Jump to content

Ver. 9 SSL bugs


Recommended Posts

Win 7 x64 SP1, IE11

 

Here's the situation. I had IE 11 Internet zone set to highest security settings. I included sites I trusted in the Trusted zone which was set at the Medium-High level. Under Eset ver. 8 .319 everything worked fine as far as SSL protocol scanning goes.

 

After I installed ver. 9, I tried out the online banking protection for my bank's web site and could not log on. Went I hit the logon button after entering my user id and password nothing happened. Tried again, same thing.

 

Next I openned IE11 in normal mode and I noticed no HTTPS sites were using the Eset cert.; they were all using their own certs..

 

So I reset IE's Internet zone settings to Medium-High level and all of a sudden SSL protocol scanning was functioning as it did under Eset ver, 8. Also ver. 9 online banking protection was working properly in that I could log onto my bank site in that mode.

 

Looks like disabling all active content which IE's highest level security settings do, screwed up Eset's SSL protocol scanning.

Edited by itman
Link to comment
Share on other sites

No, still SSL Protocol scanning issues it appears.

VeriSign is my DNS provider and it appears they are overriding Eset's cert. on sites where they issued the cert. Issue manifests for instance when returning back to my home page which is att.yahoo.net for example.

Edited by itman
Link to comment
Share on other sites

Appears this is definitely an issue with VeriSign certificates. For example, Google search uses Eset's root cert.

Also when I was using ver. 8, I would experience periodic IE 11 lock ups which I could never nail down. Now, I strongly suspect the issue was SSL protocol scanning conflicting with Versign's validation of root certificates.

Presently, any site with a Versign root certificate is overriding use of Eset root cert.

Link to comment
Share on other sites

The latest version is 9.0.318.20, but I've the 9.0.318.0.

 

I'm checking for updating in the software, but it says, product is already up to date.

 

How do I update?

You might want to create a separate topic for this issue.

Link to comment
Share on other sites

Yes, the SSL protocol scanning issue is intermittent. One time when starting IE11, my home page, att.yahoo.com, will show the Eset root cert.. On most occasions it will not. Ditto for other HTTPS web site; no Eset root cert..

 

Also tried changing scan setting for IE from auto to scan with no change in behavior. 

 

Eset root cert. is properly installed in IE's root CA store.

Link to comment
Share on other sites

  • Most Valued Members

The latest version is 9.0.318.20, but I've the 9.0.318.0.

 

I'm checking for updating in the software, but it says, product is already up to date.

 

How do I update?

that extra minor number at the end might be for versions specific to some regions. for example: a minor change in the EULA for some regions.

so don't worry, you have the latest version which is 9.0.318.

Link to comment
Share on other sites

Will also add "the hit and miss" SSL protocol scanning issue is also occurring for my incoming Thunderbird encrypted e-mail. Some times it scans it and sometimes it doesn't as evidenced by what is shown in Eset's "statistics" for e-mail scanning.

Link to comment
Share on other sites

  • Most Valued Members

I reported this on the BETA forum nearly 2 months ago, and also filed a bug ticket for this when beta testing. Especially annoying as its intermittent. Was Firefox & windows live mail i was having the issues with.

Got this email back on the day v9 final was released ....................... And they never fixed the issue
 

 

 

Dear Customer,

Several days have passed and we have not received a response from you regarding your request No. #TICKET 154344.

If you managed to resolve your request in the meantime, please let us know.

In case anything comes up, please get in touch with us if you would like - we are glad to help.

Sincerely,
Customer Support Team at ESET


 
Link to comment
Share on other sites

And it gets more bizarre.  

 

Here is a screen shot that shows Eset's root cert. is used on this web page:

 

post-6784-0-57169800-1445952353_thumb.png

 

However in reality, it is not as shown in this screen shot of the actual certificate path to the root:

 

post-6784-0-71488000-1445952404_thumb.png

Edited by itman
Link to comment
Share on other sites

  • Administrators

I reported this on the BETA forum nearly 2 months ago, and also filed a bug ticket for this when beta testing. Especially annoying as its intermittent. Was Firefox & windows live mail i was having the issues with.

Got this email back on the day v9 final was released ....................... And they never fixed the issue

 

 

 

Dear Customer,

Several days have passed and we have not received a response from you regarding your request No. #TICKET 154344.

If you managed to resolve your request in the meantime, please let us know.

In case anything comes up, please get in touch with us if you would like - we are glad to help.

Sincerely,

Customer Support Team at ESET

 

Regarding ticket #154344, here's the history of it:

Created on: 17.09.2015 17:23

Automatic reply sent on: 17.09.2015 17:24

A customer care representative responded on: 17.09.2015 17:24

A notification email about no response received sent on: 16.10.2015 08:25

Link to comment
Share on other sites

Will add that I have just encounter the exact opposite situation to the previous screen shots I posted. That is the issuing root CA cert. is displayed for the web page but path details show that the actual root CA is Eset's! 

 

So I can summarize that I have seen every conceivable permutation and combination in the handling of browse root certifications for the SSL protocol scanning in ver. 9.

 

Since I don't trust this release anymore, I will be restoring my system back to ver. 8 from an image taken previous to the ver. 9 install.

 

I consider ver. 8 to be a "rock solid" product. My advice is add online banking protection to it; make that the new ver. 9 release; and dump the current ver. 9 release if Eset wants to retain their existing customer base.

Edited by itman
Link to comment
Share on other sites

There are quite a few sites that wont work for me with ssl/tls filtering on, so I have to have it turned off......2 main ones that I use are spamhero.com and google.co.uk search! No messing with settings in IE11 get them working without turning it off in ESS

Edited by surfer1000
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...