ESET Smart Security 9 and Adguard Certificate Errors (Workaround)

[soccer97]

I found a way to reduce 90% of the Adguard/ESET certificate errors. Go into services, and stop Adguard's service from running. Simply disabling protection by right clicking on the icon is not sufficient. If you stop the service, things start working again.

This is with HTTPS scanning enabled on ESS 9 (9.0.402.0) and Adguard (6.1.258.1302)

If unfamiliar, Go to the Run command, type services.msc, look for Adguard, right click, and Click Stop.

Also, in general ESS 9 and Adguard works ok for Firefox only. Google Chrome barely works with both enabled.

Of course, doing this may expose you to more and which seem to be a problem with propagating malware at the time. This is a workaround.

Please let me know if this works for you. May could be something I can pass along to dev.

 

[Cohen]

When I used ESET, I had problems with Adguard and ESET conflicting and causing BSODs. I just disabled ESET's HTTPS scanning, and I didn't have a problem after that.

 

[soccer97]

What am I missing here? The guide doesn't look complete or what?
First, are you using WFP driver or TDI?
Second, if you disable adguard service, adguard won't work until the service is restared or the system is restarted(which would auto start the adguard service)

I know Adguard will not work when you disable via services. Its a temporary workaround when HTTPS sites and even Google get certificate errors. It's simply a workaround. I have been using Heimdal Pro and toggled it on and off (via services menu) to see if this is the cause. I don't notice a difference - so I leave it enabled.

Adguard Configuration:

• Sent DNT Header
• Remove X-Client-Data header from HTTP requests
• Self-destructing 3rd party Cookies (30 min timeout)
• Block WebRTC
• Block Push API
• Block Location API
• Hide Referrer from Third-parties
• Hide user agent
• Hide IP Address
• Disable Cache for 3rd Party Requests
• Hide Search Queries

Other enabled features:

• Automatically detect userscripts
• Enable browsing security
• Enable Adblock Assistant
• Enable Adblock Extensions
• Enable Adblock Popup Blocker

ESET Configuration:

• SSL and TLS scanning is On (Automatic Mode) in ESET Smart Security 9
• HTTPS Scanning is enabled in ESET
• HIPS, Self-Defense and Exploit Blocker are enabled if it matters

I enabled all choices in ESET > Personal Firewall > IDS and Advanced Options under following 2 categories:

Incoming RPC Communication over SMB and Intrusion Detection

Under Intrusion Detection:

• WFP Driver is enabled
• Filter HTTPS Protocol is enabled
• Do not filter websites with EV certificates enabled
• Block Location API enabled
• Automatically Filter Application Traffic Enabled
• Incoming RPC Communication over SMB

 

[Cohen]

@soccer97 are you speaking of the certificate error? bcuz that can be solved easily without disabling Adguard, you just need to install the Adguard certificate again. Adguard has an option for this under general settings.
It's not really a workaround then? a workaround would be one where you don't have to compromise on the functioning of other. here you're altogether disabling adguard.

For me, ESET and Adguard would conflict and cause a BSOD occasionally. My guess is that it was them both having 'HTTPS scanning' because once I turned it off in ESET, I no longer had problems.

 

[valvaris]

Hello fellow Adguard Users,

Disabling the Service from Adguard does not resolve or (workaround) that issue. It is the HTTPS Scanning part of ESET that creates that conflict.

Thru my tests I have tried with the help of the Community to get HTTPS ESET and Adguard working together with No Success.

Then it hit me why use both HTTPS Scanners?! - Basically they do the same thing: Check if SSL Certificate is "True" and on the Adguard part it blocks Ads from the HTTPS Protocol in addition. That is why I have disabled the ESET HTTPS Scanner.

HTTPS Protection Part from Adguard:

WFP network driver - Enabled
Filter HTTPS protocol - Enabled

On the ESET Config side:

HTTP Scanner Setup - Enabled
HTTPS Scanner Setup - Disabled

No more no less All works like a charm - No BSOD, No Lag

Information about Adguard HTTPS Protection: Filtering support for https-connections in portable-browsers - Powered by Kayako Help Desk Software

Sincerely
Val.

 

[Cohen]

Hello fellow Adguard Users,

Disabling the Service from Adguard does not resolve or (workaround) that issue. It is the HTTPS Scanning part of ESET that creates that conflict.

Thru my tests I have tried with the help of the Community to get HTTPS ESET and Adguard working together with No Success.

