An attempt to add root certificate to all known browsers on your computer failed

[surfer1000 6]

Hi I keep getting this error now every time at start up, since I installed V9 while apparently having Internet explorer opened in the background!

 

I am in communication with Eset support UK over this, but so far they have not managed to help me, can anyone else shed any light of how I can get this corrected ?

 

I can also force the error by unchecking and then checking again the setting in Eset for this.

 

I have uninstalled Eset in safe mode using Esets uninstaller then reinstalled no change and also deleted all certificates from IE that were Eset related and still no joy.

[Daffie 11]

You can try installing Internet Explorer again? Just a guess, but could work.

[Marcos 5,074]

The root certificate should be imported automatically after the next computer restart if you have a browser or email client running during v9 installation.

[surfer1000 6]

Hi, well at every computer restart I keep getting the same error window pop up, so something Is not right.......yes re-installing IE is an option but don't wish to go down that route just yet

[Marcos 5,074]

Please create a Process monitor boot log (https://www.msigeek.com/6231/how-to-enable-system-boot-time-logging-using-process-monitor-tool, steps 1-5). Before you start the logging, also enable Filter -> Enable advanced output. When done, compress the log and upload it to a safe location. Also collect logs using ESET Log Collector (hxxp://support.eset.com/kb3466/) and pm me the download links to both files.

[itman 1,659]

I would give this a shot although I don't know if it would work with ver. 9. Eset Web and E-mail setup -> Protocol Filtering-> SSL -> Certificates

"OK I went into ESET and unchecked "Add security certificate to known browsers", exited, re-entered ESET and rechecked the box and viola! It appears to be working again."

[chnmanz 0]

As itman said above, this is what worked for me. I have ESS 9 and it is under Setup, Advanced Setup, Wed and Email, SSL/TLS, Root Certificate. Where it says "Add the root certificate to known browsers", disable, then "OK", then re-enable and "OK".

 

I have backup images and narrowed it down to one of the recent Windows Updates that must have changed something that ESET had set up. Disabling and re-enabling as mentioned puts it back and the message should go away. Also, on my computer, it was to do with Thunderbird (email program). I have three user accounts on my computer, and this message was only happening on the account I use Thunderbird on.

[AVN 3]

Hi,

 

I'm having the same issue as surfer on eset 9. I've tried disabling and re-enabling as well as rebooting after many times but i'm still having this issue

I am using the latest mozilla firefox, chrome 39 and IE11.  I will try and attempt at creating the boot log as marcos mentioned.

Edited December 6, 2015 by AVN

[planet 232]

AVN,

 

I had this issue a few weeks ago (the setting would still not make it work) and it turned out that I needed to uninstall ESS and manually remove the ESET root certificate as it was still left over on my machine from previous installations or was getting mismatched with ESS (even after using the uninstall tool).

1. After uninstalling ESS (backup settings if you wish), press Win Key + R to open the run window.
2. At this point, close any running programs, especially Internet Browsers, Email, etc.
3. Enter 'certmgr.msc' and press OK (need Admin privileges)
4. Find ESET's certificate under 'Trusted Root Certification Authorities', right click and Delete it.
5. Restart your computer and reinstall ESS.
6. Activate, update, and restart your computer once more.

Since doing this, I haven't had any further error messages or issues with SSL or certificates, and actually solved my issues with ESS + IMAPS not working as well.

Edited December 6, 2015 by planet

[AVN 3]

AVN,

 

I had this issue a few weeks ago (the setting would still not make it work) and it turned out that I needed to uninstall ESS and manually remove the ESET root certificate as it was still left over on my machine from previous installations or was getting mismatched with ESS (even after using the uninstall tool).

1. After uninstalling ESS (backup settings if you wish), press Win Key + R to open the run window.
2. At this point, close any running programs, especially Internet Browsers, Email, etc.
3. Enter 'certmgr.msc' and press OK (need Admin privileges)
4. Find ESET's certificate under 'Trusted Root Certification Authorities', right click and Delete it.
5. Restart your computer and reinstall ESS.
6. Activate, update, and restart your computer once more.

Since doing this, I haven't had any further error messages or issues with SSL or certificates, and actually solved my issues with ESS + IMAPS not working as well.

