Ahmeduchiha 2 Posted March 25 Posted March 25 I noticed that when I use AdGuard VPN HTTP2 protocol ESET can't detect and block malicious webpages also, AdGuard support QUIC and HTTP3 protocol which can't be detected by ESET either. it works fine with some other VPN vendors but, why AdGuard VPN not compatible with ESET.
itman 1,801 Posted March 25 Posted March 25 Are you using the browser extension or stand-alone version of AdGuard VPN? The browser extension version doesn't work with Eset: https://forum.eset.com/topic/34409-eset-not-working-with-vpn-extensions/ .
Ahmeduchiha 2 Posted March 26 Author Posted March 26 I was using Adguard VPN for windows not the extension but, still why ESET don't block malicious sites ESET browser extension should help blocking known URLs and ESET should have protection on the system and network level that can monitor and scan all the traffic it should be able to detect and block anything happen in the system and not get bypassed like that.
itman 1,801 Posted March 26 Posted March 26 (edited) It might be related to the QUIC issue affecting browsers as posted in recent forum threads. Disable this setting; Quote Filter HTTP/3 If this option is enabled, AdGuard will filter requests sent over HTTP/3 in addition to other request types. https://adguard.com/kb/adguard-for-windows/solving-problems/low-level-settings/#filter-http3 and see if this resolves the issue. Another known Adguard incompatibility with ESET is Adguard's default use of Windows Filtering Platform. It needs to be disabled as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ . Edited March 26 by itman
Ahmeduchiha 2 Posted March 27 Author Posted March 27 I tried with HTTP/2 also, it can bypass ESET web protection it's really strange that VPNs or any other app can bypass ESET protection also, it will affect parental control it can bypass rules by simply using VPN, ESET should override any other app as it can filter traffic system wide.
Most Valued Members Nightowl 206 Posted March 27 Most Valued Members Posted March 27 (edited) On 3/25/2024 at 1:41 PM, Ahmeduchiha said: AdGuard support QUIC I think security products still have difficulties scanning QUIC protocol , therefore they disable it so it fall back to normal UDP This is from Fortinet , hence SSL DEEP INSPECT - NO Fortinet instead gives the option to block QUIC so the software trying to use QUIC will fallback to UDP and be able to be scanned. This is for their Firewall appliance and not Endpoint protection software. I brought the image as an example only. So for you try to disable the QUIC protocol and use UDP or TCP. Edited March 27 by Nightowl
Ahmeduchiha 2 Posted March 27 Author Posted March 27 Thank you for your reply, HTTP/3 QUIK protocol is disabled. Nightowl 1
Most Valued Members Nightowl 206 Posted March 27 Most Valued Members Posted March 27 (edited) 26 minutes ago, Ahmeduchiha said: Thank you for your reply, HTTP/3 QUIK protocol is disabled. I believe now ESET should be able to detect stuff , you can test it with an EICAR test file from EICAR official website I've read now that in a recent FortiOS firewall version 7.2+ , it's able to scan the QUIC protocol but it was never able and the solution was to block QUIC through App Control , same applies to Palo Alto firewall , but I don't know if they added the function to scan QUIC protocol or not. So could be security software solutions like ESET and other companies will follow the path soon. Edited March 27 by Nightowl
Ahmeduchiha 2 Posted March 27 Author Posted March 27 unfortunately, it can't detect phishing link from AMTSO even when I disabled QUIK protocol. what I notice when I use Adguard adblocker for windows is it enforce and override ESET SSL certificate but, Adguard VPN I don't know what it does to override ESET SSL certificate and bypass ESET protection. Kaspersky to fix QUIK issue it enforce HTTP/2 protocol and block any QUIK or HTTP/3 protocols to be able to scan QUIK protocol or HTTP/3. I hope ESET do their test and fix this problem as this is easy bypass for ESET protection.
Ahmeduchiha 2 Posted March 27 Author Posted March 27 I have to uninstall Adguard by removing it's files and registry keys using Revo uninstaller and clear browser cache to make ESET be able to block AMTSO phishing test again.
itman 1,801 Posted March 27 Posted March 27 Again ...... Quote By default AdGuard VPN uses the regular WFP driver https://adguard-vpn.com/kb/adguard-vpn-for-windows/overview/ Eset also uses Windows Filtering Platform and this is where the conflict exists. Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed.
