bigbelly 0 Posted September 15, 2016 Share Posted September 15, 2016 HELP I am using most recent version of NOD32 AntiVirus and Windows 10 Home on a Intel i5 CPU "Encrypted network traffic"- Untrusted certificate I've never seen this until about 2 weeks ago and now it is about every 2 days and now it's twice per day and seems to be exponentoly increasing in these warnings. I have not a clue what these mean, I would love some basic or even detailed help on this. I'll provided all logs, files whatever you need. I UPLOADED AN IMAGE of the warning BIG size cause I'm blind and assume others are like me. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted September 15, 2016 Administrators Share Posted September 15, 2016 I'm unable to reproduce it. The certificate is validated and trusted on Win10: Link to comment Share on other sites More sharing options...
Neil341 0 Posted September 17, 2016 Share Posted September 17, 2016 I have the same issue in Windows 7 pro 64 bit and NOD32 v9. I think it's connected to having yahoo webmail open in a tab on Chrome. Link to comment Share on other sites More sharing options...
howardagoldberg 13 Posted September 19, 2016 Share Posted September 19, 2016 (edited) I began reporting this issue on August 4 (https://forum.eset.com/topic/9127-untrusted-certificate-warning-on-mostly-likely-safe-sites/). There is clearly an issue with ESET, but to date, ESET has refused to acknowledge the issue or provide any guidance that there may be an issue. I gave up trying to solve this weeks ago, I just don't have the time to deal with it. It is a bit of a pain, but every time the warning comes up, I select "always block" and the issue for a particular website will disappear at least until the next reboot. ("Blocking Always" apparently does not mean always, just the current session -- another ESET issue to be sure.) The issue has also been reported in the ESET Smart Security Forum (https://forum.eset.com/topic/9390-need-advice-on-popup/ & other threads). If this is not solved with v10, then I will be researching new security solutions when my multiple licences for ESET expire over the next year. Perhaps this thread will bring to light an actual answer or solution. By any chance, can you see if the certificate issuer is "Cisco Umbrella Secondary SubCA nyc-SG"? Most (if not all) of the certificates that are causing the pop up for me are being issued by this seemingly legitimate issuer. This strongly suggests an issue with ESET's dedication engine. Edited September 19, 2016 by howardagoldberg Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted September 19, 2016 Administrators Share Posted September 19, 2016 If somebody is able to reproduce the issue, we are willing to arrange a remote session and check it out ourselves. We take issues seriously but we haven't been able to reproduce it nor I can't imagine how ESET could warn about an untrusted certificate if it's trusted by the operating system. Our aim is to have happy customers and assist you with issues that you may run into. Link to comment Share on other sites More sharing options...
howardagoldberg 13 Posted September 19, 2016 Share Posted September 19, 2016 If somebody is able to reproduce the issue, we are willing to arrange a remote session and check it out ourselves. We take issues seriously but we haven't been able to reproduce it nor I can't imagine how ESET could warn about an untrusted certificate if it's trusted by the operating system. Our aim is to have happy customers and assist you with issues that you may run into. As I reported here: https://forum.eset.com/topic/9127-untrusted-certificate-warning-on-mostly-likely-safe-sites/... I have been able to reproduce this on six separate systems running Windows 7 through 10, both 32-bit and 64-bit. I provided a high degree of detail (including my network setup with OpenDNS) to explain how the issue manifested, and that the certificates in question seem to be issued by " Cisco Umbrella Secondary SubCA nyc-SG." The fact that others have reported this issue in multiple forums indicates it is not an isolated issue that just happens to occur on the computers on my personal network. I would offer to have you remote session in, but the truth is -- that will not help you unless you are going to stay on my system for hours until I hit a particular website for which this issue arises. In other words, it cannot easily be reproduced "on demand," although I end up hitting at least one site every 1-2 days for which the warning appears. And - as posted in the thread I started on August 4 - these are not off-the-beaten-path sites. We are talking about sites like Amazon.com. As I said before, I really cannot spend any additional time trouble shooting this. I spent over six hours in August trying to make rhyme of reason of it. I only posted on this thread to validate "bigbelly." I hope the issue is resolved or answered with v10. Thanks. Link to comment Share on other sites More sharing options...
