Jump to content

HTTS problem with V9


RSX
 Share

Recommended Posts

Hello from Greece.

I recently updated to the V9 version of your AV.

My problem is that i cannot access many sites with HTTPS.

I 've tried disabling SSL/TLS->restart->enable->restart but nothing.

i've tried disabling the root certificate and nothing.

 

I do not have this problem with V8 version.

OS: Windows7 Home Premium 64bit

 

 

On my other machine with windows 10 i do not have this problem.

 

Thanks in advance.

 

The sites i cannot access is for example(2 greek sites)

https://www.cosmote.gr/

https://www.germanos.gr/

 

post-12577-0-03215700-1465542296_thumb.png

 

The first line :Το έγγραφο δεν περιέχει δεδομένα means that page does not contain data,as i can translate to english

Link to comment
Share on other sites

  • Administrators

Does the error occur with every https website? If you disable "Exclude communication with trusted domains" under Web and email -> SSL/TLS in the v9 setup, do you get the same error when you open www.google.com?

 

If so, with all browsers and email clients closed disable SSL/TLS scanning and click OK. Then start logging with Process Monitor, re-enable SSL/TLS scanning, click OK and after approx. 10s stop logging. When done, save the log, compress it, upload it to a safe location and pm me the download link.

Link to comment
Share on other sites

i checked and i do not have any problems with internet explorer.

Only chrome and firefox have this issue.

i disabled what you mentioned and nothing changed.

 

i'm starting to think its my browsers with the issue,some add-on maybe?

i'm uploading the logfile, i hope i did the correct procedure.

Link to comment
Share on other sites

For what it is worth, I cannot connect to either of those web sites in IE 11 running Win 7 x64, SP1 and I am using Eset ver. 8 w/SSL protocol scanning enabled. The error am getting from IE 11 relates to use of insecure cyphers.

 

Both those web sites show a problem with the certificate pinning chain using the QUALS SSL server test. Two pinning paths are shown. One path pins correctly to the TRCA certificate. The other path does not.   

Edited by itman
Link to comment
Share on other sites

For what it is worth, I cannot connect to either of those web sites in IE 11 running Win 7 x64, SP1 and I am using Eset ver. 8 w/SSL protocol scanning enabled. The error am getting from IE 11 relates to use of insecure cyphers.

 

Both those web sites show a problem with the certificate pinning chain using the QUALS SSL server test. Two pinning paths are shown. One path pins correctly to the TRCA certificate. The other path does not.   

the problem is that in my desktop running windows 10 and Nod32 V9,i do connect to those webpages with no problem.

 

Also,i re-installed V8 and by default SSL/TLS scanning is off and thats why i did not knew about that issue.

Anyway,i will be away from my computer for 3-4 days,as i informed marcos,i will proceed with his instructions after i return.

Link to comment
Share on other sites

Appears the web sites in question only support TLS 1.0 protocol. I enabled that in IE 11 and could connect to the two web sites w/o issue with SSL protocol scanning enabled in ver. 8.

 

Problem appears to be with Firefox. Don't know why since FF supports TLS protocol 1.0. I suggest you temporarily disable SSL protocol scanning on your Win 7 box with Eset ver. 9 and Firefox installed. If you still can't connect to the sites on that box with Eset's SSL protocol scanning disabled, then it is not the issue. The issue is with Firefox.

Link to comment
Share on other sites

Appears the web sites in question only support TLS 1.0 protocol. I enabled that in IE 11 and could connect to the two web sites w/o issue with SSL protocol scanning enabled in ver. 8.

 

Problem appears to be with Firefox. Don't know why since FF supports TLS protocol 1.0. I suggest you temporarily disable SSL protocol scanning on your Win 7 box with Eset ver. 9 and Firefox installed. If you still can't connect to the sites on that box with Eset's SSL protocol scanning disabled, then it is not the issue. The issue is with Firefox.

I have it disabled and i can connect to those pages without a problem.

When i return,i will try a new profile as marcos suggested and see what happens.

 

Without SSL/TLS protection i assume i have a lower protection with my AV,right?

Link to comment
Share on other sites

Referring to the original message displayed by Firefox:

 

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified

 

I believe this is the issue with Firefox:

 

The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.

 

You can open the about:config page via the location/address bar and use its search bar to locate this pref:

 

•security.tls.insecure_fallback_hosts


You can double-click the line to modify the pref and add the full domain (www.planet.snb.ca) to the value of this pref.


If there are already websites (domains) in this list then add a comma and the new domain (no spaces).
You should only see domains separated by a comma in the value column.

 

Ref.: https://support.mozilla.org/en-US/questions/1058856

 

Possible that Eset SSL protocol scanning in ver. 9 is causing a fallback to TLS 1.0? The Quals SSL Server test indicates for the connection to the two web sites in question, the TLS protocol supported is 1.2 for all Firefox versions.

