SSL connection from Citrix client fails

After installing 5.0.2126 the following issue occurs:

Users of Citrix services that exist on external systems (on the internet) no longer can connect.

Environment:
- Windows XP
- Proxy server for all internet connections
- Two browsers: IE and Mozilla Seamonkey
- ESET Endpoint Antivirus, almost default config, HTTPS scanning not enabled

Users can visit HTTPS pages OK, can visit the login page of a Citrix server and login, get the page with available applications, click on an application.
.ICA file is downloaded and will be run by the Citrix plugin locally installed on the system. Plugin starts OK and attempts to make connection, this fails with a popup:

Cannot connect to the Citrix Xenapp Server.
SSL Error 4: Attempted to connect using the ( TLS V1.0 | SSL V3.0 ) protocols. The Server rejected the connection.

Looking in the proxy log it appears that a CONNECT was done and serviced OK.
After reverting to ESET 4.2.76 this problem no longer occurs.

What is happening? Is ESET 5.0.2126 snooping on SSL traffic even when this is not enabled?

 

Anyone?

 

Does disabling web protection or HTTP filtering in the advanced setup make a difference?

 

I don't know, I cannot test anymore because I had to rolllback all the systems to 4.2.76 due to all the problems.
I also get a bit tired of all the "please try this and that useless config" replies from ESET instead of providing useful information about the working of the program.
We need to have a working configuration and we are not in the software debugging industry.
Thanks.

 

There are dozens of millions different system configurations in the world and it's not possible to test software with each of them. This holds true for any software, including Windows, and it's also the reason why vendors release hotfixes or newer versions of software that address reported issues.

When a user encounters an issue, it's a standard procedure to ask them to disable modules or options potentially involved in the issue. After narrowing it down, we would provide them with further instructions.

If disabling http filtering makes a difference in this case, comparing two Wireshark logs from the time when the issue occurs and when it doesn't might shed more light.

 

I make my remark because I have found in the past that this is the standard way at ESET of handling problems that customers encounter.
It does not matter how much information is passed with a report (see my original post), the replies from ESET are always "try this, try that, install this, make that log" etc.
This goes on until the customer decides that it is no longer worth it to put all the effort in this process and risk the operation of the system by installing tooling from unknown origin on production systems.
Never an answer to questions about the internal operation of the program or about workarounds for known problems.
I think it is not a good way of supporting customers.
We don't have a complete testbed where we can experiment with software that is a blackbox to us, and we don't have the resources to do that.
We buy software with support service exactly to handle situations like this and to know that our problems will be looked at by people with insight in the product and a test environment where they can try things.
I have now several open issues with the 5.0 product (see this forum and also the Remote Admin forum) and our 3-year 410-system license ends 1-1-2014.
So the upcoming months will be critical in the decision if this license will be extended or if we will switch to another product.
I really like the small footprint of the ESET product and the fact that we had no false-positive-destroying-Windows-dll's issue like some other products have faced in the recent past, but up to now most of my encounters with support have not been that positive.

About hotfixes and updates: if only ESET would be releasing those, that would be a first step. There are wellknown issues (like the irritating "ESET Endpoint Antivirus needs your attention" balloons) that would be SO easy to fix with an update (ONLY provide us with a checkmark to turn off those balloons), yet they remain open for years and are only promised to be fixed in the next release. A release that does not exist yet for business customers and it is unknown how long that will take.

ESET has nice products but it should really look into its support.