Ahmeduchiha 2 Posted March 17 Share Posted March 17 I noticed that ESET safe search flagged website as malicious but, didn't block it. but, it blocked EICAR test file and AMTSO phishing test webpage. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 17 Administrators Share Posted March 17 Blocking of the website works for me. Please carry on as follows: Enable advanced logging under Help and support -> Technical support Launch the browser Clear browser's cache Open the website and make sure it's not blocked Stop logging Collect logs with ESET Log Collector and upload the generated archive here. Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 17 Share Posted March 17 It's the same DNS over HTTPS Eset bypass discussed at length in this thread: https://forum.eset.com/topic/40209-eset-web-protection-doesnt-block-websites-on-firefox/ . With DoH disabled, Eset blocks access to web site via blacklist detection. With DoH enabled, web site access is granted w/o issue. The only difference in this case when using Firefox, no Eset Filtered Web site log block entries are created. Perhaps with Browser Security & Privacy enabled - I have it disabled - the search result malicious icon display factored into Eset block log entries not being created as has been previously documented. Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 17 Author Share Posted March 17 I uploaded the logs but, first try to access the website it was blocked but, after that ESET allowed access to the website. I am not sure if that has anything to do with the DOH but, it's not configured through the browser. essp_logs.zip Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 17 Administrators Share Posted March 17 I don't know why but I'm unable to reproduce the issue with DoH enabled and set to Max protection with Cloudflare selected as the provider: Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 17 Share Posted March 17 46 minutes ago, Marcos said: I don't know why but I'm unable to reproduce the issue with DoH enabled and set to Max protection with Cloudflare selected as the provider: Same setting in Firefox. Of note is I am also using Cloudflare as my Win 10 DNS servers; Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 18 Author Share Posted March 18 I am using Microsoft Edge so, this DNS option that Firefox has isn't available and this issue still persist even after clearing cache it seems the problem not because the browser but, ESET itself. I submitted ESET logs to Marcos, and I hope this help diagnose and fix this issue. Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 18 Share Posted March 18 57 minutes ago, Ahmeduchiha said: I am using Microsoft Edge so, this DNS option that Firefox has isn't available Refer to this article: https://winaero.com/enable-dns-over-https-in-microsoft-edge/ to determine if DNS over HTTPS is enabled in Edge and what DNS provider it is using. Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 19 Author Share Posted March 19 I use Cloudflare DNS but, on the network level not in the browser. and when I reproduced the issue first time visiting the website it was blocked but, trying to open the webpage again it opened and bypassed ESET protection. Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 19 Share Posted March 19 (edited) 11 hours ago, Ahmeduchiha said: I use Cloudflare DNS but, on the network level not in the browser. Your posted screen shot shows you have DNS over HTTPS enabled. Edge refers to DNS over HTTPS as "secure DNS." You also have "Use current service provider" enabled. You stated that you are using Cloudflare as your Windows DNS servers; i.e. current service provider. Therefore, you are using Cloudflare as your DNS over HTTPS provider. Disable the "Use secure DNS" setting; close and reopen Edge; and retest. Eset should alert and block access to this malicious web site every time Edited March 19 by itman micasayyo 1 Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 19 Administrators Share Posted March 19 This is because the server uses HTTP/3. If you disable QUIC in Chrome per https://support.eset.com/en/kb6757, blocking should work. With v17.1+ it should work even with QUIC enabled. Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 19 Author Share Posted March 19 I tried to disable DOH on the network and indeed ESET was able to block the website it seems that ESET is not compatible with DOH and encrypted DNS connection. I hope ESET fix this issue as soon as possible. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 19 Administrators Share Posted March 19 From your logs it was obvious that HTTP/3 was used which was the reason for not blocking the site. I assume it has nothing to do with DoH. Is the website blocked in Chrome with QUIC disabled in the setup? Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 19 Author Share Posted March 19 I use the default settings in Microsoft Edge and I believe that QUIC is disabled. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 19 Administrators Share Posted March 19 6 minutes ago, Ahmeduchiha said: I use the default settings in Microsoft Edge and I believe that QUIC is disabled. The network logs show otherwise: Please make sure you have it set to "disabled": Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 19 Author Share Posted March 19 I am so confused now after restarting Edge and try to test the website it opened normally and not blocked. QUIC is disabled by default. I don't know what to do now should I collect new logs? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 19 Administrators Share Posted March 19 Please post a screenshot of your QUIC setting in Edge, the same as I did. Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 19 Author Share Posted March 19 it's default. I don't know if enabled or not. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 19 Administrators Share Posted March 19 It's set to "default". Please set it to "disabled" and restart the browser. Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 19 Author Share Posted March 19 yes, it worked but, why ESET can't scan Quic protocol. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 19 Administrators Share Posted March 19 I assume that virtually no AV can scan QUIC. It's been experimental for a long time. As I have already mentioned, HTTP/3 will be supported as of v17.1. micasayyo 1 Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 19 Author Share Posted March 19 I see, thank you so much for your help. I will wait for the new release but, when it will be released? Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 19 Share Posted March 19 3 hours ago, Marcos said: This is because the server uses HTTP/3. If you disable QUIC in Chrome per https://support.eset.com/en/kb6757, According to Watchguard, you also need to also create a firewall rule to block UDP port 80 and 8080 network traffic: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Endpoint-Security/manage-settings/disable-http-3-protocol-for-web-access-control.html?TocPath=Troubleshooting|_____19 . 1 hour ago, Marcos said: I assume it has nothing to do with DoH. Except for Firefox which uses its own DNS processing with DoH enabled. Also, Firefox has QUIC enabled by default. Quote Link to comment Share on other sites More sharing options...
sesk 23 Posted March 19 Share Posted March 19 (edited) ya win-users, always complaining. never happy. we macos-users/cs-users, no https scan, and we are not complaining. we are not asking anymore when it is gonna be supported. we got it. it is a feature. ya pu**ies 😅 Edited March 19 by sesk Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 20 Administrators Share Posted March 20 Should be available on the pre-release update channel soon. micasayyo 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.