Jump to content

Endpoint Security and SSL Protocol scanning


Go to solution Solved by JeremyS,

Recommended Posts

Posted (edited)

Hi,

 

I am having trouble with SSL and Endpoint Security and require advice.

 

I am using Remote Administrator Console to manage EndPoint Security 5.0.2229, we are using a policy and I have been asked to restrict access to certain sites, I can block http but when I enable https protocol checking it impacts a majority of the sites we use (Outlook and Lync mostly)

 

What is the best way to manage the Trusted Certificates, I really don't want to spend time importing every SSL cert we need, or running in  learning mode, can I allow every Cert then blacklist specific sites?

 

What have you found is the best way to manage SSL Certificates?

 

Thanks for your time,

 

James

Edited by jameshnz
  • ESET Staff
Posted

Hello James,

The settings that I recommend for best first-attempt SSL scanning compatibility are:

-SSL protocol checking = always

-Ask about certificate validity if the certificate cannot be verified using the Trusted Root Certification Authorities store= yes

-Ask about certificate validity if the certificate is invalid or corrupt = yes

-Add the root certificate to known broswers = yes

-Apply created exceptions based on certificates = no

-Block encrypted communication utilizing the obsolete protocol SSL v2 = no

On a test machine that is temporarily unconnected to Remote Administrator, I'd try:

-Adding the production site\software certificates to the "trusted certificates" section of the Certificate list submenu.

-Testing a number of sites, and their subsites, that users need to access for work.

-For a certificate that requires user interaction to go through ESET:

     >Try exporting the the authority certs located in the Windows Certificate Stores to the ESET Certificate list's "trusted" section.

     >See if you can access the given site without a prompt. If not, then you may need to import any needed site certs into ESET's certificate list within the relevant Remote Administrator policy.

With the settings that I provided, most sites shouldn't give you any trouble. Self-signed intranet sites will give you problems, as those need importation into both the Windows Certificate Store as well as ESET's cert list.

*Note that if the issue seems confined to versions of Firefox prior to 30.x, then update to the latest ESR or general release of Firefox to get that taken care of.

Posted (edited)

Thank you, those settings have worked for web browsing however I am still finding programs like Office and Lync having problems until I disable HTTPS filtering mode.

 

Doing this enables Outlook and Lync, ticking it will most certainly and immediately cause it to disconnect and crash.

 

I have attached the screenshot of the setting I am describing.

 

What is the difference between the HTTPS Filtering Mode and the SSL Protocol Filtering, did we need both?

 

post-5493-0-69519700-1415152181_thumb.png

Edited by jameshnz
Posted

Hello,

 

Any response to this, I can confirm that in our network if I enable the HTTPS Filtering Mode, it impacts all users ability to login to Outlook (Microsoft 365 hosted) and Lync, is it a case of adding these certificates to an exception list, there are many of them and we will have outages again if a URL changes etc.

 

Thanks,

 

James

  • ESET Staff
  • Solution
Posted

Hi James,

 

You can exclude Lync and Outlook from Protocol Filtering altogether, which should resolve any compatibility issues with either application. To do so,

 

-Go into the Firewall section of the Desktop V5 policy tree.

-Add the paths to Outlook.exe and Lync.exe as X'd entries within the Web Browsers section of Zone and Rule Setup.

   >This section of the Remote Administrator policy is the equivalent of the "ip addresses excluded from Protocol Filtering" section of the AV products' advanced configuration tree.

   >As an aside in case you were wondering, adding a checked entry to this list will make it so that ESET scans every packet sent and received by that application. By default, ESET

   scans an optimal sample of the packets. Checked entries correspond to adding executables to Web Access Protection's "active mode" list.

 

 

Hi James,

 

You can exclude Lync and Outlook from Protocol Filtering altogether, which should resolve any compatibility issues with either application. To do so,

 

-Go into the Firewall section of the Desktop V5 policy tree.

-Add the paths to Outlook.exe and Lync.exe as X'd entries within the Web Browsers section of Zone and Rule Setup.

   >This section of the Remote Administrator policy is the equivalent of the "ip addresses excluded from Protocol Filtering" section of the AV products' advanced configuration tree.

   >As an aside in case you were wondering, adding a checked entry to this list will make it so that ESET scans every packet sent and received by that application. By default, ESET

   scans an optimal sample of the packets. Checked entries correspond to adding executables to Web Access Protection's "active mode" list.

 

 

Here is a link to a screenshot of the aforementioned settings:

 

https://eset.sharefile.com/d/s8ab1792119e49bdb

 

 

 

Q. What is the difference between the HTTPS Filtering Mode and the SSL Protocol Filtering?

 

A. SSL Protocol filtering enables the scanning of packets belonging to any Layer 7 protocol making use of SSL encryption. HTTPS Filtering Mode toggles whether or not HTTPS traffic

    will be among the Layer 7 protocols scanned.

Posted

Great thank you, I missed that option via the ERA but now you have pointed it out it's very obvious.

 

 

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...