AdGuard VPN incompatibility with ESET

[Ahmeduchiha 2]

I noticed that when I use AdGuard VPN HTTP2 protocol ESET can't detect and block malicious webpages also, AdGuard support QUIC and HTTP3 protocol which can't be detected by ESET either.

it works fine with some other VPN vendors but, why AdGuard VPN not compatible with ESET.

[itman 1,659]

Are you using the browser extension or stand-alone version of AdGuard VPN?

The browser extension version doesn't work with Eset: https://forum.eset.com/topic/34409-eset-not-working-with-vpn-extensions/ .

[Ahmeduchiha 2]

I was using Adguard VPN for windows not the extension but, still why ESET don't block malicious sites ESET browser extension should help blocking known URLs and ESET should have protection on the system and network level that can monitor and scan all the traffic it should be able to detect and block anything happen in the system and not get bypassed like that.

[itman 1,659]

It might be related to the QUIC issue affecting browsers as posted in recent forum threads.

Disable this setting;

Quote

Filter HTTP/3

If this option is enabled, AdGuard will filter requests sent over HTTP/3 in addition to other request types.

https://adguard.com/kb/adguard-for-windows/solving-problems/low-level-settings/#filter-http3

and see if this resolves the issue.

Another known Adguard incompatibility with ESET is Adguard's default use of Windows Filtering Platform. It needs to be disabled as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ .

Edited March 26 by itman

[Ahmeduchiha 2]

I tried with HTTP/2 also, it can bypass ESET web protection it's really strange that VPNs or any other app can bypass ESET protection also, it will affect parental control it can bypass rules by simply using VPN, ESET should override any other app as it can filter traffic system wide.

[Nightowl 202]

On 3/25/2024 at 1:41 PM, Ahmeduchiha said:

AdGuard support QUIC

I think security products still have difficulties scanning QUIC protocol , therefore they disable it so it fall back to normal UDP

This is from Fortinet , hence SSL DEEP INSPECT - NO
Fortinet instead gives the option to block QUIC so the software trying to use QUIC will fallback to UDP and be able to be scanned.

This is for their Firewall appliance and not Endpoint protection software. I brought the image as an example only.

 

So for you try to disable the QUIC protocol and use UDP or TCP.

Edited March 27 by Nightowl

[Ahmeduchiha 2]

Thank you for your reply,

HTTP/3 QUIK protocol is disabled.

[Nightowl 202]

26 minutes ago, Ahmeduchiha said:

Thank you for your reply,

HTTP/3 QUIK protocol is disabled.

I believe now ESET should be able to detect stuff , you can test it with an EICAR test file from EICAR official website

I've read now that in a recent FortiOS firewall version 7.2+ , it's able to scan the QUIC protocol but it was never able and the solution was to block QUIC through App Control , same applies to Palo Alto firewall , but I don't know if they added the function to scan QUIC protocol or not.

So could be security software solutions like ESET and other companies will follow the path soon.

Edited March 27 by Nightowl

[Ahmeduchiha 2]

unfortunately, it can't detect phishing link from AMTSO even when I disabled QUIK protocol.

what I notice when I use Adguard adblocker for windows is it enforce and override ESET SSL certificate but, Adguard VPN I don't know what it does to override ESET SSL certificate and bypass ESET protection.

Kaspersky to fix QUIK issue it enforce HTTP/2 protocol and block any QUIK or HTTP/3 protocols to be able to scan QUIK protocol or HTTP/3.

I hope ESET do their test and fix this problem as this is easy bypass for ESET protection.

[Ahmeduchiha 2]

I have to uninstall Adguard by removing it's files and registry keys using Revo uninstaller and clear browser cache to make ESET be able to block AMTSO phishing test again.

[itman 1,659]

Again ......

Quote

By default AdGuard VPN uses the regular WFP driver

https://adguard-vpn.com/kb/adguard-vpn-for-windows/overview/

Eset also uses Windows Filtering Platform and this is where the conflict exists.

Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed.

[Ahmeduchiha 2]

23 minutes ago, itman said:

Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed.

