Administrators Marcos 5,091 Posted February 20 Administrators Share Posted February 20 Please raise a support ticket if you are having issues with Web access protection on Linux. Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 8 Author Share Posted March 8 hxxp://www.giss.nasa.gov/ is blocked by WAP, even with SSL/TLS scanning disabled: Only way to load the page is to disable WAP completly. Can someone from ESET please tell me why this website is blocked!? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,091 Posted March 8 Administrators Share Posted March 8 No problems opening the site on Windows. Please report it via a support ticket if temporarily disabling Web access protection actually makes a difference. Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 8 Author Share Posted March 8 (edited) @Marcos by now I think it should be obvious that there is a problem specifically with the Linux version of WAP and not the Windows version. Like I already said - disabling WAP entirely is the only way (other than stopping the eea service entirely) to load the website (in Chrome and/or FF). Edited March 8 by eab FranceBB 1 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,091 Posted March 8 Administrators Share Posted March 8 Please raise a support ticket then. Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 8 Author Share Posted March 8 13 minutes ago, Marcos said: Please raise a support ticket then. Done. Ticket #00727066. Let's see what comes of it 🤷♂️ Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 11 Author Share Posted March 11 (edited) OK, the reply from ESET support was completely predictable: Quote 'Have you already tested adding the URL to the exceptions?' No, I didn't do that because I wanted to know from ESET Business support why this URL was being blocked in the first place. In any case, I decided to try to add it as to the Allowed and Excluded lists: This does nothing to solved the problem. I know for a fact that WAP is blocking this website because if I disable WAP completely the website loads immediately. So what gives? (Yes, I already replied with this info to ESET Business support, but they take a day or two to reply each time 😕 ) Edited March 11 by eab Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,091 Posted March 11 Administrators Share Posted March 11 I suspect there is a bug which causes this particular (and maybe also other trusted sites) not to be scanned regardless of the settings. I've asked our testers to re-test it and possibly file a bug for developers: Tested with ESET Endpoint Antivirus 10.2.2.0 on Ubuntu 20.04 LTS and Firefox. No problem with Chrome 122.0.621.111 either. The website is not scanned by ESET and opens alright: Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 11 Author Share Posted March 11 Thanks for testing @Marcos. But do you have WAP enabled as well? And if so, are you saying that, with WAP enabled that URL loads for you in the web browser? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,091 Posted March 11 Administrators Share Posted March 11 After clearing cache it works for me: Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 12 Author Share Posted March 12 Is there any way to get the assigned policy to update right away? It seems like sometimes it's updated on the client immediately, and other times it takes 10 minutes or so. And Linux command to pull the new policy settings from the server? Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 12 Author Share Posted March 12 Now magically the website is loading with WAP enabled, SSL/TLS disabled, and no URLs in the Allowed or Exceptions lists. 🤷♂️ Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 13 Author Share Posted March 13 And again today this URL is not loading: And the only change to the policy is disabling WAP -> SSL/TLS. Yesterday this same URL magically loaded with the same policy on the same PC, and today it's not loading again. With eea service stopped, or WAP completely disabled, the website loads. Exclusion lists do not work! 😠 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,091 Posted March 13 Administrators Share Posted March 13 Please raise a support ticket for help with further troubleshooting of the issue. Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 13 Author Share Posted March 13 (edited) Look at this - my fritz.box router page is also "blocked" by ESET/WAP - all I get is a white page: 6 minutes ago, Marcos said: Please raise a support ticket for help with further troubleshooting of the issue. I already did! They haven't done anything yet to help. I have now redirected them to this forum thread .. 🙄 This WAP feature is extremely buggy! Edited March 13 by eab Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,091 Posted March 13 Administrators Share Posted March 13 Would it be possible to try a different router than Fritzbox? Which model do you have by the way? Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 13 Author Share Posted March 13 26 minutes ago, Marcos said: Would it be possible to try a different router than Fritzbox? Which model do you have by the way? I don't have another router to test. But how would that help even if I did? I have the: FRITZ!Box 7590 Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 14 Author Share Posted March 14 New finding! It seems that accessing the NASA website (https://www.giss.nasa.gov) via IPv6 is blocked, whereas via IPv4 is not blocked. Ideas? Quote Link to comment Share on other sites More sharing options...
eab 25 Posted March 22 Author Share Posted March 22 The following was sent to ESET Support: Quote Here are our findings: The URL (https://www.giss.nasa.gov) points to both an IPv4 and IPv6 address: user@pc:~$ host www.giss.nasa.gov www.giss.nasa.gov is an alias for gs611-web3-pz.giss.nasa.gov. gs611-web3-pz.giss.nasa.gov has address 129.164.128.233 gs611-web3-pz.giss.nasa.gov has IPv6 address 2001:4d0:2310:230::233 When accessing the URL, for example in a web browser or using curl in the terminal, from a device and network/Internet connection which is IPv6-ready, the IPv6 address is automatically tried first. And if the IPv6 address does not work/resolve, then the web browser, or curl, tries to use the IPv4 address. However, when accessing the URL from a device and network/Internet connection which is not IPv6-ready, the IPv4 address is automatically tried first. In the case of this particular URL, the IPv4 address is working, whereas the IPv6 address is not working - this particular issue is not a problem with ESET. However, this is where ESET does introduce a problem: When this URL is accessed from a device and network/Internet connection which is IPv6-ready, and the IPv6 address fails to resolve, ESET seems to stop the diversion to the IPv4 address. On the other hand, when accessing the URL from a device and network/Internet connection which is not IPv6-ready, the IPv4 address is automatically tried first, and the site loads without problems - ESET does not block it. This man-in-the-middle-ing by ESET/WAP effectively disrupts the handover of a URL from IPv6-to-IPv4, and most likely also vice-versa. You and your technicians and/or developers should have no trouble reproducing this. I will add here as well that I recently was setting up a new Synology server and also experienced ESET/WAP blocking the Synology setup web page, which is the only way to correctly setup a Synology server. So it seems pretty clear that WAP is far too aggressive, especially for a PC-grade security tool, and needs to be thoroughly tested. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.