Jerry bb 0 Posted September 22, 2016 Share Posted September 22, 2016 I get this same message on chrome. At first I blocked it but I think that it might have been the cause of some of my problems -though this is speculation- and since the reinstall I have let it run and my computer seems better for it. Time will tell. Link to comment Share on other sites More sharing options...
pistaum 0 Posted October 17, 2016 Share Posted October 17, 2016 My client has the same revoked certificates problem. What is the best workaround? An oldest version perhaps? Link to comment Share on other sites More sharing options...
jg1958 0 Posted November 28, 2016 Share Posted November 28, 2016 I have been experiencing the same problem. I get the same advice from ESET , to block the communication. However I have clicked on the details of the certificate and it says that the certificate has expired. So, what do you do? How can you report this problem ? Is it ESET ? Is it the certificate? Is it the browser ? Its annoying because sometimes there is no problem. So can you trust it ? I have been blocking it (most of the time). Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted November 28, 2016 Administrators Share Posted November 28, 2016 I have been experiencing the same problem. I get the same advice from ESET , to block the communication. However I have clicked on the details of the certificate and it says that the certificate has expired. So, what do you do? How can you report this problem ? Is it ESET ? Is it the certificate? Is it the browser ? Its annoying because sometimes there is no problem. So can you trust it ? I have been blocking it (most of the time). Screenshot_1.jpg Report expired certificate to the owner of the website. Link to comment Share on other sites More sharing options...
TomFace 539 Posted November 28, 2016 Share Posted November 28, 2016 jg1958, on 27 Nov 2016 - 9:37 PM, said: I have been experiencing the same problem. I get the same advice from ESET , to block the communication. However I have clicked on the details of the certificate and it says that the certificate has expired. So, what do you do? How can you report this problem ? Is it ESET ? Is it the certificate? Is it the browser ? Its annoying because sometimes there is no problem. So can you trust it ? I have been blocking it (most of the time). Screenshot_1.jpg Hello jg1958. If you are attempting to access your at&t/yahoo e-mail, you can also use login.yahoo.com That uses a different certificate. Link to comment Share on other sites More sharing options...
itman 1,538 Posted November 28, 2016 Share Posted November 28, 2016 (edited) I can log into ATT Uverse e-mail from ATT/Yahoo home page in Win 10 desktop using IE11 w/o issue as shown in the below screen shot. For starters, ATT e-mail uses an EV certificate. This type of Internet traffic is not scanned by Eset's SSL protocol scanning. So I don't know how you are logging on to access your e-mail account. Edited November 28, 2016 by itman Link to comment Share on other sites More sharing options...
TomFace 539 Posted November 28, 2016 Share Posted November 28, 2016 (edited) itman, on 28 Nov 2016 - 10:12 AM, said:itman, on 28 Nov 2016 - 10:12 AM, said: I can log into ATT Uverse e-mail from ATT/Yahoo home page in Win 10 desktop using IE11 w/o issue as shown in the below screen shot. For starters, ATT e-mail uses an EV certificate. This type of Internet traffic is not scanned by Eset's SSL protocol scanning. So I don't know how you are logging on to access your e-mail account. ATT-Yahoo-Email-Logon.png The at&t e-mail log in screen should look like this when using https://loginprodx.att.net Using Yahoo login.yahoo.com you'll see this: These results are the same with IE11 or Firefox. I'm no expert in certificates, but the at&t cert. expired, but for some reason, it sometimes works. Edited November 28, 2016 by TomFace Link to comment Share on other sites More sharing options...
Zardoc 4 Posted November 28, 2016 Share Posted November 28, 2016 Even if you find who to report an invalid certificate to, chances are it won't get updated. I disabled SSL scan cause it always reports unsubstantiated errors. Link to comment Share on other sites More sharing options...
itman 1,538 Posted November 29, 2016 Share Posted November 29, 2016 itman, on 28 Nov 2016 - 10:12 AM, said:itman, on 28 Nov 2016 - 10:12 AM, said: I can log into ATT Uverse e-mail from ATT/Yahoo home page in Win 10 desktop using IE11 w/o issue as shown in the below screen shot. For starters, ATT e-mail uses an EV certificate. This type of Internet traffic is not scanned by Eset's SSL protocol scanning. So I don't know how you are logging on to access your e-mail account. ATT-Yahoo-Email-Logon.png The at&t e-mail log in screen should look like this when using https://loginprodx.att.net at&t log in.jpg Using Yahoo login.yahoo.com you'll see this: mail 2.jpg These results are the same with IE11 or Firefox. I'm no expert in certificates, but the at&t cert. expired, but for some reason, it sometimes works. Oops! You're correct, Tom. I clicked on the "Sign-in" at the top of the web page versus the E-mail tab on the left side of the web page. In either case though, a valid EV ATT cert is shown. Link to comment Share on other sites More sharing options...