 ESET should override any rule, SSL certificate or driver it should force it's rules and filtration.

many users may not notice this conflict or this problem and they will left unprotected I discovered this issue by mere coincidence when I tested AMTSO phishing page and not blocked.

I don't know if use Wintun is the same as WFP or it's different filtering approach.

[itman 1,659]

1 hour ago, Ahmeduchiha said:

I don't know if use Wintun is the same as WFP or it's different filtering approach.

Turn on WinTun option. Reboot PC. Retest at AMTSO Phishing test site.

Ref: https://adguard-vpn.com/en/blog/adguard-vpn-v2-2-for-mac-and-windows.html .

Note that AdGuard documentation does not specifically state that WFP use is disabled when WinTun driver is used. But, the implication is the tunnel driver is bypassing WFP use.

[Ahmeduchiha 2]

unfortunately, Adguard can overwhelm ESET and bypass it's protection this is raise a concern why ESET can't overwhelm Adguard or any other app that tries to use WFP.

[itman 1,659]

16 minutes ago, Ahmeduchiha said:

Adguard can overwhelm ESET and bypass it's protection

Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected?

[Ahmeduchiha 2]

On 3/27/2024 at 10:23 PM, itman said:

Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected?

I tested Adguard with enabling Wintun as instructed and still ESET can't detect the phishing link also, once I connected to Adguard VPN for once ESET can't detect the phishing link anymore even when I disconnect the VPN and closed Adguard VPN app.

[Ahmeduchiha 2]

even after uninstalling Adguard VPN still ESET can't block the website and it does not show  ESET SSL certificate.

[itman 1,659]

13 hours ago, Ahmeduchiha said:

ESET can't block the website and it does not show  ESET SSL certificate.

No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false.

Did you disable Eset's SSL/TLS protocol scanning?

Edited March 29 by itman

[Ahmeduchiha 2]

4 hours ago, itman said:

No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false.

Did you disable Eset's SSL/TLS protocol scanning?

Try after using Adguard VPN after connect and surf the web for few seconds or Adguard Adblocker for windows you will notice that ESET unable to detect the website.

[itman 1,659]

17 hours ago, Ahmeduchiha said:

Adguard Adblocker for windows you will notice that ESET unable to detect the website.

Did you disable WFP use in Adguard Adblocker as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ ?

My advice is don't use anything installed AdGuard related with Eset. Their installed products overall are not compatible with Eset. Alternatives are to use Adguard browser extension or use uBlock Origin browser extension and activate AdGuard TPLs within it.

Edited March 30 by itman

[Ahmeduchiha 2]

The problem is when you install the app it overridden ESET web protection and even after remove Adguard APPs still ESET web protection doesn't work.

[itman 1,659]

1 hour ago, Ahmeduchiha said:

The problem is when you install the app it overridden ESET web protection and even after remove Adguard APPs still ESET web protection doesn't work.

You can try AdGuard Uninstaller tool to remove both AdGuard Adblocker and VPN;

Quote

Advanced method

In case regular uninstall doesn't work for any reason, you can try to use an advanced method. First of all, you need to download the uninstaller tool created by our developers. Extract the archive to any folder on your PC and run the Adguard.UninstallUtility.exe file, and allow the app to make changes to your device.

https://adguard.com/kb/adguard-for-windows/installation/

If Eset still doesn't detect properly afterwards, you will have to reinstall it.

Edited March 30 by itman

[Nightowl 202]

Also to save yourself the QA (Testing) which isn't your task to do so

Maybe easier just to switch to ESET VPN or ProtonVPN(offers free servers/countries also) and for blocking ads , just use uBlock Origin for your browser

Saves you the hassle and headache to fix those bugs.

[cyberhash 188]

Adblock Plus is another browser add on alternative and its good.

[SeriousHoax 83]

I can confirm that using AdGuard for Windows (didn't test their VPN) nullifies ESET's ability to block malicious websites no matter what settings are changed in AdGuard. Once AdGuard is on, ESET is gone.