HELP: Untrusted certificate "Encrypted network traffic" several times Warned?

[bigbelly 0]

HELP I am using most recent version of NOD32 AntiVirus and Windows 10 Home on a Intel i5 CPU

 

"Encrypted network traffic"- Untrusted certificate

 

I've never seen this until about 2 weeks ago and now it is about every 2 days and now it's twice per day and seems to be exponentoly increasing in these warnings.

 

I have not a clue what these mean, I would love some basic or even detailed help on this.

 

I'll provided all logs, files whatever you need.

 

 

I UPLOADED AN IMAGE of the warning BIG size cause I'm blind and assume others are like me.

 

Thanks

[Marcos 4,935]

I'm unable to reproduce it. The certificate is validated and trusted on Win10:

 

[Neil341 0]

I have the same issue in Windows 7 pro 64 bit and NOD32 v9.  I think it's connected to having yahoo webmail open in a tab on Chrome.

[howardagoldberg 13]

I began reporting this issue on August 4 (https://forum.eset.com/topic/9127-untrusted-certificate-warning-on-mostly-likely-safe-sites/). There is clearly an issue with ESET, but to date, ESET has refused to acknowledge the issue or provide any guidance that there may be an issue.

 

I gave up trying to solve this weeks ago, I just don't have the time to deal with it. It is a bit of a pain, but every time the warning comes up, I select "always block" and the issue for a particular website will disappear at least until the next reboot. ("Blocking Always" apparently does not mean always, just the current session -- another ESET issue to be sure.)

 

The issue has also been reported in the ESET Smart Security Forum (https://forum.eset.com/topic/9390-need-advice-on-popup/ & other threads).

 

If this is not solved with v10, then I will be researching new security solutions when my multiple licences for ESET expire over the next year. Perhaps this thread will bring to light an actual answer or solution.

 

By any chance, can you see if the certificate issuer is "Cisco Umbrella Secondary SubCA nyc-SG"? Most (if not all) of the certificates that are causing the pop up for me are being issued by this seemingly legitimate issuer. This strongly suggests an issue with ESET's dedication engine.

Edited September 19, 2016 by howardagoldberg

[Marcos 4,935]

If somebody is able to reproduce the issue, we are willing to arrange a remote session and check it out ourselves. We take issues seriously but we haven't been able to reproduce it nor I can't imagine how ESET could warn about an untrusted certificate if it's trusted by the operating system. Our aim is to have happy customers and assist you with issues that you may run into.

[howardagoldberg 13]

If somebody is able to reproduce the issue, we are willing to arrange a remote session and check it out ourselves. We take issues seriously but we haven't been able to reproduce it nor I can't imagine how ESET could warn about an untrusted certificate if it's trusted by the operating system. Our aim is to have happy customers and assist you with issues that you may run into.

 

As I reported here: https://forum.eset.com/topic/9127-untrusted-certificate-warning-on-mostly-likely-safe-sites/... I have been able to reproduce this on six separate systems running Windows 7 through 10, both 32-bit and 64-bit. I provided a high degree of detail (including my network setup with OpenDNS) to explain how the issue manifested, and that the certificates in question seem to be issued by " Cisco Umbrella Secondary SubCA nyc-SG."

 

The fact that others have reported this issue in multiple forums indicates it is not an isolated issue that just happens to occur on the computers on my personal network.

 

I would offer to have you remote session in, but the truth is -- that will not help you unless you are going to stay on my system for hours until I hit a particular website for which this issue arises. In other words, it cannot easily be reproduced "on demand," although I end up hitting at least one site every 1-2 days for which the warning appears. And - as posted in the thread I started on August 4 - these are not off-the-beaten-path sites. We are talking about sites like Amazon.com.

 

As I said before, I really cannot spend any additional time trouble shooting this. I spent over six hours in August trying to make rhyme of reason of it. I only posted on this thread to validate "bigbelly." I hope the issue is resolved or answered with v10. Thanks.

[Jerry bb 0]

I get this same message on chrome.  At first I blocked it but I think that it might have been the cause of some of my problems -though this is speculation- and since the reinstall I have let it run and my computer seems better for it.  Time will tell.

[pistaum 0]

My client has the same revoked certificates problem.

 

What is the best workaround?

 

An oldest version perhaps?

[jg1958 0]

I have been experiencing the same problem.

 

I get the same advice from ESET , to block the communication. However I have clicked on the details of the certificate and it says that the certificate has expired.

 

So, what do you do? How can you report this problem ? Is it ESET ? Is it the certificate? Is it the browser ?

 

Its annoying because sometimes there is no problem. So can you trust it ? I have been blocking it (most of the time).

 

[Marcos 4,935]

I have been experiencing the same problem.

 

I get the same advice from ESET , to block the communication. However I have clicked on the details of the certificate and it says that the certificate has expired.

 

So, what do you do? How can you report this problem ? Is it ESET ? Is it the certificate? Is it the browser ?

 

Its annoying because sometimes there is no problem. So can you trust it ? I have been blocking it (most of the time).

 

Screenshot_1.jpg

 

Report expired certificate to the owner of the website.

[TomFace 539]

jg1958, on 27 Nov 2016 - 9:37 PM, said:

I have been experiencing the same problem.

 

I get the same advice from ESET , to block the communication. However I have clicked on the details of the certificate and it says that the certificate has expired.

 

So, what do you do? How can you report this problem ? Is it ESET ? Is it the certificate? Is it the browser ?

 

Its annoying because sometimes there is no problem. So can you trust it ? I have been blocking it (most of the time).