 

Also of note is that one of those web sites, https://www.germanos.gr/ , is indeed using insecure RC 4 TLS cyphers.

 

As a work around for Eset ver. 9, you could try to add those two web sites as exclusions in Firefox as noted above with SSL protocol scanning enabled and see if that resolves the connection issue.

Edited by itman
Link to comment
Share on other sites

So,even with a clean profile, i have the same issues.

My desktop with windows 10 and V9 can gain access to those webpages with no problem.

Internet explorer with SSL/TSL scanning on can access those websites also in my win7 laptop.

Link to comment
Share on other sites

So,even with a clean profile, i have the same issues.

My desktop with windows 10 and V9 can gain access to those webpages with no problem.

Internet explorer with SSL/TSL scanning on can access those websites also in my win7 laptop.

Did you add those two web sites as TLS fallback exceptions exceptions in FireFox as I previously posted?

Link to comment
Share on other sites

 

So,even with a clean profile, i have the same issues.

My desktop with windows 10 and V9 can gain access to those webpages with no problem.

Internet explorer with SSL/TSL scanning on can access those websites also in my win7 laptop.

Did you add those two web sites as TLS fallback exceptions exceptions in FireFox as I previously posted?

 

No,not yet,i will do it asap.

i am still wondering why my desktop can access those websites with firefox/chrome without problems and my computer cannot.

Only Internet explorer in my system has access to those with scanning enabled.

 

 

THANKS for the replies and the help,forgot to mention it

Link to comment
Share on other sites

i am still wondering why my desktop can access those websites with firefox/chrome without problems and my computer cannot.

Only Internet explorer in my system has access to those with scanning enabled.

Your desktop OS is Win 10 and the other computer OS is Win 7. It is a given that there will be differences in how Firefox operates on different OSes. Also, there will be differences in how cryptography is performed on different OSes.

 

Finally, there is the possibility of an issue with Eset's SSL protocol scanning when using Firefox running under Win 7. However, I don't recall seeing anything to that effect posted in this forum. Most of the issues with Eset's SSL protocol scanning have been with Chrome.

 

Is your version of Firefox running on Win 7 the most current version?

 

I do know that when I connect in IE 11 in Win 7 to the two web sites in question, the connection is made using TLS 1.0. Since the web sites in question support TLS 1.2, this indicates to me a significant protocol  downgrade is occurring; most likely from the cyphers the web sites are using. What I believe is occurring in your situation is that when you connect to the web sites using Win 10, the Firefox connection is being made at TLS 1.2 or 1.1. When you connect to the same web sites using Win 7, the Firefox connection is being made at TLS 1.0.

Link to comment
Share on other sites

Is your version of Firefox running on Win 7 the most current version?

Yes.

Firefox Version 37 32bit.

So should i return to V8 or stay to V9?

i installed V8,in the previous days and saw that the ssl/tls scanning is off by default.

Should i test the behaviour of V8 ?

or should i leave scanning off and keep surfing like nothing happened?

Link to comment
Share on other sites

 

Is your version of Firefox running on Win 7 the most current version?

So should i return to V8 or stay to V9?

i installed V8,in the previous days and saw that the ssl/tls scanning is off by default.

Should i test the behaviour of V8 ?

I use ver. 8 because I had issues with my custom HIPS rules in ver. 9.

 

I did have ver. 9 installed a couple of times. What I did notice in ver. 9 was what I would call "inconsistent behavior" from SSL protocol scanning. For example, some web sites would be auto excluded from scanning only to scanned at other times upon access. These inconsistencies do not exist with ver. 8.

 

Do note that you have to manual exclude web sites from SSL protocol scanning in ver. 8 such as your banking web sites. Also, there is no keyloggging or banking mode protection in ver. 8.

 

The above said, you can install ver. 8 on your Win 7 PC. Then enable SSL protocol scanning. Then access the two web sites in question using Firefox. If you can connect w/o issue, then it is safe to state that there is an issue with ver. 9 SSL protocol scanning when using Firefox on Win 7.

Link to comment
Share on other sites

 

 

Is your version of Firefox running on Win 7 the most current version?

So should i return to V8 or stay to V9?

i installed V8,in the previous days and saw that the ssl/tls scanning is off by default.

Should i test the behaviour of V8 ?

Do note that you have to manual exclude web sites from SSL protocol scanning in ver. 8 such as your banking web sites. Also, there is no keyloggging or banking mode protection in ver. 8.

 

why should i exclude? there are problems?

my connection is 100% secure over wifi on my laptop,password protected with 12 characters and wpa2 lock.

 

i will try and see what Ver.8 does with ssl/tls scanning enabled.

Link to comment
Share on other sites

So,i tested with Ver.8 and ssl scan on(settings->advanced settings->internet and email->protocol filtering->SSL ->always scan)

i can access those 2 websites w/o any problem.

i'm staying once more with Ver.8 i think.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...