Windows Update

[rcdailey]

Quote:

Originally Posted by Marcos

When switching the SSL scanner to "Always scan SSL" mode, make sure to leave the "Apply created exceptions based on certificates" box checked so that the communication utilizing the excluded MS certificate is not scanned.
I assume that it will be possible to address this issue via a module update.

Yes, that is what I did. I assumed that the box needed to be checked in order for the exclusion to work. I wanted to go back to "Always scan SSL" because then I would not have to answer what to do with the certificate for each new secure site. I do hope there is a module update so that excluding the Windows Update certificate won't be necessary, but if that is the only certificate that has to be excluded, it's not so bad.

[Marcos]

Internet protection module 1041 addressing the Windows Update issue is now available on pre-release servers.

[Trooper]

Quote:

Originally Posted by Marcos

Internet protection module 1041 addressing the Windows Update issue is now available on pre-release servers.

Got the update and still have the issue Marcos.

[Marcos]

Quote:

Originally Posted by Trooper

Got the update and still have the issue Marcos.

Do you use v. 5.2 or Endpoint?

[Trooper]

Quote:

Originally Posted by Marcos

Do you use v. 5.2 or Endpoint?

5.2.9.1 ESS on a Windows 7 workstation. Are there any options I should configure in SSL scanning? So far the only way to get Windows Update to work (for me anyway) was to disable SSL scanning.

[alfa100]

ESS 5.2.9.12 Windows7 Home Premium (64-bit)
HTTP, HTTPs protocol checking: enabled.

Current settings Protocol filtering:
Excluded applications: none
Protocol checking mode is now set to "Always scan SSL protocol."
Apply created exceptions based on certificates: checked
Block encrypted communication utilizing the obsolete protocol SSL v2: checked
Trusted certificates: none
Excluded certificates:
imap.gmail.com
.ww.update.microsoft.com
login.live.com

I added imap.gmail.com and login live.com to the list excluded certificates because adding them to the list trusted certificates didn’t exactly work, encountered problems sending/receiving email with Windows Live Mail, reason: Cannot connect to server. But after this and several times restarting the system, it finally works. Do I trust it? Mmmh, not exactly. Let’s see what happens next time I start my system.

[rcdailey]

Quote:

Originally Posted by Marcos

Internet protection module 1041 addressing the Windows Update issue is now available on pre-release servers.

I have that module 1041) in NOD32 6.0.11.0 beta. I just checked "about" and it is there and it is dated 20120627. I guess I can try removing the exclusion of Windows Update and see whether it works.

OK. I removed the certificate for Windows Update from the excluded list. I now have no excluded certificates and no trusted certificates listed in the SSL, Certificates setup. Windows Update works without any issues. This module update seems to have fixed the issue for me.

[Janus]

Hello
Just confirming, that internet protection module 1041 (20120627) solves the issue regarding Windows update and https protocol filtering. ( update received through pre-release servers as explained in post 27)
Thanks

[alfa100]

Quote:

Originally Posted by alfa100

ESS 5.2.9.12 Windows7 Home Premium (64-bit)
HTTP, HTTPs protocol checking: enabled.

Current settings Protocol filtering:
Excluded applications: none
Protocol checking mode is now set to "Always scan SSL protocol."
Apply created exceptions based on certificates: checked
Block encrypted communication utilizing the obsolete protocol SSL v2: checked
Trusted certificates: none
Excluded certificates:
imap.gmail.com
.ww.update.microsoft.com
login.live.com

I added imap.gmail.com and login live.com to the list excluded certificates because adding them to the list trusted certificates didn’t exactly work, encountered problems sending/receiving email with Windows Live Mail, reason: Cannot connect to server. But after this and several times restarting the system, it finally works. Do I trust it? Mmmh, not exactly. Let’s see what happens next time I start my system.

It seems to me that all my issues are resolved with these new Internet Protection Module 1041

[siljaline]

This is a requirement for users to enable pre-release. If they are not, a positive outcome would be achieved in what fashion ? I am asking since this will be asked.
Regards,

Quote:

Originally Posted by Marcos

Internet protection module 1041 addressing the Windows Update issue is now available on pre-release servers.