I do not see the Eset certificate under TRCA , or anywhere else for that matter. Also, this did not fix the issue.

Edited December 6, 2015 by AVN

[surfer1000 6]

Yes when you uninstall Eset it automatically removes the certificate from that section!

 

I still have the problem, Eset UK support failed to find the problem/answer even after remote assistance, so for now I have the whole ssl/tls protocol filtering turned off, and this was also stopping access to web sites which has already been documented elsewhere.

 

I am hoping the new build when it finally arrives cures these problems!

 

Oh I must just add.....it does in fact appear that the root certificate is in fact installed, regardless of the error message, so it is there!

Edited December 7, 2015 by surfer1000

[AVN 3]

Yes when you uninstall Eset it automatically removes the certificate from that section!

 

I still have the problem, Eset UK support failed to find the problem/answer even after remote assistance, so for now I have the whole ssl/tls protocol filtering turned off, and this was also stopping access to web sites which has already been documented elsewhere.

 

I am hoping the new build when it finally arrives cures these problems!

 

Oh I must just add.....it does in fact appear that the root certificate is in fact installed, regardless of the error message, so it is there!

Do they know what the issue is ?

Here is where we stand....

I thought it might have been a permissions issue so I ran....

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

From the main admin account.(net user administrator /active:yes)   It spit out some issues ?which it said I could ignore?

 

Then I ran.....

 

@echo off
title Resetting ACLs...

setlocal

echo.
echo Determine whether we are on an 32 or 64 bit machine
echo.

if "%PROCESSOR_ARCHITECTURE%"=="x86" if "%PROCESSOR_ARCHITEW6432%"=="" goto x86

set ProgramFilesPath=%ProgramFiles(x86)%

goto startResetting

:x86

set ProgramFilesPath=%ProgramFiles%

:startResetting

echo.

if exist "%ProgramFilesPath%\Windows Resource Kits\Tools\subinacl.exe" goto filesExist

echo ***ERROR*** - Could not find file %ProgramFilesPath%\Windows Resource Kits\Tools\subinacl.exe. Double-check that SubInAcl is correctly installed and re-run this script.
goto END

:filesExist

pushd "%ProgramFilesPath%\Windows Resource Kits\Tools"

echo. 
echo Resetting ACLs...
echo (this may take several minutes to complete)
echo. 
echo IMPORTANT NOTE: For this script to run correctly, you must change
echo the values named YOURUSERNAME to be the Windows user account that
echo you are logged in with.
echo.
echo ==========================================================================
echo. 
echo. 
subinacl.exe /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=YOURPROFILE=f /setowner=administrators > %temp%\subinacl_output.txt
echo. 
echo. 
subinacl.exe /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=YOURPROFILE=f /setowner=administrators >> %temp%\subinacl_output.txt
echo. 
echo. 
subinacl.exe /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
echo. 
echo. 
subinacl.exe /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt
echo. 
echo. 
subinacl.exe /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
echo. 
echo. 
subinacl.exe /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt
echo. 
echo. 
echo System Drive...
subinacl.exe /subdirectories %ProgramFilesPath%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
echo. 
echo. 
echo Windows Directory...
subinacl.exe /subdirectories %windir%\ /grant=administrators=f /grant=system=f /grant=users=e >> %temp%\subinacl_output.txt
echo. 
echo. 
echo ==========================================================================
echo. 
echo FINISHED.
echo. 
echo Press any key to exit . . .
pause >NUL

popd

:END

endlocal

As a batch file (Reset.CMD) ... Also in the main admin profile. (Without changing "YOURPROFILE" first).

Both of which i soon imagined at the time needed to be run from the main admin profile and not Administrator.

So I ended up doing that and as a repercussion one of the user accounts from the login screen disappeared.

Following: hxxp://www.sevenforums.com/general-discussion/237456-user-accounts-missing-login-screen-control-panel-post2004864.html#post2004864

I added the missing profile to the "user" group. (Which is a tricky thing to do if you don't know what you're doing.)

That fixed the issue of the dissapearing profile, but now i'm back where I started.

