ESET NOD32 v4.0.437.0 SSL filtering config?

Discussion in 'ESET NOD32 Antivirus' started by mutley, Aug 11, 2009.

Thread Status:
Not open for further replies.
  1. mutley

    mutley Registered Member

    Joined:
    Aug 2, 2009
    Posts:
    5
    Hi all,

    I have recently upgraded to v4 of ESET AV as a fresh install on a fresh install of XP Pro SP3 with latest patches. I have been going through the advanced config tree following blackspears v3 tutorial as guidance which I would like to thank for spending the time to produce a nice clear piece of work. I'm happy to have some additional processor overhead to increase the chances of blocking an infection. I'm a bit perplexed as to why the SSL filtering isn't turned on by default but that aside I think it would be of great benefit especially as I use Gmail in SSL mode and Thunderbird with IMAP Gmail SSL ports.

    The thing is, I'm confused by how this is working and whether the result i'm getting is correct. I have looked through this forum and the help file and am still confused over the correct way to set this up.

    Advanced Setup Tree > Antivirus and antispyware > Protocol filtering > SSL
    I have "Alway scan SSL protocol" and "Block encrypted communication utilizing the obsolete protocol v2" enabled.

    Advanced Setup Tree > Antivirus and antispyware > Protocol filtering > SSL > Certificates
    I have "Add the root certificate to known browsers" enabled.
    Under "If the certificate cannot be verified using the TRCA certificate store" I have "Ask about certificate validity".
    Under "If the certificate is invalid or corrupt" I have "Block communication that uses the certificate".

    I am using Firefox v3.5.2 and when I visit a https address I get an "Untrusted Connection" page. It appears not to like the ESET certificate. If I click on the Firefox "Add Exception..." button on this page it reports "Unknown Identity: Certificate is not trusted, because it hasn't been verified by a recognised authority."


    Please help as I think this is important new functionality to get working right.

    Kind regards
    Justin
     
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello mutley,

    I would disable the "Block encrypted communication utilizing the obsolete protocol v2". Having this enabled will block sites that may use old protocols.

    Thank you,
    Richard
     
  3. estbird

    estbird Eset Staff

    Joined:
    Feb 19, 2009
    Posts:
    97
    SSL filtering doesn't scan IMAP on Thunderbird.
    For this is responsible integration with Mozilla Thunderbird.

    Can you specify web page where you got it?
     
    Last edited by a moderator: Aug 12, 2009
  4. mutley

    mutley Registered Member

    Joined:
    Aug 2, 2009
    Posts:
    5
    Hi,

    Thank you both for your responses.

    When I toggled the SSL option to "Always scan SSL protocol", the option to "Block encrypted communication utilizing the obsolete protocol SSL v2" was already enabled by default but I have now removed this option.

    I think the problem was caused because although the option under Root certificate, "Add the root certificate to known browsers" was enabled by default it actually hadn't added this certificate. When I looked in Firefox under Tools > Options... > Advanced > Encryption > View Certificates > Authorities there was no Eset cert. I wasn't sure if this is where it was meant to show up so I didn't mention this previously. However since either closing and reopening browser and / or restarting system I can now see the Eset cert in the above location within Firefox and this appears to have resolved the problem.

    The url which was resulting in the initial error was https://addons.mozilla.org/en-US/firefox/

    Now that I can see that Firefox has the Eset cert present this is now working with or without the option to exclude the old SSL v2 protocol with the above address.

    I don't understand your point here estbird?
    Are you saying that the "Advanced Setup Tree > Antivirus and antispyware > Email client protection" and "Miscellaneous > Email client integration" takes care of the email scanning regardless of using SSL settings within the email client? If I see the Eset scan tag appended to my messages it is actually scanning them right?

    Kind regards
    Justin
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    He meant that scanning secured IMAP will be accomplished via the plugin by enabling integration with Thunderbird.
     
Thread Status:
Not open for further replies.