Jump to content

AdGuard VPN incompatibility with ESET


Recommended Posts

I noticed that when I use AdGuard VPN HTTP2 protocol ESET can't detect and block malicious webpages also, AdGuard support QUIC and HTTP3 protocol which can't be detected by ESET either.

it works fine with some other VPN vendors but, why AdGuard VPN not compatible with ESET.

Link to comment
Share on other sites

I was using Adguard VPN for windows not the extension but, still why ESET don't block malicious sites ESET browser extension should help blocking known URLs and ESET should have protection on the system and network level that can monitor and scan all the traffic it should be able to detect and block anything happen in the system and not get bypassed like that.

Link to comment
Share on other sites

It might be related to the QUIC issue affecting browsers as posted in recent forum threads.

Disable this setting;

Quote

Filter HTTP/3

If this option is enabled, AdGuard will filter requests sent over HTTP/3 in addition to other request types.

https://adguard.com/kb/adguard-for-windows/solving-problems/low-level-settings/#filter-http3

and see if this resolves the issue.

Another known Adguard incompatibility with ESET is Adguard's default use of Windows Filtering Platform. It needs to be disabled as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ .

Edited by itman
Link to comment
Share on other sites

I tried with HTTP/2 also, it can bypass ESET web protection it's really strange that VPNs or any other app can bypass ESET protection also, it will affect parental control it can bypass rules by simply using VPN, ESET should override any other app as it can filter traffic system wide.

Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)
On 3/25/2024 at 1:41 PM, Ahmeduchiha said:

AdGuard support QUIC

I think security products still have difficulties scanning QUIC protocol , therefore they disable it so it fall back to normal UDP

image.thumb.png.34f31538fa0e4ead7f638d3a5ea801d2.png

This is from Fortinet , hence SSL DEEP INSPECT - NO
Fortinet instead gives the option to block QUIC so the software trying to use QUIC will fallback to UDP and be able to be scanned.

This is for their Firewall appliance and not Endpoint protection software. I brought the image as an example only.

 

So for you try to disable the QUIC protocol and use UDP or TCP.

Edited by Nightowl
Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)
26 minutes ago, Ahmeduchiha said:

Thank you for your reply,

HTTP/3 QUIK protocol is disabled.

image.png.f0fa4cf1c4d1f31e30800250175328bb.png

I believe now ESET should be able to detect stuff , you can test it with an EICAR test file from EICAR official website

I've read now that in a recent FortiOS firewall version 7.2+ , it's able to scan the QUIC protocol but it was never able and the solution was to block QUIC through App Control , same applies to Palo Alto firewall , but I don't know if they added the function to scan QUIC protocol or not.

So could be security software solutions like ESET and other companies will follow the path soon.

Edited by Nightowl
Link to comment
Share on other sites

unfortunately, it can't detect phishing link from AMTSO even when I disabled QUIK protocol.

what I notice when I use Adguard adblocker for windows is it enforce and override ESET SSL certificate but, Adguard VPN I don't know what it does to override ESET SSL certificate and bypass ESET protection.

Kaspersky to fix QUIK issue it enforce HTTP/2 protocol and block any QUIK or HTTP/3 protocols to be able to scan QUIK protocol or HTTP/3.

I hope ESET do their test and fix this problem as this is easy bypass for ESET protection.

Link to comment
Share on other sites

I have to uninstall Adguard by removing it's files and registry keys using Revo uninstaller and clear browser cache to make ESET be able to block AMTSO phishing test again.

Link to comment
Share on other sites

Again ......

Quote

By default AdGuard VPN uses the regular WFP driver

https://adguard-vpn.com/kb/adguard-vpn-for-windows/overview/

Eset also uses Windows Filtering Platform and this is where the conflict exists.

Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed.

Link to comment
Share on other sites

23 minutes ago, itman said:

Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed.

 ESET should override any rule, SSL certificate or driver it should force it's rules and filtration.

many users may not notice this conflict or this problem and they will left unprotected I discovered this issue by mere coincidence when I tested AMTSO phishing page and not blocked.

I don't know if use Wintun is the same as WFP or it's different filtering approach.

qdyk3cdd.png.82a82598282bcf09b8b7888da2aae7a5.png

Link to comment
Share on other sites

1 hour ago, Ahmeduchiha said:

I don't know if use Wintun is the same as WFP or it's different filtering approach.

Turn on WinTun option. Reboot PC. Retest at AMTSO Phishing test site.

Ref: https://adguard-vpn.com/en/blog/adguard-vpn-v2-2-for-mac-and-windows.html .

Note that AdGuard documentation does not specifically state that WFP use is disabled when WinTun driver is used. But, the implication is the tunnel driver is bypassing WFP use.

Link to comment
Share on other sites

unfortunately, Adguard can overwhelm ESET and bypass it's protection this is raise a concern why ESET can't overwhelm Adguard or any other app that tries to use WFP.

Link to comment
Share on other sites

16 minutes ago, Ahmeduchiha said:

Adguard can overwhelm ESET and bypass it's protection

Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected?

Link to comment
Share on other sites

On 3/27/2024 at 10:23 PM, itman said:

Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected?

I tested Adguard with enabling Wintun as instructed and still ESET can't detect the phishing link also, once I connected to Adguard VPN for once ESET can't detect the phishing link anymore even when I disconnect the VPN and closed Adguard VPN app.

Link to comment
Share on other sites

13 hours ago, Ahmeduchiha said:

ESET can't block the website and it does not show  ESET SSL certificate.

No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false.

Did you disable Eset's SSL/TLS protocol scanning?

Eset_Phishing.thumb.png.1bc5a4954389d8acf6e390cbc1e77e6a.png

Edited by itman
Link to comment
Share on other sites

4 hours ago, itman said:

No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false.

Did you disable Eset's SSL/TLS protocol scanning?

Eset_Phishing.thumb.png.1bc5a4954389d8acf6e390cbc1e77e6a.png

Try after using Adguard VPN after connect and surf the web for few seconds or Adguard Adblocker for windows you will notice that ESET unable to detect the website.

Link to comment
Share on other sites

17 hours ago, Ahmeduchiha said:

Adguard Adblocker for windows you will notice that ESET unable to detect the website.

Did you disable WFP use in Adguard Adblocker as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ ?

My advice is don't use anything installed AdGuard related with Eset. Their installed products overall are not compatible with Eset. Alternatives are to use Adguard browser extension or use uBlock Origin browser extension and activate AdGuard TPLs within it.

Edited by itman
Link to comment
Share on other sites

The problem is when you install the app it overridden ESET web protection and even after remove Adguard APPs still ESET web protection doesn't work.

Link to comment
Share on other sites

1 hour ago, Ahmeduchiha said:

The problem is when you install the app it overridden ESET web protection and even after remove Adguard APPs still ESET web protection doesn't work.

You can try AdGuard Uninstaller tool to remove both AdGuard Adblocker and VPN;

Quote

Advanced method

In case regular uninstall doesn't work for any reason, you can try to use an advanced method. First of all, you need to download the uninstaller tool created by our developers. Extract the archive to any folder on your PC and run the Adguard.UninstallUtility.exe file, and allow the app to make changes to your device.

https://adguard.com/kb/adguard-for-windows/installation/

If Eset still doesn't detect properly afterwards, you will have to reinstall it.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members

Also to save yourself the QA (Testing) which isn't your task to do so

Maybe easier just to switch to ESET VPN or ProtonVPN(offers free servers/countries also) and for blocking ads , just use uBlock Origin for your browser

Saves you the hassle and headache to fix those bugs.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...