Jump to content

ESET Endpoint AV for OSX 6.1.12.0 - Web Access Protection severely impacts browsing


centrex

Recommended Posts

My organisation has also had this problem I reached out to Support by email, but they refused to help unless I telephoned them. 

I was principally asking them an eta for an update, and to see if I could offer assistance,  as I had disabled web access protection on our computers which fixed the problem, and wasn't really worried about getting it working. 

 

I was shocked at how unhelpful tech support was. Many companies now offer support mostly by email, but Eset declined too, even though I said I prefer email. It wasn't a particularly big deal for me, but the attitude of support gave me real cause for concern.  I need to trust that the organisations I use are helpful and go the extra mile to help, should I have an important issue.

 

The latest version was out about 8 months ago, that is a very long time to fix this serious bug and is a really poor show. 

I hope this update is released soon, but have been reviewing options for when our current licence period runs out.

Link to comment
Share on other sites

  • ESET Moderators

Hello Chris,

I am sorry about your experience.

We have a beta build for the upcoming service release, so if you are willing to install it and see whether it resolves the issue for you, please PM me and I will make the build available to you.

Regards,

T.

Link to comment
Share on other sites

  • 2 weeks later...
  • ESET Staff

I would like to let you know, that the service release will be published online on May 31, 2016, with the update of ESET Remote Administrator repository happening in the following days past May 31.

Link to comment
Share on other sites

  • ESET Staff

It will be ESET Endpoint Antivirus 6.2 for OS X (OS X product has slightly different release cycle). 

Edited by MichalJ
Link to comment
Share on other sites

Thank you MichalJ and TomaP for your help. I was testing 6.2.3beta and it did indeed fix the web access protection issue, I downloaded the newly released 6.2.7 official version, I haven't been able to replicate the problem - which is Great News  :)

 

I'm glad this is finally resolved. If anyone with this issue hasn't yet upgraded to 6.2.7 I strongly recommend it.

antivirus hxxp://www.eset.com/int/download/business/detail/family/67/

security hxxp://www.eset.com/int/download/business/detail/family/255/

 

Regards,

Chris

Link to comment
Share on other sites

Thank you MichalJ and TomaP for your help. I was testing 6.2.3beta and it did indeed fix the web access protection issue, I downloaded the newly released 6.2.7 official version, I haven't been able to replicate the problem - which is Great News  :)

 

I'm glad this is finally resolved. If anyone with this issue hasn't yet upgraded to 6.2.7 I strongly recommend it.

antivirus hxxp://www.eset.com/int/download/business/detail/family/67/

security hxxp://www.eset.com/int/download/business/detail/family/255/

 

Regards,

Chris

Is there a components upgrade for the ERA supporting the new products?

Link to comment
Share on other sites

  • ESET Staff

It will be added to the era repository during this or next week. You will be then able to perform a "software install task" that will perform upgrade of mac endpoints to the newest wersion. As of now, you can do it by direct package url.

Link to comment
Share on other sites

  • ESET Staff

No, this is just the release of the Endpoint Antivirus and Security for the OS X. New version of ERA agent, will be released together with the new ERA server version, which should happen in the mid-July. As of now, the anticipated date of ERA 6.4 (previously referenced as ERA 6.3.50), is July 12, 2016. 

Link to comment
Share on other sites

  • ESET Insiders

Just following up: any update on when enterprise customers will get the additions to ERA? Does anything need to be manually updated on ERA for the 6.2 version to be reflected?

Link to comment
Share on other sites

Yeahh 6.2.7 does NOT resolve the Web Access Protection for my users. Members of my engineering team are unable to hit their QA or Prod site for testing. We troubleshooted a bunch of different things, but as soon as I disabled WAP, they were able to access the sites instantly. 

 

This is kind of disappointing really. The 6.2.3 beta actually functioned better. I'm going to try deploying the beta to one of the engineers to see if it is replicated on that version.

 

Who do I need to contact to get this resolved? 

Link to comment
Share on other sites

  • ESET Insiders

Yeahh 6.2.7 does NOT resolve the Web Access Protection for my users. Members of my engineering team are unable to hit their QA or Prod site for testing. We troubleshooted a bunch of different things, but as soon as I disabled WAP, they were able to access the sites instantly. 

