Jump to content

ESET Endpoint Antivirus 6.1.2222 Web Protection too aggressive ?


Recommended Posts

Hi,

 

I have deployed ERA 6 with Endpoint Antivirus 6.1.2222 in our enterprise.  Found out soon after that several ( alot of ) web sites have problems displaying while the web protection is active.  As soon as you disable the web protection, click refresh or open up a new browser window, the website loads correctly.

 

OS : Windows 7 x64

Browser : Google Chrome latest version 41.0.2272

Link to comment
Share on other sites

  • Administrators

Could you confirm or deny that the issues occur with Chrome only? Is it only http and not https websites that are affected ? Any examples? Also please post the information about installed modules from the About window.

Link to comment
Share on other sites

Virus signature database: 11456 (20150410)
Rapid Response module: 5823 (20150410)
Update module: 1055 (20141118)
Antivirus and antispyware scanner module: 1452 (20150331)
Advanced heuristics module: 1154 (20150129)
Archive support module: 1223 (20150323)
Cleaner module: 1106 (20150316)
Anti-Stealth support module: 1073 (20150320)
ESET SysInspector module: 1246 (20150121)
Real-time file system protection module: 1009 (20130301)
Translation support module: 1322 (20150226)
HIPS support module: 1167 (20150320)
Internet protection module: 1173B.3 (20150324)
Database module: 1064 (20150303)
Configuration module (33): 1054B (20150216)
 
These are the modules installed.

As for examples, here are the websites that users reported having problems with ( i have included all those in a policy under Web Protection, URL Management, "Excluded from checking" :
 
"radio-canada.ca"
"lapresse.ca"
"globeandmail.com"
"hp.com"
"expedia.ca"
"ricardocuisine.com"
"clubic.com"
 
These websites stopped exhibiting problems as soon as we pause web protection.
 
http scanning only

I will report back if it's chrome or not only.
Link to comment
Share on other sites

  • Administrators

I don't have any problems opening those websites in Chrome with web protection enabled. Could somebody else test it too?

Link to comment
Share on other sites

As an example, Expedia.ca forms wouldn't autocomplete or present choices as you type in form fields.  Paused web protection, reloaded, webpage and bingo, worked.

We also have a Barracuda WebFilter 310 on site, although it was there before and we were running ESET NOD32 AV 4.2 and never experienced issues like I mentionned in this thread.

Edited by JPLavertu
Link to comment
Share on other sites

  • Administrators

Web filtering in v4 and v5 is quite different. While it was a tdi driver responsible for passing the data to ekrn for scanning in v4, as of v5 a WFP (Windows Filtering Platform) driver is used for this purpose. Microsoft has fixed several bugs in WFP cauing issues since then but there's still a chance the issue could be attributed to WFP.

Please let us know if you can reproduce the issue with any browser or with Chrome only.

Link to comment
Share on other sites

I stumbled on another website that exhibited the same problems.  

 

community.spiceworks.com

 

With ESET not paused : 

 

didn`t load on Chrome

didn`t load on IE

Loaded on Firefox

 

With ESET paused :

 

Fine on all browsers immediately.

Link to comment
Share on other sites

Related.  Going back to ERA , edit custom policy -> Web and Email -> Web Access Protection -> URL Address Management -> Edit list of addresses excluded from checking.

 

I cannot remove entries nor edit them, I can only add to them.  Anybody would have a clue why ?

Link to comment
Share on other sites

After additionnal troubleshooting, it seems the issue is NOT with Web Access Protection but rather Protocol Filtering in the WEB AND EMAIL section.

 

I have added Chrome to the list of Excluded applications and lo and behold, all websites stopped exhibiting problems.

They do under IE though as it was not excluded.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...