I'm wondering now if It could be a windows update (possibly KB3100213,KB3069762, or KB3072305), some other update, the installation then removal of spyhunter, or still a Ionewolf permissions issue that is causing the certificate issue.

 

I should also note from what I recall I don't believe i had any problems with the certificate back on Eset 7.  ...Other than some webpage incompatibilities.

I'll try a full uninstall and re-install this time and see what happens.....

[AVN 3]

 Full uninstall and re-install was no help.  

[surfer1000 6]

No, I don't think Eset know what the root cause of this problem is yet, I've never had this option turned on before with previous versions, so can't comment on weather the fault was long standing or not, but I was a beta tested from first release and never had the problem till the final release candidate!...the same goes for the lag and slowdown etc, that seems to have been pinpointed to a driver. (eamonm.sys)

[AVN 3]

No, I don't think Eset know what the root cause of this problem is yet, I've never had this option turned on before with previous versions, so can't comment on weather the fault was long standing or not, but I was a beta tested from first release and never had the problem till the final release candidate!...the same goes for the lag and slowdown etc, that seems to have been pinpointed to a driver. (eamonm.sys)

What was the last version (beta/alpha or not) that worked for you ?

I also didn't have this issue back on eset 6? 7? (i forget which). But i did have some issues getting some SSL sites to load (i think it was in firefox mainly). I'm on 7x86 BTW with mostly all the current updates installed. (including defender)

Edited December 8, 2015 by AVN

[surfer1000 6]

All the beta versions of 9 worked for me good, it was only the final release candidate that had the problems. Don't forget all versions prior to 9 had the SSL filtering turned off by default, in 9 its turned on by default. So version 8 might of had the problem but I personally never had it because I never turned it on in 8 and prior!

 

Problem still there with new build (349)

Edited December 8, 2015 by surfer1000

[AVN 3]

All the beta versions of 9 worked for me good, it was only the final release candidate that had the problems. Don't forget all versions prior to 9 had the SSL filtering turned off by default, in 9 its turned on by default. So version 8 might of had the problem but I personally never had it because I never turned it on in 8 and prior!

 

Problem still there with new build (349)

Tried the new build here and got the same result.  So i uninstalled and wiped out eset completely then rebooted 4 times. Ran CCleaner and rebooted another few times.  .... Installed the Eset Smart Security 9 beta.... blah blah blah.... then force installed the Smart Security 9 beta.

 

I don't get the error on boot anymore now BUT my definitions are not up to date and the actual certificate is still not in the TRCA.

Also, when unchecking and rechecking the certificate option i get the error again.

 

This issue has become exhausting.

[shocked 60]

one pc restart is more than enough, there is no reason to do 4+ reboots.

[AVN 3]

still no solution to this? I really wanted to keep eset but avast and kaspersky are looking shinier and shinier each day

[AVN 3]

I finally figured out what the problem was. Thanks to vkmaxx in this post :

https://forum.eset.com/topic/3746-overlapped-io-operation-is-in-progress/#entry35035

Ironically enough both issues ?seem to be related on two fronts?  ????????????????????

Anyways, Completely uninstalling Eset, fully rebooting, changing the permissions to make the "C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\" folder "writable" for all users (Everyone), rebooting again, then re-installing finally did the trick

You can always change the permissions back when you're done.



On another note I wonder why the live installer isn't affected by the I/O issue.


All in all a big mess that could have been avoided if Eset simply prompted the user to check that folder for the required permissions to install.  


EDIT:

Just want to clarify, by permissions i meant security permissions and not read/write permissions

Edited December 14, 2015 by AVN

[AVN 3]

Just want to clarify, by permissions i meant security permissions and not read/write permissions

[wolds 0]

Just to add a data point, simply disabling, closing, then re-enabling the setting didn't work for me. However, I clicked on Edit for "List of SSL/TLS filtered applications" and noticed that Outlook was listed, then I realized that since I hadn't opened Outlook (work email) in a while, my password must have expired. Once I opened Outlook and entered my new password when automatically prompted, I was able to perform the disable, close, and re-enable and that fixed the problem for me. The 2 browsers on my machine are Chrome and IE, but I didn't make any other changes except update Outlook credentials.