Eset SSP 16.2.15.0 SSL/TLS rules "Duplicate item. The value is in conflict with another intem in the set."

[Enrico 3]

While trying to debug the firewall interactive rules issue I've encountered another problem: after creating a new ssl/tls application scan rule, when I edit the rule I recieve a "Duplicate item. The value is in conflict with another intem in the set." warning, even if there are no other rules.

If I edit the path of the executable the warning goes away, maybe Eset is treating "edit" a rule like "add" a rule and this cause the "duplicate item" warning? 

This problem also seems related to Eset updates, some weeks ago there were no warnings, but a month ago it was like today.

Anyone with the same problem? Is it a known bug?

Best regards.

 

[Marcos 4,935]

I was unable to reproduce the issue. Please provide logs collected with ESET Log Collector. I assume that uninstalling and reinstalling ESET from scratch wold fix it but that's probably not an option for you.

[itman 1,630]

You're talking "apples vs. oranges" here.

SSL/TLS protocol Application scan rules relate to Eset Web Access protection and have nothing to do with the Eset firewall which is related to Eset Network protection.

Eset has posted previously in the forum that users are not to modify SSL/TLS protocol Application scan rules. These are maintained internally by Eset.

[Marcos 4,935]

While SSL/TLS application scan rules can be modified, the setting should be used as a last resort when tackling issues with specific applications that communicate over HTTPS.

[Enrico 3]

@itman : while I was trying to debug the firewall I've checked all my settings, one by one, just to be sure that everything was OK, I know that the ssl/tls is not related to the firewall module. I use ssl/tls interactive, so add or edit rules is a must, some applications need scanning for better protection (browsers, downloaders), while other applications may have connection issues, so they must be ignored (often applications that use CEF for DRM or other needs, or browsers when websites require card reader device encrypted connection).

 

@Marcos: the screenshot was took with a clean installation and that was the only thing I've modified, now I've imported the previous Eset settings. Logs attached.

Best regards.

essp_logs.zip

Edited November 6 by Enrico

[Marcos 4,935]

You already have firefox.exe excluded so I received the same error when attempting to add it again:

 

I'd recommend keeping default settings. You have made several performance and process exclusions, automatic startup scan after update is disabled, scanning of removable media is disabled and most importantly, the essential LiveGrid reputation system is disabled as well. It's also important for Banking and payment protection to work:

Besides that, I'd recommend enabling also the ESET LiveGrid Feedback system for maximum protection.  Regular automatic update is set to a 3-hour interval instead of 1 hour.

[Enrico 3]

As I previously said when I took the screenshot it was with a clean installation , only that rule was created, then the logs were built with my old settings, needed for a safe internet access. The problem is not a new rule creation, it's the warning when I open (edit) an existing rule. With the pre-azure signature version everything was OK.

Default settings don't offer the protection I need, for example if I do not add a performance exclusions for my professional CAD/CAM software, and relative file extensions, it slows down or crashes, since Eset is scannign the constant read/writes of temporary and backup files (1-10GB size), the same can be said for flight simulators or audio/video editors. Scanning of removable media is disabled because none has access to my computers and only my removable media is used. I'm not interested in Live Grids, Clouds or software that require costant network traffic, my pc's are offline most of the time. Every Banking protection I've tried only caused issues with my restrictive browser configuration.

2003-2023 whitout infections.

Edited November 7 by Enrico

[Enrico 3]

V17.0.10.0 same issue: the only way to edit a rule is first delete the existing one, start the application requesting a ssl/tls connection and then saving a new auto/allow/ignore/ask rule.

 

btw: just for curiosity I'm also testing Grid and Browser protection, network traffic is less than I've expected and no browsing errors so far, so probably I'll leave them active.

[Marcos 4,935]

Please provide a video or step-by-step instructions how to reproduce it after installing ESET from scratch.

[Enrico 3]

From a clean ESSP installation:
01- set: Advanced setup - protections - SSL/TLS - SSL/TLS mode - Interactive.
02- start a browser and visit a website, in the Encrypted network traffic popup window select "Remember action for this application" and click on "Scan" button.

03- open: Advanced setup - protections - SSL/TLS - Application scan rules - Edit.
04- select the rule created for the browser and click "Edit"...

Edited November 13 by Enrico

[Marcos 4,935]

Thank you, the issue has been reported to developers and is now tracked.

P_ESSW-17497