[pakratt]

How to you get this module from the pre-release servers? I am using Nod32 Anti-Virus 5.2.

[alfa100]

Quote:

Originally Posted by pakratt

How to you get this module from the pre-release servers? I am using Nod32 Anti-Virus 5.2.

http://kb.eset.com/esetkb/index?page...nt&id=SOLN2357

Enable also bêta-update

[pakratt]

Thanks for the info. My advanced setup for the Anti-Virus program did not look like the screens provided in the link. It has 2 buttons (one for Regular Updates) and (one for Pre-release updates). I changed the button from Regular updates to the Pre-release button and checked OK. I then checked for updates and after that ran I looked under the "About Nod32" and it showed the update for 20120627 was downloaded. With both HTTP protocol filtering and SSL scanner set to "Always scan SSL" activated I ran Windows Update and it worked. Problem solved. Should I now reset Updates back to Regular Updates instead of Pre-Release updates?

[Dark Shadow]

Well my windows update recently got broken and I have no ESET or Any real time scanners.I went replaced a image and updated all recommended and important updates but none of the optional updates.Everything is back to normal again.

[Marcos]

Quote:

Originally Posted by pakratt

Problem solved. Should I now reset Updates back to Regular Updates instead of Pre-Release updates?

Switching back to regular updates will downgrade the Internet protection module to an older version. However, this should be ok if you don't want to use pre-release modules permanently (e.g. on production computers) as the module will be released for all users shortly, before the next Windows update.

[alfa100]

Internet protection module 1041.

Windows Live Mail Error ID: 0x800CCC0F with windows live mail / gmail probably due to the fact that I am already logged in on (IE9) iGoogle.
When I log out with IGoogle the problem is solved.

Server: 'imap.gmail.com'
Windows Live Mail-error-id: 0x800CCC0F
Protocol: IMAP
Port: 993
Secure (SSL): Yes

[rcdailey]

Quote:

Originally Posted by alfa100

ESS 5.2.9.12 Windows7 Home Premium (64-bit)
HTTP, HTTPs protocol checking: enabled.

Current settings Protocol filtering:
Excluded applications: none
Protocol checking mode is now set to "Always scan SSL protocol."
Apply created exceptions based on certificates: checked
Block encrypted communication utilizing the obsolete protocol SSL v2: checked
Trusted certificates: none
Excluded certificates:
imap.gmail.com
.ww.update.microsoft.com
login.live.com

I added imap.gmail.com and login live.com to the list excluded certificates because adding them to the list trusted certificates didn’t exactly work, encountered problems sending/receiving email with Windows Live Mail, reason: Cannot connect to server. But after this and several times restarting the system, it finally works. Do I trust it? Mmmh, not exactly. Let’s see what happens next time I start my system.

I never had a certificate problem with gmail. I use Thunderbird with imap and gmail, which seems to work. However, Eset does not support full integration with Thunderbird (ver 13.0.1), so maybe that is why it works, and maybe that is a good thing.

I don't have Windows Live, so can't comment on that. I am not running Eset on any Windows 7 systems, so don't have anything to say about that in general. I have XP SP3 and did have the issue with Windows Update until I excluded the certificate. However, when I saw I had received the update to the internet protection module (1041), I removed all certificates in SSL and found that I had no problem with Windows Update. So, I wonder why the internet protection module update did not help you? My SSL settings are identical to yours apart from now having no excluded certificates. One other thing is that I am running NOD32 ver 6.0.11.0 beta, which may or may not make a difference. One thing for sure is that if you have a trusted site and the certificate isn't working in the trusted list, you can add it to the excluded list and that will make things work.

