ESET Online Help

Search English
Select the topic

SSL/TLS

ESET Endpoint Antivirus can check for communication threats that use the SSL protocol. You can use various filtering modes to examine SSL-protected communication with trusted certificates, unknown certificates, or certificates that are excluded from SSL-protected communication checking. To edit SSL/TLS settings, open Advanced setup > Protections > SSL/TLS.

CONFIG_SSL

Enable SSL/TLS—If disabled, ESET Endpoint Antivirus will not scan communication over SSL/TLS.

SSL/TLS mode is available in the following options:

Filtering mode

Description

Automatic

The default mode will only scan appropriate applications, such as web browsers and email clients. You can override it by selecting the applications where communication is scanned.

Interactive

If you access a new SSL-protected site (with an unknown certificate), an action selection dialog is displayed. This mode allows you to create a list of SSL certificates/applications that will be excluded from scanning.

Policy-based

Select this option to scan all SSL-protected communication, except communication protected by certificates excluded from checking. If a new communication using an unknown, signed certificate is established, you will not be notified and the communication will automatically be filtered. When you access a server with an untrusted certificate marked as trusted (it is on the trusted certificates list), communication to the server is allowed, and the communication channel content is filtered.

Application scan rules—Allows you to customize ESET Endpoint Antivirus behavior for specific applications.

Certificate rules—Allows you to customize ESET Endpoint Antivirus behavior for specific SSL certificates.

Do not scan traffic with domains trusted by ESET—When enabled, communication with trusted domains will be excluded from scanning. An ESET-managed, built-in whitelist determines a domain's trustworthiness.

Integrate ESET root certificate into the supported applications—For SSL communication to work properly in your browsers/email clients, it is essential that the root certificate for ESET be added to the list of known root certificates (publishers). When enabled, ESET Endpoint Antivirus will automatically add the ESET SSL Filter CA certificate to known browsers (for example, Opera). For browsers using the system certification store, the certificate is added automatically. For example, Firefox is automatically configured to trust Root authorities in the system certification store.

To apply the certificate to unsupported browsers, click View Certificate > Details > Copy to File and manually import it into the browser.

Action if certificate trust cannot be established—In some cases, a website certificate cannot be verified using the Trusted Root Certification Authorities (TRCA) store (for example, expired certificate, untrusted certificate, certificate not valid for the specific domain or signature that can be parsed but does not sign the certificate correctly). Legitimate websites will always use trusted certificates. If they are not providing one, it could mean that an attacker is decrypting your communication or the website is experiencing technical difficulties.

If Ask about certificate validity is selected (selected by default), you will be prompted to choose an action when encrypted communication is established. An action selection dialog will be displayed where you can mark the certificate as trusted or excluded. If the certificate is not present in the TRCA list, the window is red. If the certificate is on the TRCA list, the window will be green.

You can select Block communication that uses the certificate to always terminate an encrypted connection to a site that uses an untrusted certificate.

Block traffic encrypted by obsolete SSL2—Communication using the earlier version of the SSL protocol will automatically be blocked.

Action for corrupted certificates—A corrupted certificate means that the certificate uses a format not recognized by ESET Endpoint Antivirus or has been received damaged (for example, overwritten by random data). In this case, we recommend leaving Block communication that uses the certificate selected. If Ask about certificate validity is selected, the user is prompted to choose an action when the encrypted communication is established.


note

The following ESET Knowledgebase article may only be available in English: