AB-Solution webpage/antivirus problems

[elorimer]

Firefox handles certs differently; you have to import the cert into it, while Chrome and IE use the cert imported into windows--did you do that?

 

[kfp]

I still need to keep the SSL/TLS feature switched off in ESET

Just to add to the above, you probably need to import the cert into ESET as well to be able to turn on the TLS feature again without it blasting warnings.

 

[sentinelvdx]

I did that long time ago and it didn't work... eset will still shownpop ups

Just to add to the above, you probably need to import the cert into ESET as well to be able to turn on the TLS feature again without it blasting warnings.

Sent from S.G. S9+ Duos

 

[kfp]

I did that long time ago and it didn't work... eset will still shownpop ups

Did you import the CA or the TLS cert?

 

[TheLyppardMan]

I followed these instructions...

1. Open your browser and visit http://192.168.1.2/ca.crt.
   
2. Select "Trust this CA to identify websites" on the screen pop-up (I also ticked the e-mail box as I wasn't sure if that was needed as well).
   
3. Click "Ok"

I'm still getting the error message as you can see. Also, I followed the procedure for Chrome on my daughter's laptop, but I didn't see any mention of a keychain as per these instructions...

1. Double click on `ca.crt' to start Keychain's import wizard.
2. Select keychain "system" and click "Add".

By the way, what is the difference between a "CA" and a "cert"? The instructions refer to a "CA Certificate".

 

[kfp]

By the way, what is the difference between a "CA" and a "cert"? The instructions refer to a "CA Certificate".

I just realized the language I used was confusing, and have modified my comment to clarify.

When you set up an HTTPS server (pixelserv-tls is one) you will be creating two certs, one for the server itself and one as a CA that would sign/certify the previous one, hence the distinction.

I was just wondering if the wrong cert was imported so @sentineldvx is still seeing cert errors in ESET.

 

[sentinelvdx]

I just realized the language I used was confusing, and have modified my comment to clarify.

When you set up an HTTPS server (pixelserv-tls is one) you will be creating two certs, one for the server itself and one as a CA that would sign/certify the previous one, hence the distinction.

I was just wondering if the wrong cert was imported so @sentineldvx is still seeing cert errors in ESET.

Could be[emoji39], I'll try again and update

Sent from S.G. S9+ Duos

 

[TheLyppardMan]

So based on all the above, what do I need to resolve this issue? Also, I have received a reply from ESET at follows, but I'm not sure it makes much sense (to me at least):-

------------ Begin Quote ------------

Thank you for contacting ESET Technical Support.

Disabling SSL scanning does present an increased risk and is not recommended. It should be possible to allow the untrusted certificate by following the instructions in this article - https://support.eset.com/kb6407

Alternatively, you should be able to add the certificate and set it to allow, via ESET > Setup > Advanced Setup > Web And Email > SSL/TLS > List of known certificates (Edit) > Add - https://help.eset.com/eis/11.1/en-US/idh_config_epfw_ssl_known.html

If you have any problems or require any further assistance then please feel free to call us on 01202 405 405 and select option 3, one of our technical staff should be able to help. Our opening hours are 08:30-20:00 weekdays. It would be helpful if you could be at this page when you call: https://www.eset.com/uk/remote-support/

------------ End Quote ------------

 

[TheLyppardMan]

I've probably just had about 50-60 popups from my AV, while trying to get to this page to add this additional message. I'm uploading just one example of what I am seeing.

 

[kfp]

Alternatively, you should be able to add the certificate and set it to allow, via ESET > Setup > Advanced Setup > Web And Email > SSL/TLS > List of known certificates (Edit) > Add - https://help.eset.com/eis/11.1/en-US/idh_config_epfw_ssl_known.html

Do that.

 

[TheLyppardMan]

Do that.

This is the add page in the GUI. What steps do I need to follow and what will this achieve?

 

[kfp]

This is the add page in the GUI. What steps do I need to follow and what will this achieve?

File > select your pixelserv ca.crt > select ‘Allow’ and click OK to confirm. That will import the CA into ESET so that it knows not to flag it. You then won’t see pop-ups even with SSL/TLS capabilities enabled.

 

[TheLyppardMan]

File > select your pixelserv ca.crt > select ‘Allow’ and click OK to confirm. That will import the CA into ESET so that it knows not to flag it. You then won’t see pop-ups even with SSL/TLS capabilities enabled.

Where do I find the Pixelserv certificate?

 

[TheLyppardMan]

I've managed to install it with the URL option, but it still hasn't solved the problem.

 

[kfp]

Where do I find the Pixelserv certificate?

Seriously, just scroll up. How hard are you trying really?

https://www.snbforums.com/threads/ab-solution-webpage-antivirus-problems.46817/#post-407709

 

[kfp]

I've managed to install it with the URL option, but it still hasn't solved the problem.

Have you restarted ESET? And honestly this would be better answered via the support emails you have sent them.

 

[TheLyppardMan]

Seriously, just scroll up. How hard are you trying really?

https://www.snbforums.com/threads/ab-solution-webpage-antivirus-problems.46817/#post-407709

Believe me, I am trying very hard, but your cryptic clues are not exactly very clear to someone who has never done this before. I'll reboot my computer which restart ESET and see if that makes any difference.

 

[TheLyppardMan]

Restarting ESET makes no difference. I'm not going to waste any more time on this as it clearly causes more problems than it solves. I'll just use it for mobile devices and use uBlock Origin plug-in for Firefox.

 

[kvic]

I followed these instructions...

1. Open your browser and visit http://192.168.1.2/ca.crt.
   
2. Select "Trust this CA to identify websites" on the screen pop-up (I also ticked the e-mail box as I wasn't sure if that was needed as well).
   
3. Click "Ok"

I'm still getting the error message as you can see. Also, I followed the procedure for Chrome on my daughter's laptop, but I didn't see any mention of a keychain as per these instructions...

1. Double click on `ca.crt' to start Keychain's import wizard.
2. Select keychain "system" and click "Add".

By the way, what is the difference between a "CA" and a "cert"? The instructions refer to a "CA Certificate".

Keychain is an Apple feature on Mac platform. If you aren't using macOS, you won't find it.

If you're using macOS, double click on "ca.crt" in your download directory that you've downloaded through "http://pixelserv ip/ca.crt" will launch Keychain.

Where do I find the Pixelserv certificate?

When you click on any URL that triggers a download action, on almost all desktop OS, the downloaded file is stored in your download directory.

So to re-iterate. e.g. when you click "http://pixelserv ip/ca.crt", the file ca.crt (also known as Pixelserv CA certificate) is downloaded and saved in your PC's download directory. You'll find the certificate there.

 

[TheLyppardMan]

Keychain is an Apple feature on Mac platform. If you aren't using macOS, you won't find it.

If you're using macOS, double click on "ca.crt" in your download directory that you've downloaded through "http://pixelserv ip/ca.crt" will launch Keychain.



When you click on any URL that triggers a download action, on almost all desktop OS, the downloaded file is stored in your download directory.

So to re-iterate. e.g. when you click "http://pixelserv ip/ca.crt", the file ca.crt (also known as Pixelserv CA certificate) is downloaded and saved in your PC's download directory. You'll find the certificate there.

Thanks. I realised that files are usually downloaded to the user's downloads directory, but what I hadn't realised was that visiting the above URL was actually downloading a file to my PC. Anyway, I've just tried again and it seems that it's already installed somewhere (see screenshot 1), but either way, it hasn't solved the problem, so I'm going to leave it switched off wherever I have the option to use a browser-based ad filter. This is easy to achieve with the Merlin firmware (screenshots 2 & 3).