Then it hit me why use both HTTPS Scanners?! - Basically they do the same thing: Check if SSL Certificate is "True" and on the Adguard part it blocks Ads from the HTTPS Protocol in addition. That is why I have disabled the ESET HTTPS Scanner.

Now I am using the HTTPS Protection Part from Adguard:

WFP network driver - Enabled
Filter HTTPS protocol - Enabled

I can report no issues at all.

On the ESET Config side:

HTTP Scanner Setup - Enabled
HTTPS Scanner Setup - Disabled

No more no less All works like a charm - No BSOD, No Lag

Information about Adguard HTTPS Protection: Filtering support for https-connections in portable-browsers - Powered by Kayako Help Desk Software

Sincerely
Val.

That was exactly my setup to fix the confliction when I used ESET.

 

[_CyberGhosT_]

I found a way to reduce 90% of the Adguard/ESET certificate errors. Go into services, and stop Adguard's service from running. Simply disabling protection by right clicking on the icon is not sufficient. If you stop the service, things start working again.

This is with HTTPS scanning enabled on ESS 9 (9.0.402.0) and Adguard (6.1.258.1302)

If unfamiliar, Go to the Run command, type services.msc, look for Adguard, right click, and Click Stop.

Also, in general ESS 9 and Adguard works ok for Firefox only. Google Chrome barely works with both enabled.

Of course, doing this may expose you to more and which seem to be a problem with propagating malware at the time. This is a workaround.

Please let me know if this works for you. May could be something I can pass along to dev.

I'm sorry soccer97 this is just bad advice. Ending the process should only be done under certain circumstances
and not abused in this fashion.
@valvaris & @Then both offer very valid Advice.

 

[uxbal]

I need to shout this:

THANK YOU! THANK YOU!

Jeezus, I've been looking all over for the solution, even ESET's local support wasn't able to help, but this thread fixed the issue this morning! I contacted the support and told them what the issue was in case they get contacted by someone with a similar problem.

 

[soccer97]

@soccer97 are you speaking of the certificate error? bcuz that can be solved easily without disabling Adguard, you just need to install the Adguard certificate again. Adguard has an option for this under general settings.
It's not really a workaround then? a workaround would be one where you don't have to compromise on the functioning of other. here you're altogether disabling adguard.

@Then First, I apologize. The word 'Workaround' was intended to mean to provide the ability for users to access websites they need, not permanently disable Adguard.

- The certificate had already been reinstalled. I did it before and prior to the recent update to Adguard. All browsers and other programs were closed several minutes prior to doing this. I waited, then rebooted the PC. I checked the certificates in each browser, and they are present.

-The purpose of this thread was to help users who may not be able to access websites due to the certificate errors. It was in no way intended to alter the perception or to encourage users to disable Adguard for an extended period of time. (If they couldn't get to a website they frequently use, never had an issue - security wise with, they would be able to access it). It would be encouraged to re-enable Adguard when the were finished.

-It also was not meant to diminish the protection in general. If users are using the latest version of ESET Smart Security 9, HTTPS and SSL scanning is enabled already.

 

[soccer97]

I'm sorry soccer97 this is just bad advice. Ending the process should only be done under certain circumstances
and not abused in this fashion.
@valvaris & @Then both offer very valid Advice.

@CyberGHost Thank you for the feedback. That was not my intent. Please see post #12.

Disabling Adguard altogether does disable its functionality. I am confused by the term 'Abused'. It is like a troubleshooting step IMHO, and would be used for a very short period of time.The assumption was that users had already tried the troubleshooting steps such as reinstalling the certificate, verifying it is present in the browsers, and trying to toggle the protection as a troubleshooting step. In the notification area, if you right click on the Adguard icon and click Disable protection - there is no difference in certificate errors, you have to disable the actual service. By workaround, I meant to temporarily gain access to a site that they could not otherwise. For functionality and providing additional (and good) protection from potential malvertising, the Adguard service should be Re-enabled.

In no way was it meant to cast a bad light on Adguard or anything like that. I use it, and I really like it! It seems to just be a thing when ESET and Adguard both have that option enabled (which you have further enlightened us on and is appreciated). Since both recent updates of ESS 9 and Adguard, there have been less errors in general.

My apologies for any confusion, my intent was to help. My communication skills need some improvement.

@valvaris and @Then both provided good advice I agree. I am glad that collaboration provided a solution. I would add that regardless of the configuration, Mozilla Firefox 64-bit seems to have less issues with this in general (At least this is my experience).

I hope that cleared it up.