where is the option to block SSL communication with untrusted certificates?

I can either exclude certificates, SSL will be still going through but not being scanned by NOD to trust a certificate and thence getting the SSL traffic scanned by NOD.
Yet looking for the option of NOD to block traffic generating through certificates I mark as suspicious/unwanted/unsafe - what do I miss, where do I look?

 

zero reply = zero option (assumed)

too bad, that forces me to frequently change the settings in NOD, and since the setup is password protected as well as a simple APPPLY button missing I have to inconciently go through a bit of proceedure. same also for updating FF Minefield, which I mentioned in a different thread...

 

Well, i don't quite follow you. If you mark a certificate as untrusted on the client and exclude the it from NOD, then you can block that traffic pretty much at the client directly without needing any such feature. What am I missing here?

 

the exclusion does not stop the SSL traffic with untrusted certificates, it excludes it from being scanned by NOD and thus taking out a fuse



the malformation with FF Minefield is different, as NOD messes it up, mentioned that in the other thread but seem to be of no interest to Eset

 

Well, I don't know but when I mark certificate as untrusted in my browser it refuses to talk to the site via HTTPS without quite a bit of manual intervention. Besides that, it wouldn't help you in any way since you could still connect via normal HTTP this way. If you want to block a traffic from somewhere, block the IPs and/or hostnames.

 

sorry, but you are talking different things here, I am about NOD, you about browsers. I am about SSL and certificates, you about htttp and ip.
there is also non-http traffic basis SSL...
All of yours is not related to matter of missing the option to block SSL traffic basis untrusted certificates at NOD level.

 

Sorry, I really don't get it. Maybe if you could explain what exactly are you trying to do and why it'd make more sense. It takes about a minute to change server certificate so what are you trying to block here? You won't block any malware at all like this. On a side note, NOD32 supports checking SSL-encrypted traffic for HTTPS and POP3S only. And finally this is an antivirus and not a firewall.

 

alright, fair enough. let's see, e.g. TOR, where I can opt that besides http traffic also SSL traffic and mail of other parties is routed through my machine, though supporting TOR I do not malicious traffic, which in large parts is using their own unverified and unsafe SSL certificates. As precaution I am already using certain blocklists via hostfile.
So my browser is not involved but NOD, hence the option to block SSL traffic at NOD level

 

Well, this is essentially a lost cause, even more so w/ tor. The exclusion from filtering makes sense as a whitelist, not as a blacklist, and same thing applies here. You can use server certificates for whitelisting something in a meaningful way, not for blaclisting.

Also note that as for malicious traffic, once again - this in an antivirus, not a firewall. So if someone launches a DoS and uses your computer for that, or uses your computer for hacking, NOD32 won't give a damn about it.

 

black-listing is not meaningful?

 

Well, IMHO not with server certificates which are extremely easy to change. Even if you blocked all self-signed stuff, there are still many CAs that happily issue certs to anyone who pays the $$$.

 

and those CA and/or certificates are ok then for NOD?