 

Screenshot_1.jpg

Hello jg1958. If you are attempting to access your at&t/yahoo e-mail, you can also use login.yahoo.com   That uses a different certificate.

[itman 1,630]

I can log into ATT Uverse e-mail from ATT/Yahoo home page in Win 10 desktop using IE11 w/o issue as shown in the below screen shot.

For starters, ATT e-mail uses an EV certificate. This type of Internet traffic is not scanned by Eset's SSL protocol scanning. So I don't know how you are logging on to access your e-mail account.

Edited November 28, 2016 by itman

[TomFace 539]

itman, on 28 Nov 2016 - 10:12 AM, said:itman, on 28 Nov 2016 - 10:12 AM, said:

I can log into ATT Uverse e-mail from ATT/Yahoo home page in Win 10 desktop using IE11 w/o issue as shown in the below screen shot.

For starters, ATT e-mail uses an EV certificate. This type of Internet traffic is not scanned by Eset's SSL protocol scanning. So I don't know how you are logging on to access your e-mail account.

ATT-Yahoo-Email-Logon.png

The at&t e-mail log in screen should look like this when using https://loginprodx.att.net

Using Yahoo  login.yahoo.com  you'll see this:

These results are the same with IE11 or Firefox. I'm no expert in certificates, but the at&t cert. expired, but for some reason, it sometimes works.

Edited November 28, 2016 by TomFace

[Zardoc 4]

Even if you find who to report an invalid certificate to, chances are it won't get updated. I disabled SSL scan cause it always reports unsubstantiated errors.

[itman 1,630]

 

itman, on 28 Nov 2016 - 10:12 AM, said:itman, on 28 Nov 2016 - 10:12 AM, said:

I can log into ATT Uverse e-mail from ATT/Yahoo home page in Win 10 desktop using IE11 w/o issue as shown in the below screen shot.

For starters, ATT e-mail uses an EV certificate. This type of Internet traffic is not scanned by Eset's SSL protocol scanning. So I don't know how you are logging on to access your e-mail account.

ATT-Yahoo-Email-Logon.png

The at&t e-mail log in screen should look like this when using https://loginprodx.att.net

at&t log in.jpg

Using Yahoo  login.yahoo.com  you'll see this:

mail 2.jpg

These results are the same with IE11 or Firefox. I'm no expert in certificates, but the at&t cert. expired, but for some reason, it sometimes works.

 

Oops! You're correct, Tom. I clicked on the "Sign-in" at the top of the web page versus the E-mail tab on the left side of the web page. In either case though, a valid EV ATT cert is shown.

 

[itman 1,630]

Referring back to @ jg1958 original posting, he is using FireFox. Unlike IE11 and Edge, FireFox uses its own internal root CA certificate store for web site SSL certificate validation versus the Windows internal root CA certificate store. Also a bit puzzeling at this point is why it is connecting home.secureapp.att.net server?

[Hijin25 12]

I'm experiencing this with Microsoft sites both in internet explorer and Google Chrome, not so with Firefox. This only happens with version 10, not so with v8.

[jmyers 0]

Has this issue been resolved? I am experiencing the same problem. We have windows 7 and windows 10 using either Chrome, Edge or Explorer. All have the same problem. We have 109 users here. I cant visit each desktop every time there is a pop up .

[Marcos 4,935]

24 minutes ago, jmyers said:

Has this issue been resolved? I am experiencing the same problem. We have windows 7 and windows 10 using either Chrome, Edge or Explorer. All have the same problem. We have 109 users here. I cant visit each desktop every time there is a pop up .

This is not a problem with ESET. The certificate is untrusted for some reason. Do you have a correct system date set? What were you doing before this notification popped up? When I go to https://shim.btrll.com/, the certificate is evaluated as trusted.

I was able to reproduce it only by setting the system date beyond August 12, 2017 which is when the certificate used on the website expires.

[itman 1,630]

I just ran  a scan at QUALS SSL Server test and it checks out with a grade of "A." Report here: https://dev.ssllabs.com/ssltest/analyze.html?d=shim.btrll.com&hideResults=on

What was interesting is during the test a connection attempt was made to shim.btrll.com which resulted in this:

HTTP Requests

https://shim.btrll.com/  (HTTP/1.1 403 Forbidden)  

Just tried direct access to the web site in IE11 and received the same 403 Forbidden message - "this web site requires you to login in."

-Edit- Also make sure that the thumbprint of the shim.btrll.com cert shown in the Eset alert matches this thumbprint -  a9c38249cc1e2df629172abb307495faebcd7cf9

 

Edited February 21, 2017 by itman

[K-MAC 0]

I'm using Chrome and got the 'untrusted' certificate warning (it expired yesterday) when trying to logon to Outlook (Hotmail) account.   Before clicking on "Block", I clicked on the "Remember action for this certificate" radio button.  Of course, now I can't logon to Outlook!   (duh!)   I there any way to reverse this decision (Remember Blocking)?   I'd like to be able to check my email.  Thanks.  \km 

[itman 1,630]

On ‎5‎/‎29‎/‎2017 at 8:21 PM, K-MAC said:

I'm using Chrome and got the 'untrusted' certificate warning (it expired yesterday) when trying to logon to Outlook (Hotmail) account.   Before clicking on "Block", I clicked on the "Remember action for this certificate" radio button.  Of course, now I can't logon to Outlook!   (duh!)   I there any way to reverse this decision (Remember Blocking)?   I'd like to be able to check my email.  Thanks.  \km 

Open the Eset GUI. Select Setup. Select Web Access Protection. Select Web and Email. Follow the steps shown in the below screen shot. Note: you have to select the certificate before you click on the Remove button.

Edited May 31, 2017 by itman