Jump to content

Spoofed CA's after Police visit? or is it Eset..?

Go to solution Solved by itman,

Recommended Posts


Ive been using Steve Gibson's CA HTTPS Fingerprint (Hash) tool to gather webistes SHA-1 fingerprints, then checking them against them in the certifitcates in my firefox and vivaldi (vanilla) browsers, each time the sites are different SHA1- hashes to what his site reports it SHOULD be, I had BitDefender installed and he said BD and Kaspersky where 2 AV's that messed with it. so I got rid of BD and got a Trial of ESET Smart Security Premium, and again the hashes are not what https://www.grc.com/fingerprints.htm says they are - as its mentioned in that page, EV Certificates can not be spoofed and these where the only ones coming back OK (for my tests it was very rare to get a site with EV CA Certificates though)

I also use NordVPN for extended privacy and protection, I have tried on a vanilla browser and the results are the same, one (ebuyer.com) was ok on BD, but on ESET its not the same now, this leaves me to believe that either;

A) Iam being surveilled/Intercepted which is why the SHA-1 Fingerprints do not match..?

B) ESET Security is the cause, a lot of them ive tried since installing seemed to stating the certificate is 'signed' by ESET..? if so then fine, though it does stop me from detecting survelience/interception of my traffic

can anyone help with this?
just i was recently falsley accused of "hacking" my fathers "devices" and "bank accounts" and "emails" (lol), in which he sent the police around just to ask "if it IS me to stop" (with zero evidence), he works for the MOD, so would hae ability to ask someone at work to "hack me" -  it was all lies to get my anxiety stirred up - or - because he decided to stop talking to me due to family issues. he no longer has me to "guide hiim" - as every day he had a problem that needed MY help! and therefore is "old and lost" with his tech, without me... and I do NOT know how to hack!I

Any advice is greatly appreciated


Edited by Bitz N Bytz
Link to comment
Share on other sites

  • Administrators

That's because ESET scans SSL communication. While it's possible to disable SSL filtering, since most malware is downloaded via https nowadays, we do not recommend doing so.

Link to comment
Share on other sites

  • Solution

Interesting posting.

I will also add that both Kaspersky and BitDefender perform SSL/TLS protocol filtering. Hence the interception activity you observed using those products.

Also note that Eset will auto exclude from its SSL/TLS protocol filtering many vetted web sites using EV certificates such as banking web sites, etc.. If for some reason your bank web site is not auto excluded, you can create a URL exclusion for it in the Eset SSL/TLS protocol filtering settings section. This is the recommended way to perform SSL/TLS protocol filtering exclusions versus disabling SSL/TLS protocol filtering completely.

Edited by itman
Link to comment
Share on other sites

thanks everyone - mind at rest lol... still guna test it on my tablet elsewhere then back home - nothing on that - never been setup and used yet... so I should get the proper results on that - unless ESET scans all traffic to my devices over wifi?

thanks again

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...