Ahmeduchiha 2 Posted March 27 Author Posted March 27 23 minutes ago, itman said: Unlike AdGuard Adblocker product, I don't see an option to disable WFP in AdGuard VPN. As such, you can't use AdGuard VPN if Eset is installed. ESET should override any rule, SSL certificate or driver it should force it's rules and filtration. many users may not notice this conflict or this problem and they will left unprotected I discovered this issue by mere coincidence when I tested AMTSO phishing page and not blocked. I don't know if use Wintun is the same as WFP or it's different filtering approach.
itman 1,801 Posted March 27 Posted March 27 1 hour ago, Ahmeduchiha said: I don't know if use Wintun is the same as WFP or it's different filtering approach. Turn on WinTun option. Reboot PC. Retest at AMTSO Phishing test site. Ref: https://adguard-vpn.com/en/blog/adguard-vpn-v2-2-for-mac-and-windows.html . Note that AdGuard documentation does not specifically state that WFP use is disabled when WinTun driver is used. But, the implication is the tunnel driver is bypassing WFP use.
Ahmeduchiha 2 Posted March 27 Author Posted March 27 unfortunately, Adguard can overwhelm ESET and bypass it's protection this is raise a concern why ESET can't overwhelm Adguard or any other app that tries to use WFP.
itman 1,801 Posted March 27 Posted March 27 16 minutes ago, Ahmeduchiha said: Adguard can overwhelm ESET and bypass it's protection Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected?
Ahmeduchiha 2 Posted March 28 Author Posted March 28 On 3/27/2024 at 10:23 PM, itman said: Did you enable the AdGuard WinTun driver as instructed and perform the AMTSO Desktop tests? Did Eset block these tests as expected? I tested Adguard with enabling Wintun as instructed and still ESET can't detect the phishing link also, once I connected to Adguard VPN for once ESET can't detect the phishing link anymore even when I disconnect the VPN and closed Adguard VPN app.
Ahmeduchiha 2 Posted March 29 Author Posted March 29 even after uninstalling Adguard VPN still ESET can't block the website and it does not show ESET SSL certificate.
itman 1,801 Posted March 29 Posted March 29 (edited) 13 hours ago, Ahmeduchiha said: ESET can't block the website and it does not show ESET SSL certificate. No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false. Did you disable Eset's SSL/TLS protocol scanning? Edited March 29 by itman
Ahmeduchiha 2 Posted March 29 Author Posted March 29 4 hours ago, itman said: No problem here using FireFox w/DoH set to max; ISP set to Cloudflare; and network.http.http3.enable set via about:config option to false. Did you disable Eset's SSL/TLS protocol scanning? Try after using Adguard VPN after connect and surf the web for few seconds or Adguard Adblocker for windows you will notice that ESET unable to detect the website.
itman 1,801 Posted March 29 Posted March 29 (edited) 17 hours ago, Ahmeduchiha said: Adguard Adblocker for windows you will notice that ESET unable to detect the website. Did you disable WFP use in Adguard Adblocker as shown here: https://adguard.com/kb/adguard-for-windows/solving-problems/wfp-driver/ ? My advice is don't use anything installed AdGuard related with Eset. Their installed products overall are not compatible with Eset. Alternatives are to use Adguard browser extension or use uBlock Origin browser extension and activate AdGuard TPLs within it. Edited March 30 by itman
Ahmeduchiha 2 Posted March 30 Author Posted March 30 The problem is when you install the app it overridden ESET web protection and even after remove Adguard APPs still ESET web protection doesn't work.
itman 1,801 Posted March 30 Posted March 30 (edited) 1 hour ago, Ahmeduchiha said: The problem is when you install the app it overridden ESET web protection and even after remove Adguard APPs still ESET web protection doesn't work. You can try AdGuard Uninstaller tool to remove both AdGuard Adblocker and VPN; Quote Advanced method In case regular uninstall doesn't work for any reason, you can try to use an advanced method. First of all, you need to download the uninstaller tool created by our developers. Extract the archive to any folder on your PC and run the Adguard.UninstallUtility.exe file, and allow the app to make changes to your device. https://adguard.com/kb/adguard-for-windows/installation/ If Eset still doesn't detect properly afterwards, you will have to reinstall it. Edited March 30 by itman
Most Valued Members Nightowl 206 Posted March 31 Most Valued Members Posted March 31 Also to save yourself the QA (Testing) which isn't your task to do so Maybe easier just to switch to ESET VPN or ProtonVPN(offers free servers/countries also) and for blocking ads , just use uBlock Origin for your browser Saves you the hassle and headache to fix those bugs.
Most Valued Members cyberhash 201 Posted March 31 Most Valued Members Posted March 31 Adblock Plus is another browser add on alternative and its good.
SeriousHoax 87 Posted April 11 Posted April 11 I can confirm that using AdGuard for Windows (didn't test their VPN) nullifies ESET's ability to block malicious websites no matter what settings are changed in AdGuard. Once AdGuard is on, ESET is gone.
Recommended Posts