 

This is kind of disappointing really. The 6.2.3 beta actually functioned better. I'm going to try deploying the beta to one of the engineers to see if it is replicated on that version.

 

Who do I need to contact to get this resolved? 

 

 

What do you see in the logs? I am curious because we are QA and engineering heavy as well. We still have WAP disabled globally because not all of our Macintosh 6.1.16.x clients have checked in yet.

Link to comment
Share on other sites

  • ESET Moderators

Sad to say that I've received reports of this issue with the new version as well. I also have users reporting a startup lag that also existed in the previous version. I started a new post on the startup issue (here) since I'm not sure if the issue is related.

I'm hoping we can get some confirmation from ESET on what is going on here...

Hello kit,

I replied to you in your separate topic, please follow the steps there.

 

Yeahh 6.2.7 does NOT resolve the Web Access Protection for my users. Members of my engineering team are unable to hit their QA or Prod site for testing. We troubleshooted a bunch of different things, but as soon as I disabled WAP, they were able to access the sites instantly.

This is kind of disappointing really. The 6.2.3 beta actually functioned better. I'm going to try deploying the beta to one of the engineers to see if it is replicated on that version.

Who do I need to contact to get this resolved?

Hello bbraunstein,

Please send me a PM with a reference to this topic and attach logs created according to the manual at hxxp://support.eset.com/kb3404/

Follow the steps precisely, start logging (by typing the requested string to Terminal, as described in step 4) right before reproducing the issue and once the issue occurs, finish logging, again by typing the requested string from step 5.

In step 8, instead of emailing the output, or opening a case with our customer care, just send the output (with a short description of the issue) to me in a personal message here on the forum.

Thanks,

T.

Link to comment
Share on other sites

  • 5 months later...

Hello,

 

I am running ESET Endpoint Antivirus 6.3.85 on OSX 10.11.6

I don't know exactly when it started, but I'm guessing around May 2016, and it persisted across various ESET upgrades prior to 6.3 and OSX upgrades (10.11.4 and 10.11.5).

 

For me, all of a sudden podcasts in iTunes started failing to download.

I first tried everything, OS upgrades, iTunes re-installs etc etc, but finally narrowed the problem down to ESET's Web Access Protection.

 

When I disable it, everything works fine. 

Another, more refined workaround is not to disable it but just to disable "HTTP protocol checking".

I am not satisfied with either because I would have to disable protection against all websites, just because of an issue with one.

I am also not paying for software that I have to disable..

 

So I started Wiresharking to see what HTTP flows ESET would break.

 

Turns out there is an issue when a podcast URL redirects (302) to another domain.

 

I'll take an example. A dysfunctional URL in iTunes is the podcast

hxxp://rf.proxycast.org/1181578500855832576/14489-02.07.2016-ITEMA_21024836-0.mp3 (1)

 

That URL redirects to

hxxp://media.radiofrance-podcast.net/podcast09/14489-02.07.2016-ITEMA_21024836-0.mp3 (2)

where the DNS name is a CNAME for a Cloudfront IP.

 

With ESET HTTP Protocol Checking ON:

URL (1) actually breaks anywhere; iTunes, Safari, Chrome, Firefox.

URL (2) works fine anywhere.

 

I tried excluding the domain *proxycast.org* from the URL scanning list, but that does not solve the problem completely.

iTunes still fails to handle correctly the redirect it seems, as does Safari. Chrome and Firefox do play the URL.

 

Right now the only, temporarily acceptable workaround I can find is to go in the General Protection and exclude the IP address of (1) from Web and Email scanning.

This will only work of course until that IP changes.

 

I would have preferred that the exclusion of the URL from scanning would have been the most acceptable workaround, but it does not work.

Of course, the most preferred solution would be that ESET does not break the HTTP flow with its HTTP protocol checking.

 

I don't know if ESET has already identified this issue?

 

PS: I don't have this issue with those podcasts on other machines, Mac and PC, that do not run ESET.

Edited by erratic
Link to comment
Share on other sites

  • 2 months later...

Update: SOLVED

I just upgraded to the latest version, 6.4.168.0, and I can now confirm my problem is gone.

Edited by erratic
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...