COStark26 10 Posted March 20 Share Posted March 20 (edited) Not a big deal .... but FF 124 with (about:config) -- network.http.http3.enabled -- changed to False I still get the -- https://crackingpatching.com/ -- site with DoH Enabled ...... Edge DoH Enabled but HTTP3 DISabled..... Blocks that site 3 times in a row. Will await 17.1 ..... Edited March 20 by COStark26 Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 20 Share Posted March 20 21 minutes ago, COStark26 said: Not a big deal .... but FF 124 with (about:config) -- network.http.http3.enabled -- changed to False I still get the -- https://crackingpatching.com/ First, as best as I can tell, Firefox isn't using HTTP/3. Next, the problem with Firefox is how it performs DNS resolution when DoH is enabled as noted in the other forum thread on this issue and repeated below; Quote This may be due to Mozilla Firefox's enablement of DNS over HTTPS. This feature is designed to bypass enterprise DNS and security and should not be used in an Enterprise environment. Our Web Protection interception interferes with this lookup. Note: Only Mozilla Firefox is affected by this. Other browsers that may use DNS over HTTPS such as Google Chrome, use the Operating System information for DNS, which we also do. Firefox is the only browser that uses its own DNS configuration. DNS-over-HTTPS at an application level attempts to bypass many security features. As such, we do not recommend having this setting enabled when using Sophos Web Protection. https://support.sophos.com/support/s/article/KB-000043686?language=en_US Quote Link to comment Share on other sites More sharing options...
COStark26 10 Posted March 20 Share Posted March 20 Thanks, itman. I saw a ghacks post from 2020 How to enable HTTP3 in FF plus a few other articles (2019 How To Geeks: HTTP/3 is becoming more widespread) ....and just presumed..... Not sure I'd see the difference anyway.... Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 22 Author Share Posted March 22 can I configure ESET to block newly registered domains? to reduce phishing attacks and malicious websites. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 22 Administrators Share Posted March 22 Just now, Ahmeduchiha said: can I configure ESET to block newly registered domains? to reduce phishing attacks and malicious websites. No. At least you cannot determine the age of domains with ESET. Quote Link to comment Share on other sites More sharing options...
czesetfan 29 Posted March 23 Share Posted March 23 You can disable "Uncategorized" in Web, Parental Controls. This will block access to newly created pages, but you should expect increased FPs. 👍🙂 Ahmeduchiha 1 Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 23 Author Share Posted March 23 I have concern about ESET browser extension shouldn't it help blocking malicious URLs that found in ESET database this should work even with QUIC protocol. as this also, will improve the performance of blocking webpages. Quote Link to comment Share on other sites More sharing options...
Ahmeduchiha 2 Posted March 23 Author Share Posted March 23 4 hours ago, czesetfan said: You can disable "Uncategorized" in Web, Parental Controls. This will block access to newly created pages, but you should expect increased FPs. 👍🙂 the problem with parental control is it's work per user not system wide. and for more reliability if the domain created for more than 32 days it can be unblocked even if it's not categorized by ESET as in this period if it was malicious probably it will be downed or blacklisted. Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 23 Share Posted March 23 On 3/20/2024 at 9:30 AM, COStark26 said: Not a big deal .... but FF 124 with (about:config) -- network.http.http3.enabled -- changed to False I still get the -- https://crackingpatching.com/ -- site with DoH Enabled Just retested. Eset nows blocks the domain with network.http.http3.enable set to false. DoH set to maximum level using default Cloudflare servers. I am also now using my ISP DNS servers as Win DNS servers. Quote Link to comment Share on other sites More sharing options...
COStark26 10 Posted March 24 Share Posted March 24 18 hours ago, itman said: Just retested. Eset nows blocks the domain with network.http.http3.enable set to false. DoH set to maximum level using default Cloudflare servers. I am also now using my ISP DNS servers as Win DNS servers. Still No Block for me. False setting & Quad 9 to Cloudflare (default) and that crackingpatch site still shows. I even changed the -- xxx.enable_0rrt -- expression to false but No Block. I'll live with it til 17.1..... Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 24 Share Posted March 24 6 hours ago, COStark26 said: Still No Block for me. False setting & Quad 9 to Cloudflare (default) and that http.http3.enable set to falsestill shows. In my case, the key element was switching back to my ISP DNS servers as my Win DNS servers. I had tried using both Cloudflare and Quad9 as my Win DNS servers previously with http.http3.enable set to false, and Eset failed to alert/block crackingpatch site. My suspicion it's the 6rd tunneling my ISP uses on their network. Quote Link to comment Share on other sites More sharing options...
COStark26 10 Posted March 25 Share Posted March 25 16 hours ago, itman said: In my case, the key element was switching back to my ISP DNS servers as my Win DNS servers. One last attempt & I'll leave you alone .... To do what you did with Win servers .....I'm looking at my AT&T Uverse Gateway data and in the Broadband Tab/Current Internet Connection .... I see Primary and Secondary DNS numbers ... Is THAT what I'd plug into the slots where Quad 9 data had been? ..... Obtain DNS Servers Automatically was my first guess that failed at making a Block. Quote Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 25 Share Posted March 25 6 minutes ago, COStark26 said: .I'm looking at my AT&T Uverse Gateway Ahh .............. You poor soul! That is also my ISP. First, you can't change any DNS server info on AT&T gateways/routers. They have locked the settings from modification. Do as I did. Remove any third party DNS server settings from your IPv4/IPv6 connections. Now you are using AT&T DNS servers assigned via DHCP. Reboot Windows. Retest with http.http3.enable set to false in Firefox. Quote Link to comment Share on other sites More sharing options...
COStark26 10 Posted March 25 Share Posted March 25 47 minutes ago, itman said: Ahh .............. You poor soul! That is also my ISP. First, you can't change any DNS server info on AT&T gateways/routers. They have locked the settings from modification. Do as I did. Remove any third party DNS server settings from your IPv4/IPv6 connections. Now you are using AT&T DNS servers assigned via DHCP. Reboot Windows. Retest with http.http3.enable set to false in Firefox. I was going to plug Those Gateway #s into the IPv4/IPv6 blocks of my W10 Network module (Network/ Change Adaptor Options/ Ethernet / IPv4 & 6 . Both Blocks Blank / Re-Start ... and I still get the test site page. I'll live with it & Thanks for the How-To..... Quote Link to comment Share on other sites More sharing options...
micasayyo 4 Posted March 27 Share Posted March 27 On 3/24/2024 at 3:09 PM, COStark26 said: Still No Block for me. False setting & Quad 9 to Cloudflare (default) and that crackingpatch site still shows. I even changed the -- xxx.enable_0rrt -- expression to false but No Block. I'll live with it til 17.1..... New version of Eset 17.1.9.0 in preview of its release😀 Quote Link to comment Share on other sites More sharing options...
COStark26 10 Posted March 27 Share Posted March 27 1 hour ago, micasayyo said: New version of Eset 17.1.9.0 in preview of its release😀 @micasayyo Really appreciate That update! 17.1.9.0 Preview Block occurs with - network.http.http3.enabled - EITHER TRUE OR FALSE. FF 124 DoH Max setting with Quad 9 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.