ESET NOD32 v4.0.437.0 SSL filtering config?

Hi all,

I have recently upgraded to v4 of ESET AV as a fresh install on a fresh install of XP Pro SP3 with latest patches. I have been going through the advanced config tree following blackspears v3 tutorial as guidance which I would like to thank for spending the time to produce a nice clear piece of work. I'm happy to have some additional processor overhead to increase the chances of blocking an infection. I'm a bit perplexed as to why the SSL filtering isn't turned on by default but that aside I think it would be of great benefit especially as I use Gmail in SSL mode and Thunderbird with IMAP Gmail SSL ports.

The thing is, I'm confused by how this is working and whether the result i'm getting is correct. I have looked through this forum and the help file and am still confused over the correct way to set this up.

Advanced Setup Tree > Antivirus and antispyware > Protocol filtering > SSL
I have "Alway scan SSL protocol" and "Block encrypted communication utilizing the obsolete protocol v2" enabled.

Advanced Setup Tree > Antivirus and antispyware > Protocol filtering > SSL > Certificates
I have "Add the root certificate to known browsers" enabled.
Under "If the certificate cannot be verified using the TRCA certificate store" I have "Ask about certificate validity".
Under "If the certificate is invalid or corrupt" I have "Block communication that uses the certificate".

I am using Firefox v3.5.2 and when I visit a https address I get an "Untrusted Connection" page. It appears not to like the ESET certificate. If I click on the Firefox "Add Exception..." button on this page it reports "Unknown Identity: Certificate is not trusted, because it hasn't been verified by a recognised authority."


Please help as I think this is important new functionality to get working right.

Kind regards
Justin

 

Hello mutley,

I would disable the "Block encrypted communication utilizing the obsolete protocol v2". Having this enabled will block sites that may use old protocols.

Thank you,
Richard

 

SSL filtering doesn't scan IMAP on Thunderbird.
For this is responsible integration with Mozilla Thunderbird.

Can you specify web page where you got it?

 

Hi,

Thank you both for your responses.

When I toggled the SSL option to "Always scan SSL protocol", the option to "Block encrypted communication utilizing the obsolete protocol SSL v2" was already enabled by default but I have now removed this option.

I think the problem was caused because although the option under Root certificate, "Add the root certificate to known browsers" was enabled by default it actually hadn't added this certificate. When I looked in Firefox under Tools > Options... > Advanced > Encryption > View Certificates > Authorities there was no Eset cert. I wasn't sure if this is where it was meant to show up so I didn't mention this previously. However since either closing and reopening browser and / or restarting system I can now see the Eset cert in the above location within Firefox and this appears to have resolved the problem.

The url which was resulting in the initial error was https://addons.mozilla.org/en-US/firefox/

Now that I can see that Firefox has the Eset cert present this is now working with or without the option to exclude the old SSL v2 protocol with the above address.

I don't understand your point here estbird?

Are you saying that the "Advanced Setup Tree > Antivirus and antispyware > Email client protection" and "Miscellaneous > Email client integration" takes care of the email scanning regardless of using SSL settings within the email client? If I see the Eset scan tag appended to my messages it is actually scanning them right?

Kind regards
Justin

 

He meant that scanning secured IMAP will be accomplished via the plugin by enabling integration with Thunderbird.