demonlight 0 Posted May 5 Share Posted May 5 When I click the padlock icon in Firefox, it says "Connection Secure" but below this it says "Connection verified by a certificate issuer that is not recognized by Mozilla". If I click further, it says You are securely connected to this site. Verified by: ESET, spol. s r. o. Mozilla does not recognize this certificate issuer. It may have been added from your operating system or by an administrator. This does not happen on all sites. An example site https://www.discover.com/ Is ESET overriding the default certificate that is coming from site? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted May 6 Administrators Share Posted May 6 This is a normal behavior when a secured communication is scanned by an AV, DLP, etc. Before scanning / analyzing the content, it's decrypted. After scanning it's re-encrypted and signed using the root CA private key and passed to the application (browser) where the data is decrypted. Link to comment Share on other sites More sharing options...
demonlight 0 Posted May 7 Author Share Posted May 7 @Marcos thanks for the explanation but I am not sure I fully understand. Why is ESET scanning/analyzing only some certificates. For instance, forum.eset.com the padlock in Firefox states 'Verified by DigiCert Inc.'. Why doesn't it say 'Verified by: ESET, spol. s r. o.' ? Below are some other sites I tested, why are some verified by the certificate issuer and others state ESET? Is it possible to disable this feature in ESET Internet Security? What is the benefit of having this enabled? www.bankofamerica.com, the padlock states: You are securely connected to this site. Certificate issued to: Bank of American Corporation Chicago Illinois, US Verified by: Entrust, Inc. proton.me, the padlock states: You are securely connected to this site. Verified by: ESET, spol. s r. o. Mozilla does not recognize this certificate issuer. It may have been added from your operating system or by an administrator. www.yahoo.com, the padlock states: You are securely connected to this site. Verified by DigiCert Inc. www.disney.com, the padlock states: You are securely connected to this site. Verified by Let's Encrypt www.google.com, the padlock states: You are securely connected to this site. Verified by: ESET, spol. s r. o. Mozilla does not recognize this certificate issuer. It may have been added from your operating system or by an administrator. www.instagram.com, the padlock states: You are securely connected to this site. Verified by DigiCert Inc. twitter.com, the padlock states You are securely connected to this site. Verified by: ESET, spol. s r. o. Mozilla does not recognize this certificate issuer. It may have been added from your operating system or by an administrator. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted May 7 Administrators Share Posted May 7 With this setting disabled all https websites should be scanned by ESET: Link to comment Share on other sites More sharing options...
demonlight 0 Posted May 7 Author Share Posted May 7 @Marcos - I tested the setting in your screenshot and this does indeed cause all websites to be scanned by ESET. How do you turn this feature off completely and not have ESET scan any website? is there a doc/article explaining what exactly this feature is doing? I am confused why ESET would need to replace a legit website certificate with its own. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted May 7 Administrators Share Posted May 7 If you don't want to scan Internet http/https communication at all, you could disable the network traffic scanner. But why would you do that and allow to execute malware on compromised websites or not block known or new malware on malware urls? Link to comment Share on other sites More sharing options...
demonlight 0 Posted May 7 Author Share Posted May 7 @Marcos I'm not against ESET for scanning URLs for potential malicious sites. I am confused why the common sites listed below are being scanned and ESET certificate is replacing the websites certificate. To me, there is a difference between scanning a URL to check it against a list of malicious sites and replacing a sites certificate. Does ESET support monitor this forum? I would like to get a better understanding what this certificate replacing feature is doing. www.google.com proton.me twitter.com www.discover.com Link to comment Share on other sites More sharing options...
itman 1,748 Posted May 7 Share Posted May 7 2 hours ago, demonlight said: To me, there is a difference between scanning a URL to check it against a list of malicious sites and replacing a sites certificate. To begin, Eset doesn't need to deploy SSL/TLS protocol scanning to scan URLs. SSL/TLS protocol scanning is being deployed to scan the contents of the web page prior to it being rendered in the browser. Since the web page code is encrypted, Eset intercepts the code in transit and decrypts it using its certificate stored in the Windows root CA certificate store. Once decrypted, it can now inspect the web page code for resident malware via its JavaScript scanner it previously loaded into the browser as an example of one inspection method being deployed. Once the code has been inspected, Eset re-encrypts it and passes it to the browser for web page rendering. Link to comment Share on other sites More sharing options...
Recommended Posts