NOD32 and Firefox - root certificates issue

Discussion in 'other anti-virus software' started by Jito463, Jul 20, 2016.

  1. Jito463

    Jito463 Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    16
    So, I work for a computer store where we sell NOD32. I've used it for well over a decade, personally. Now, I use Opera browser, but for the customer's computers, we usually install Chrome and Firefox. On v9 especially (can't recall if it happened with v8 ), after installing Eset, it's supposed to import the root certificate into the browsers.

    Chrome seems to be fine, but it will never try to import into Firefox until it's actually been launched. Then I get the error that "Some applications capable of importing root certificates are still open". After closing Firefox and clicking retry, the error goes away.

    Does anyone know why it only tries to import into Firefox once it's been run, and is there any plans to fix it?

    I can't seem to locate any information about this, except for a comment in the knowledge base article that Firefox and Opera must be closed in order to do the import (which I already understood from the error), but nothing explaining why it happens.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please report this in our official forum at https://forum.eset.com. Also create a Process Monitor log (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx) as follows:
    - close all browsers and make sure that none is running in the Task manager
    - disable SSL scanning and click OK
    - start logging with Process Monitor
    - enable SSL scanning and click OK
    - wait 5-10 seconds and then stop logging.

    If the certificate was not imported, save the log, compress it, upload it to a safe location and drop me a pm with a download link.
     
  3. Jito463

    Jito463 Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    16
    Thanks for the response. I'll do some testing, and report back. If I can't replicate it on an existing computer, I'll throw the trial of Eset on another computer and test there. For the record, I do believe the import is actually working after I retry, it's just the question of why it's not importing until Firefox is actually launched. Nevertheless, I'll check it out and get back to you.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Actually Firefox must not be running when a root certificate import is attempted. Otherwise the certificate wouldn't be imported and https websites would not open until you restart the computer. During the launch of ekrn and egui, the root certificate should be eventually imported automatically.
     
    Last edited: Jul 21, 2016
  5. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    75
    I'd just shut it off altogether tbh. I loathe when vendors do things like this. They're actually making you less secure by intercepting your encrypted traffic, for very little benefit.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Actually, Eset imports its self-signed root certificate into Windows root CA store.

    Thereafter, it is up to the browser used and how it handles root CA certificates. IE will import them automatically from the Windows root CA certificate store. I believe Firefox uses its own root CA store versus the Windows one. So a root CA certificate has to be manually imported into Firefox's root CA certificate store equivalent. I have also read that FireFox has issues with self-signed root CA certificates. So if Eset is indeed doing a manual import of it's root CA certificate in Firefox, there might be an issue with the way Firefox is configured in regards to the importing of self-signed root CA certificates?

    Don't know for sure since I don't use Firefox.
     
  7. geekatlarge

    geekatlarge Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    66
    Location:
    Searching for $Windows.~BT folders
    Follow Marcos' advice. Just give a little time for Firefox to completely close out - 2 minutes is fine on an average modern computer - then re-enable SSL. I was actually uninstalling then reinstalling Eset completely till I discovered this workaround on my own. Marcos has confirmed this is the Eset recommended workaround at this time. Works every time for me.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This is not true. The ESET root certificate is imported automatically to both Thunderbird and Firefox trusted root certification authorities certificate store too.
     
Loading...