[rcdailey]

Quote:

Originally Posted by alfa100

http://kb.eset.com/esetkb/index?page...nt&id=SOLN2357

Enable also bêta-update

Interesting, and this is a bit off-topic, but the screen in beta 6.0.11.0 is slightly different. You get the option (in advanced update settings) to have the program check regularly check for the latest product version, which is unchecked by default. The choice between regular and pre-release updates is in the previous screen. So, since I'm running the beta version, some of the things I may say about how NOD32 works may not apply to the 5.x series. If I mention some setting that you don't see, that could be why.

I really like the beta and have not had any new issues with it, so I am not going back, but that's my choice, not a recommendation.

[dwood]

I'm trying to enable Pre-Release updates on 1 of our ERAS servers, but I get the attached error when trying to get the updates

Any ideas?

[rcdailey]

Quote:

Originally Posted by alfa100

http://kb.eset.com/esetkb/index?page...nt&id=SOLN2357

Enable also bêta-update

Just checked updates and got program module updates (am on pre-release and using beta 6.0.11.0)

Virus signature database: 7254 (20120628 )
Update module: 1040 (20120313)
Antivirus and antispyware scanner module: 1361 (20120628 )
Advanced heuristics module: 1124 (20120523)
Archive support module: 1147 (20120620)
Cleaner module: 1056 (20120601)
Anti-Stealth support module: 1031 (20120613)
ESET SysInspector module: 1224 (20120223)
Real-time file system protection module: 1007 (20111129)
Translation support module: 1044 (20120223)
HIPS support module: 1052 (20120613)
Internet protection module: 1041 (20120627)
Database module: 1021 (20120612)

There they are for what it is worth.

[alfa100]

Quote:

Originally Posted by rcdailey

I never had a certificate problem with gmail. I use Thunderbird with imap and gmail, which seems to work. However, Eset does not support full integration with Thunderbird (ver 13.0.1), so maybe that is why it works, and maybe that is a good thing.

I don't have Windows Live, so can't comment on that. I am not running Eset on any Windows 7 systems, so don't have anything to say about that in general. I have XP SP3 and did have the issue with Windows Update until I excluded the certificate. However, when I saw I had received the update to the internet protection module (1041), I removed all certificates in SSL and found that I had no problem with Windows Update. So, I wonder why the internet protection module update did not help you? My SSL settings are identical to yours apart from now having no excluded certificates. One other thing is that I am running NOD32 ver 6.0.11.0 beta, which may or may not make a difference. One thing for sure is that if you have a trusted site and the certificate isn't working in the trusted list, you can add it to the excluded list and that will make things work.

Just to clear some things up. I posted this before the update to Internet protection module 1041. I mentioned this in post #34 where I also stated that the problems I had were solved. So currently no excluded SSL certificates. The only problem left now is with Windows Live Mail not being able to send/receive emails with my Gmail account when I'm already logged in to iGoogle. (IE9) post #41.

Edit:I made no changes to my settings, and yet everything seems to work perfectly now. No problems anymore with Windows Live Mail, IMAP / Gmail. I just hope now that this is not something that occurs randomly.

[rcdailey]

Quote:

Originally Posted by Marcos

Switching back to regular updates will downgrade the Internet protection module to an older version. However, this should be ok if you don't want to use pre-release modules permanently (e.g. on production computers) as the module will be released for all users shortly, before the next Windows update.

While it is true that Microsoft generally has a Windows update on the second Tuesday of each month (often called "Patch Tuesday"), there are those occasional emergency updates in between, so one would hope that Internet Protection Module 1041 will be released for all users very soon.

[bwb1]

Will this module reset the HTTPS protocol scanning back on if we have unticked the box??

[rcdailey]

Quote:

Originally Posted by bwb1

Will this module reset the HTTPS protocol scanning back on if we have unticked the box??

NO, that is a user-controlled option, so just updating the module does not change that setting. You have to go into the setup and change it yourself.

[Baresi]

Quote:

Originally Posted by Marcos

Internet protection module 1041 addressing the Windows Update issue is now available on pre-release servers.

Hi Marcos.

I have that module 1041, but i still get error number [0x8024404]
when i try to run windows updates.

I use 5.2.9.1 ESS on xp workstation.