ESET Endpoint AV for OSX 6.1.12.0 - Web Access Protection severely impacts browsing

[centrex 1]

Web Access Protection in 6.1.12.0 severely impacts browsing on OSX Yosemite 10.10.5

 

Some content doesn't load (text from pages is displayed but no images or scripts).

 

On other pages, such as certain forums when you submit something the browser will offer to download a .php file instead.

 

In Zimbra Web Access, PDF previews are broken, it downloads a PDF to temporary folder instead.

 

Observed this on 4 machines with both Safari and Firefox. No proxy server in play. Issue exists no matter if connection is a hotel WiFi, personal WiFi access point from an LTE device or WiFi here at the office.

 

Turning off web access protection immediately lets the browsers perform as expected.

 

[TomasP 316]

Hello,

Are there any similarities between the websites that are affected? Are you able to reproduce the issue on the same website repeatedly, or is it random?

 

T.

[centrex 1]

An example are sites running vBulletin® Version 4.1.12

 

Clicking on links within these sites will offer me to download a .php file. Disabling web access protection will allow me to browse these sites just fine.

[TomasP 316]

Please post a direct link to a specific URL so that we can reliably verify the behaviour. Thanks.

[planet 232]

Yes, this was happening to me also - I noticed that Safari would show that the file was cut off at some point (so you can see the code of a file and notice it without half of the beginning so Safari cannot currently show the page), or images will simply not display (most likely due to the same thing). Might explain why Safari tried to download the PHP file instead as it couldn't recognise what it was due to code missing.

 

For me though the sites were random, sites wouldn't load after a while of usage and as you said turning off Web Protection can make files load again. Alternatively, if you restart the Mac - the same sites that had trouble would work perfectly again... until some time later again for a new set of random websites.

 

Here's a screenshot of one example of what happens in Safari (Noticed this appearing often when the issue occurs for text based files)

 

Edited September 18, 2015 by planet

[centrex 1]

+1

 

After planet's comments I tested it and it is actually a time-based issue. No matter what the site. After enabling web access protection it will eventually mess up browsing across a wide range of sites.

 

Disabling it fixes the issue. And the issue does not appear for a while after re-enabling it. Memory leak ?!

[TomasP 316]

Hello,

 

Please PM me for further instructions, we will have a look at the issue.

 

Regards,

T.

[tfire328 0]

Has this issue been resolved? 

[centrex 1]

FYI Endpoint Antivirus 6.1.16.0 on OSX 10.11 - Same symptoms.

 

Will PM you, TomasP

[centrex 1]

Issue still exists. Anyone else affected please do open support cases as they are having problems replicating.

 

FWIW I made an El Capitan VM in VMware Fusion and the issue appears there immediately, too so not sure why it can't be replicated.

 

 

[mfichera 2]

My network is having this issue as well. Support tole me to disable web access protection, which did not fix the issue. So far only uninstalling ESET or downgrading to Nod 32 has fixed the issue.

[TomasP 316]

Hello, as said above, please PM me for further instructions.

We will need to gather some log files from when the issue occurs, so that our developers can have a look at it.

[doubleyou 0]

Hi all

 

I'm working in an advertising agency, and we have a mixed network of about 85 Windows and Mac computers. We have to disable web protection in most computers due to slow navigation and incorrect page loading. Some posts talk about it: web pages not fully loaded, some resources blocked...

 

Also, we suspect that web protection is making OSX startup times much slower, and usually is problematic when waking up from sleep modes, as it seems to lock the network connection until the lock times out.

 

It's not a big deal to disable web protection for our development team, but I do really care about not-so-tech-savvy colleagues that will click on everything. We only rely on disk file protection. How can we help to solve this?

 

Thanks!

[bbraunstein 27]

I'm having this issue on a handful of my OS X clients. It seems to only affect computers with OS X 10.11. 

 

I have ESET Endpoint Antivirus (EEA) 6.1.12.0 and ERA Agent 6.2.166.0 installed on these clients. For some reason, on one computer, I was able to resolve by disable Web Access Protection, however on another, the issue still persists.

 

Disabling the esets_proxy daemon seems to kind of resolve it for now but I need a more stable fix. 

 

Has any progress been made on this? It's been two months since the last ESET mod followed up.

[bbraunstein 27]

So I spent some time researching and learned that 10.11 has this new thing implemented called "System Integrity Protection", which essentially puts restrictions on root and limits which system-level directories can be modified.

 

Disabling SIP is super easy (Boot into Recovery Mode and run 'csrutil disable'), however there were no changes. I tried restarting, reinstalling both AV and Agent, but no changes either.

 

I've also tried removing cache, deleting cookies, disabling Prefetching, using alternate browsers, flushing DNS, and more.

 

I don't want to point fingers, but it seems no matter what I do, once I disable Web Access Protection, I can hit all the websites I want. In this case, one of the problematic sites is codepen.io. And yes, I also checked my implemented policies in ERAS and there is nothing enabled that would blacklist this particular website.

[bbraunstein 27]

@Marcos, @TomasP, @Timos, @MartinK 

 

anything... ?

Edited January 4, 2016 by bbraunstein

[TomasP 316]

Hi bbraunstein,

We will continue communication in the PM you sent.

T.

[Megachip 5]

Sounds a bit like an old problem

[tmuster2k 22]

Also have multiple customers with this same issue. All I can do ast this point is run a terminal command to kill the Web Proxy. Real time is their only protection. Hope this can be resolved soon. Does anyone know if previous builds will work or does this has to do with an updated module to Web Access Protection?  I also saw this same issue come up a couple years back for the Home Version. Seems like once it gets resolved it comes back after an update. 

[bbraunstein 27]

I just want to follow up on my previous post. I originally said it affected only my clients that have OS X 10.11, but I'm having users with 10.10 installed that are affected as well. 

[pipboy3000 3]

The same issue here. All our clients are running 10.11.2 or 10.11.3. Disabling Web Protection solves the problem. Is there any official fix to it or shall I PM you Tomas?

[pipboy3000 3]

The same issue here. All our clients are running 10.11.2 or 10.11.3. Disabling Web Protection solves the problem. Is there any official fix to it or shall I PM you Tomas?

[Marcos 5,074]

Internet protection module 1226.7 available on update servers should fix the issue.

[mfichera 2]

Internet protection module 1226.7 available on update servers should fix the issue.

 

There was no change after the module was updated

[pipboy3000 3]

Is there any update on this as this problem still exists.