Jump to content

ESET Endpoint AV for OSX 6.1.12.0 - Web Access Protection severely impacts browsing


centrex

Recommended Posts

Web Access Protection in 6.1.12.0 severely impacts browsing on OSX Yosemite 10.10.5

 

Some content doesn't load (text from pages is displayed but no images or scripts).

 

On other pages, such as certain forums when you submit something the browser will offer to download a .php file instead.

 

In Zimbra Web Access, PDF previews are broken, it downloads a PDF to temporary folder instead.

 

Observed this on 4 machines with both Safari and Firefox. No proxy server in play. Issue exists no matter if connection is a hotel WiFi, personal WiFi access point from an LTE device or WiFi here at the office.

 

Turning off web access protection immediately lets the browsers perform as expected.

 

Link to comment
Share on other sites

  • ESET Moderators

Hello,

Are there any similarities between the websites that are affected? Are you able to reproduce the issue on the same website repeatedly, or is it random?

 

T.

Link to comment
Share on other sites

An example are sites running vBulletin® Version 4.1.12

 

Clicking on links within these sites will offer me to download a .php file. Disabling web access protection will allow me to browse these sites just fine.

Link to comment
Share on other sites

  • Most Valued Members

Yes, this was happening to me also - I noticed that Safari would show that the file was cut off at some point (so you can see the code of a file and notice it without half of the beginning so Safari cannot currently show the page), or images will simply not display (most likely due to the same thing). Might explain why Safari tried to download the PHP file instead as it couldn't recognise what it was due to code missing.

 

For me though the sites were random, sites wouldn't load after a while of usage and as you said turning off Web Protection can make files load again. Alternatively, if you restart the Mac - the same sites that had trouble would work perfectly again... until some time later again for a new set of random websites.

 

Here's a screenshot of one example of what happens in Safari (Noticed this appearing often when the issue occurs for text based files)

 

post-3006-0-77797800-1442609981_thumb.png

Edited by planet
Link to comment
Share on other sites

+1

 

After planet's comments I tested it and it is actually a time-based issue. No matter what the site. After enabling web access protection it will eventually mess up browsing across a wide range of sites.

 

Disabling it fixes the issue. And the issue does not appear for a while after re-enabling it. Memory leak ?!

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Issue still exists. Anyone else affected please do open support cases as they are having problems replicating.

 

FWIW I made an El Capitan VM in VMware Fusion and the issue appears there immediately, too so not sure why it can't be replicated.

 

 

Link to comment
Share on other sites

My network is having this issue as well. Support tole me to disable web access protection, which did not fix the issue. So far only uninstalling ESET or downgrading to Nod 32 has fixed the issue.

Link to comment
Share on other sites

  • ESET Moderators

Hello, as said above, please PM me for further instructions.

We will need to gather some log files from when the issue occurs, so that our developers can have a look at it.

Link to comment
Share on other sites

  • 4 weeks later...

Hi all

 

I'm working in an advertising agency, and we have a mixed network of about 85 Windows and Mac computers. We have to disable web protection in most computers due to slow navigation and incorrect page loading. Some posts talk about it: web pages not fully loaded, some resources blocked...

 

Also, we suspect that web protection is making OSX startup times much slower, and usually is problematic when waking up from sleep modes, as it seems to lock the network connection until the lock times out.

 

It's not a big deal to disable web protection for our development team, but I do really care about not-so-tech-savvy colleagues that will click on everything. We only rely on disk file protection. How can we help to solve this?

 

Thanks!

Link to comment
Share on other sites

  • 1 month later...

I'm having this issue on a handful of my OS X clients. It seems to only affect computers with OS X 10.11. 

 

I have ESET Endpoint Antivirus (EEA) 6.1.12.0 and ERA Agent 6.2.166.0 installed on these clients. For some reason, on one computer, I was able to resolve by disable Web Access Protection, however on another, the issue still persists.

 

Disabling the esets_proxy daemon seems to kind of resolve it for now but I need a more stable fix. 

 

Has any progress been made on this? It's been two months since the last ESET mod followed up.

Link to comment
Share on other sites

So I spent some time researching and learned that 10.11 has this new thing implemented called "System Integrity Protection", which essentially puts restrictions on root and limits which system-level directories can be modified.

 

Disabling SIP is super easy (Boot into Recovery Mode and run 'csrutil disable'), however there were no changes. I tried restarting, reinstalling both AV and Agent, but no changes either.

 

I've also tried removing cache, deleting cookies, disabling Prefetching, using alternate browsers, flushing DNS, and more.

 

I don't want to point fingers, but it seems no matter what I do, once I disable Web Access Protection, I can hit all the websites I want. In this case, one of the problematic sites is codepen.io. And yes, I also checked my implemented policies in ERAS and there is nothing enabled that would blacklist this particular website.

Link to comment
Share on other sites

Also have multiple customers with this same issue. All I can do ast this point is run a terminal command to kill the Web Proxy. Real time is their only protection. Hope this can be resolved soon. Does anyone know if previous builds will work or does this has to do with an updated module to Web Access Protection?  I also saw this same issue come up a couple years back for the Home Version. Seems like once it gets resolved it comes back after an update. 

Link to comment
Share on other sites

I just want to follow up on my previous post. I originally said it affected only my clients that have OS X 10.11, but I'm having users with 10.10 installed that are affected as well. 

Link to comment
Share on other sites

  • 2 weeks later...

The same issue here. All our clients are running 10.11.2 or 10.11.3. Disabling Web Protection solves the problem. Is there any official fix to it or shall I PM you Tomas?

Link to comment
Share on other sites

The same issue here. All our clients are running 10.11.2 or 10.11.3. Disabling Web Protection solves the problem. Is there any official fix to it or shall I PM you Tomas?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...