itman 1,748 Posted July 6, 2016 Share Posted July 6, 2016 Win 7 SP1 x64, IE11, Smart Security ver. 8 My question is how did this occur? With SSL protocol scanning enabled, Eset should be intercepting all certificate related issues? Link to comment Share on other sites More sharing options...
rugk 397 Posted July 7, 2016 Share Posted July 7, 2016 I doubt this is an issue with ESET SSL scanning as it indeed should intercept all traffic and in this case the certificate would be valid. So generally: Click on "No" when such a popup appears. It's bad enough that IE let's you click through such a message so easily. Also how do you get the AT&T bar there. It seems you are on Yahoo.com and the site is a HTTPS site, so there should be nothing from AT&T. Is your internet provider AT&T by instance? If so they are intercepting your traffic. When visiting Yahoo.com: Was there a similar error message, which had something to do with SSL/TLS? Could you please also click on the lock icon (in the address bar on the right) and show the certificate issued for Yahoo? Generally: Can you try it with SSL/TLS scanning disabled and tell us if you see a difference? As for the message popup I found this thread in the Microsoft community: https://answers.microsoft.com/en-us/ie/forum/ie11-iewindows8_1/what-is-this-certificate-of-btrllcom-that-keeps/f8dc5922-3dc3-4a40-a2d1-849409251b6b?auth=1 The issue they describe there is very similar to yours. Could you please have a look at the thread? It seems there is some PUA installed on your computer, so can you enable the option to detect PUAs in ESET and run a full disk scan? Alternatively also switching to Firefox may help (temporarily), but be sure to get rid of the PUA anyway. You may also use third-party scanners and try to reset IE. Please let us know of the result and the name a potential PUA was detected. Also get rid of the AT&T bar there - why on hell do they intercept your traffic? Link to comment Share on other sites More sharing options...
itman 1,748 Posted July 7, 2016 Author Share Posted July 7, 2016 (edited) I use both Eset and Emsisoft Anti-malware. Both products have always had PUA and PUP detection enabled from install day one. I also run Adaware periodically and always 100% clean. Recently ran full network drive scans w/ both Eset and EAM and 100% clean. Bottom line - I don't have adware installed. As far as AT&T, they always have and probably always will use Yahoo as their content provider. As I understand it "*.btrll.com" is Yahoo's search engine. And obviously it is using a borked self-signed cert.. No MITM ###### or the like going on. Again, I was just surprised to see Eset not catch the bad cert. since it is the one responsible for certificate validations per it acting as a SSL proxy. On the other hand, at least Eset is not 100% overriding the browser cert. validations. So at least there is protection against improperly signed certs.. -EDIT- There also appears to be a lot of misinformation about btrll.com on the web. This should clear it up: https://source.ind.ie/better/content/blob/990d2329b03e2d69d87f67378b54b6f17c9ecbcc/trackers/btrll.com/index.md Edited July 8, 2016 by itman Link to comment Share on other sites More sharing options...
itman 1,748 Posted July 7, 2016 Author Share Posted July 7, 2016 Issue resolved. I added *.btrll.com/* to list of blocked URLs in Eset web filtering. Since its a web tracker, should be blocked per se. Link to comment Share on other sites More sharing options...
Recommended Posts