Web Access Protection problems

[eab 15]

1. Google Chrome Browser performance degradation
   With WAP enabled in the 'ESET Endpoint for Linux (V7+)' policy, results in the browser performance being unbearably slow. Websites take anywhere from 2-5 times as long to load as with WAP disabled. Multiple scand processes can be seen at the top of CPU usage whenever a website is loaded.
   We have tested this on multiple Linux PCs over the course of the last 4 weeks or so. We have also tried to disable some of the WAP features in the profile - no improvements were found.
   We also tested in Firefox, and the performance degradation is not as severe.
2. localhost, 127.0.0.1, 0.0.0.0 and ::6 blocked
   This problem we have been struggling with since months with ESET support. Now I am turning here to the forum community.
   Our software developers need to be able to access these addresses in the browser.
   We have tried everything we could think of in the WAP settings - excluding the IPs from WAP scans, adding the IPs and localhost under URL List Management - and nothing solves the issue.

Due to these unresolved problems we have had to resort to disabling WAP completely in the profile.

[Marcos 4,935]

There will be always certain overhead when it comes to scanning or http(s) filtering, however, it should not be that big. I would recommend raising a support ticket for help with troubleshooting the issue and finding the root cause on your system. In our tests we didn't experience such a big performance drop.

[eab 15]

And regarding the second problem?

[kurco 10]

Hi,

could you please specify in more detail issue from point 2? I'm not sure, if I understand it correctly. You are running some services locally, which are listening on some ports and you can't access it via browser? 

Regards,

Kurco

Edited November 16 by kurco

[eab 15]

2 hours ago, kurco said:

Hi,

could you please specify in more detail issue from point 2? I'm not sure, if I understand it correctly. You are running some services locally, which are listening on some ports and you can't access it via browser? 

Regards,

Kurco

Yes, the devs are serving some website services from, for example, a docker container, and they cannot access the website via Chrome/Firefox because WAP is blocking it.

[eab 15]

@Marcos @kurco 

These are the results of our most recent tests (regarding problem #2):

1. The policy settings are being successfully implemented on the client devices
2. WAP is "blocking" the IP address of the docker container - in this case 172.18.0.3
3. Excluding the docker container's IP address allows the served website to be loaded in both Chrome and Firefox

Questions:

• Why does WAP not seem to actually block access to the docker container's IP address
  • Instead the web browser returns a blank page and the browser dev-tool shows a '200 OK' status, but there are 0 bytes of data returned.
    • Which differs from when the web browser shows a 'Site not reachable', or ESET's 'This site is blocked', page.
  • The site also remains reachable via the curl command in the terminal
• Why does WAP interfere at all with this internal IP address?

Edited November 17 by eab

[eab 15]

Regarding problem #1 - from our testing we have determined that the performance degradation is not noticeable on Windows clients.

[kurco 10]

Hi eab,

we will still need further details about your issues, so please raise a support ticket and we will allocate resources to investigate what is really going on. 

Thanks. 

[eab 15]

@kurco we already have a ticket open with our local ESET supplier. We are preparing the necessary logs they requested. Will keep you posted ...