itman 1,747 Posted October 23, 2015 Share Posted October 23, 2015 (edited) Win 7 x64 SP1, IE11 Here's the situation. I had IE 11 Internet zone set to highest security settings. I included sites I trusted in the Trusted zone which was set at the Medium-High level. Under Eset ver. 8 .319 everything worked fine as far as SSL protocol scanning goes. After I installed ver. 9, I tried out the online banking protection for my bank's web site and could not log on. Went I hit the logon button after entering my user id and password nothing happened. Tried again, same thing. Next I openned IE11 in normal mode and I noticed no HTTPS sites were using the Eset cert.; they were all using their own certs.. So I reset IE's Internet zone settings to Medium-High level and all of a sudden SSL protocol scanning was functioning as it did under Eset ver, 8. Also ver. 9 online banking protection was working properly in that I could log onto my bank site in that mode. Looks like disabling all active content which IE's highest level security settings do, screwed up Eset's SSL protocol scanning. Edited October 23, 2015 by itman Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 23, 2015 Author Share Posted October 23, 2015 (edited) No, still SSL Protocol scanning issues it appears. VeriSign is my DNS provider and it appears they are overriding Eset's cert. on sites where they issued the cert. Issue manifests for instance when returning back to my home page which is att.yahoo.net for example. Edited October 23, 2015 by itman Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 24, 2015 Author Share Posted October 24, 2015 Appears this is definitely an issue with VeriSign certificates. For example, Google search uses Eset's root cert. Also when I was using ver. 8, I would experience periodic IE 11 lock ups which I could never nail down. Now, I strongly suspect the issue was SSL protocol scanning conflicting with Versign's validation of root certificates. Presently, any site with a Versign root certificate is overriding use of Eset root cert. Link to comment Share on other sites More sharing options...
jamess3973 1 Posted October 25, 2015 Share Posted October 25, 2015 The latest version is 9.0.318.20, but I've the 9.0.318.0. I'm checking for updating in the software, but it says, product is already up to date. How do I update? Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 25, 2015 Author Share Posted October 25, 2015 The latest version is 9.0.318.20, but I've the 9.0.318.0. I'm checking for updating in the software, but it says, product is already up to date. How do I update? You might want to create a separate topic for this issue. Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 25, 2015 Author Share Posted October 25, 2015 Yes, the SSL protocol scanning issue is intermittent. One time when starting IE11, my home page, att.yahoo.com, will show the Eset root cert.. On most occasions it will not. Ditto for other HTTPS web site; no Eset root cert.. Also tried changing scan setting for IE from auto to scan with no change in behavior. Eset root cert. is properly installed in IE's root CA store. Link to comment Share on other sites More sharing options...
Most Valued Members shocked 60 Posted October 25, 2015 Most Valued Members Share Posted October 25, 2015 The latest version is 9.0.318.20, but I've the 9.0.318.0. I'm checking for updating in the software, but it says, product is already up to date. How do I update? that extra minor number at the end might be for versions specific to some regions. for example: a minor change in the EULA for some regions. so don't worry, you have the latest version which is 9.0.318. Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 26, 2015 Author Share Posted October 26, 2015 Will also add "the hit and miss" SSL protocol scanning issue is also occurring for my incoming Thunderbird encrypted e-mail. Some times it scans it and sometimes it doesn't as evidenced by what is shown in Eset's "statistics" for e-mail scanning. Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 195 Posted October 26, 2015 Most Valued Members Share Posted October 26, 2015 I reported this on the BETA forum nearly 2 months ago, and also filed a bug ticket for this when beta testing. Especially annoying as its intermittent. Was Firefox & windows live mail i was having the issues with.Got this email back on the day v9 final was released ....................... And they never fixed the issue Dear Customer,Several days have passed and we have not received a response from you regarding your request No. #TICKET 154344.If you managed to resolve your request in the meantime, please let us know.In case anything comes up, please get in touch with us if you would like - we are glad to help.Sincerely,Customer Support Team at ESET Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 27, 2015 Author Share Posted October 27, 2015 (edited) And it gets more bizarre. Here is a screen shot that shows Eset's root cert. is used on this web page: However in reality, it is not as shown in this screen shot of the actual certificate path to the root: Edited October 27, 2015 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted October 27, 2015 Administrators Share Posted October 27, 2015 I reported this on the BETA forum nearly 2 months ago, and also filed a bug ticket for this when beta testing. Especially annoying as its intermittent. Was Firefox & windows live mail i was having the issues with. Got this email back on the day v9 final was released ....................... And they never fixed the issue Dear Customer, Several days have passed and we have not received a response from you regarding your request No. #TICKET 154344. If you managed to resolve your request in the meantime, please let us know. In case anything comes up, please get in touch with us if you would like - we are glad to help. Sincerely, Customer Support Team at ESET Regarding ticket #154344, here's the history of it: Created on: 17.09.2015 17:23 Automatic reply sent on: 17.09.2015 17:24 A customer care representative responded on: 17.09.2015 17:24 A notification email about no response received sent on: 16.10.2015 08:25 Link to comment Share on other sites More sharing options...
itman 1,747 Posted October 27, 2015 Author Share Posted October 27, 2015 (edited) Will add that I have just encounter the exact opposite situation to the previous screen shots I posted. That is the issuing root CA cert. is displayed for the web page but path details show that the actual root CA is Eset's! So I can summarize that I have seen every conceivable permutation and combination in the handling of browse root certifications for the SSL protocol scanning in ver. 9. Since I don't trust this release anymore, I will be restoring my system back to ver. 8 from an image taken previous to the ver. 9 install. I consider ver. 8 to be a "rock solid" product. My advice is add online banking protection to it; make that the new ver. 9 release; and dump the current ver. 9 release if Eset wants to retain their existing customer base. Edited October 27, 2015 by itman Link to comment Share on other sites More sharing options...
surfer1000 6 Posted October 30, 2015 Share Posted October 30, 2015 (edited) There are quite a few sites that wont work for me with ssl/tls filtering on, so I have to have it turned off......2 main ones that I use are spamhero.com and google.co.uk search! No messing with settings in IE11 get them working without turning it off in ESS Edited October 30, 2015 by surfer1000 Link to comment Share on other sites More sharing options...
Recommended Posts