itman 1,538 Posted November 29, 2016 Share Posted November 29, 2016 Referring back to @ jg1958 original posting, he is using FireFox. Unlike IE11 and Edge, FireFox uses its own internal root CA certificate store for web site SSL certificate validation versus the Windows internal root CA certificate store. Also a bit puzzeling at this point is why it is connecting home.secureapp.att.net server? Link to comment Share on other sites More sharing options...
Hijin25 12 Posted December 6, 2016 Share Posted December 6, 2016 I'm experiencing this with Microsoft sites both in internet explorer and Google Chrome, not so with Firefox. This only happens with version 10, not so with v8. Link to comment Share on other sites More sharing options...
jmyers 0 Posted February 21, 2017 Share Posted February 21, 2017 Has this issue been resolved? I am experiencing the same problem. We have windows 7 and windows 10 using either Chrome, Edge or Explorer. All have the same problem. We have 109 users here. I cant visit each desktop every time there is a pop up . Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted February 21, 2017 Administrators Share Posted February 21, 2017 24 minutes ago, jmyers said: Has this issue been resolved? I am experiencing the same problem. We have windows 7 and windows 10 using either Chrome, Edge or Explorer. All have the same problem. We have 109 users here. I cant visit each desktop every time there is a pop up . This is not a problem with ESET. The certificate is untrusted for some reason. Do you have a correct system date set? What were you doing before this notification popped up? When I go to https://shim.btrll.com/, the certificate is evaluated as trusted. I was able to reproduce it only by setting the system date beyond August 12, 2017 which is when the certificate used on the website expires. Link to comment Share on other sites More sharing options...
itman 1,538 Posted February 21, 2017 Share Posted February 21, 2017 (edited) I just ran a scan at QUALS SSL Server test and it checks out with a grade of "A." Report here: https://dev.ssllabs.com/ssltest/analyze.html?d=shim.btrll.com&hideResults=on What was interesting is during the test a connection attempt was made to shim.btrll.com which resulted in this: HTTP Requests https://shim.btrll.com/ (HTTP/1.1 403 Forbidden) Just tried direct access to the web site in IE11 and received the same 403 Forbidden message - "this web site requires you to login in." -Edit- Also make sure that the thumbprint of the shim.btrll.com cert shown in the Eset alert matches this thumbprint - a9c38249cc1e2df629172abb307495faebcd7cf9 Edited February 21, 2017 by itman Link to comment Share on other sites More sharing options...
K-MAC 0 Posted May 30, 2017 Share Posted May 30, 2017 I'm using Chrome and got the 'untrusted' certificate warning (it expired yesterday) when trying to logon to Outlook (Hotmail) account. Before clicking on "Block", I clicked on the "Remember action for this certificate" radio button. Of course, now I can't logon to Outlook! (duh!) I there any way to reverse this decision (Remember Blocking)? I'd like to be able to check my email. Thanks. \km Link to comment Share on other sites More sharing options...
itman 1,538 Posted May 31, 2017 Share Posted May 31, 2017 (edited) On 5/29/2017 at 8:21 PM, K-MAC said: I'm using Chrome and got the 'untrusted' certificate warning (it expired yesterday) when trying to logon to Outlook (Hotmail) account. Before clicking on "Block", I clicked on the "Remember action for this certificate" radio button. Of course, now I can't logon to Outlook! (duh!) I there any way to reverse this decision (Remember Blocking)? I'd like to be able to check my email. Thanks. \km Open the Eset GUI. Select Setup. Select Web Access Protection. Select Web and Email. Follow the steps shown in the below screen shot. Note: you have to select the certificate before you click on the Remove button. Edited May 31, 2017 by itman Link to comment Share on other sites More sharing options...
Recommended Posts