possible to enable/deactivate protocol filtering when it is a crucial part of Web Access Protection?

[Marcos 4,707]

I can check with colleagues how it behaves on Mac but on Windows disabling HTTP scanning triggers a warning:

[Chas4 3]

Not sure why you have port 443 as that is HTTPS not used by HTTP.

The anti phishing in ESET uses the Web Access Antivirus and anti spyware protection, and on new macOS versions they added a proxy (ESET Network Protection Proxy) for it to be able to scan urls (due to recent macOS security requirements from Apple).

[Marcos 4,707]

6 minutes ago, Chas4 said:

Not sure why you have port 443 as that is HTTPS not used by HTTP.

Port 443 must be in the list in order for domains accessed in https communication to be recognized and possibly filtered.

[Chas4 3]

7 hours ago, Marcos said:

Port 443 must be in the list in order for domains accessed in https communication to be recognized and possibly filtered.

Last I knew ESET could not scan HTTPS on macOS and is not in the default ports, which are 80 and 8080

[Marcos 4,707]

11 minutes ago, Chas4 said:

Last I knew ESET could not scan HTTPS on macOS and is not in the default ports, which are 80 and 8080

The HTTPS communication will not be scanned even with port 443 added in the list, however, it will enable the product to perform filtering by hostname.