Firewall rules for digitally signed applications with Unicode characters in the publisher name do not work correctly

[labynko 5]

Hello.

If the application has Unicode characters in the digital signature publisher name, the firewall rules that are configured to check the digital signature will not work correctly: notifications about the rule triggering do not work and connections to public addresses are blocked. As an example, we can use the WinBox program from MikroTik.

https://download.mikrotik.com/routeros/winbox/3.41/winbox64.exe

Digital signature publisher name for WinBox64.exe:

SIA "Mikrotīkls"

Example of a working rule:

An example of a rule that does not work correctly:

The issue is reproduced in the current version of ESET Endpoint Security 11.1.2052.0.

[itman 1,758]

Did you try;

1. For Application signature option use Signed by a signer.

2. For Name of signer use SIA "Mikrotīkls".

[labynko 5]

Yes, I tried.

There is also a problem.

[Marcos 5,295]

We confirmed the bug but it's not caused by a unicode string. It will be addressed via a firewall module update automatically.

M_EPFW-393

[labynko 5]

Please let me know under what conditions does it occur?

When is the problem expected to be fixed?

[Marcos 5,295]

It's nested quotes in CN which causes the cert. to be considered invalid. A fix will be included probably included in the firewall module 1452. We're currently in the process of releasing module 1451.