SSL filtering with Eset doesn't work with Firefox 67.0.x in Sandboxie

In the past the Firefox config setting "security.enterprise_roots.enabled = true" which let Firefox use the windows certificate store, fixes this, but this doesn't work anymore. I have tried "security.enterprise_roots.enabled = false" and reactivate the Eset root certificate in Firefox again, without success.

Outside of Sandboxie Firefox uses the Eset certificate and also with Internet Explorer 11 and PaleMoon 26.5 x86 (palemoon.exe renamed to firefox.exe) inside of Sandboxie.

Does anyone know a solution?

  • Hi tec tec,

    Please, re-test with a supported version of Sandboxie (5.30 or latest beta), and provide the rest of the details so that we can review them:
    How to report problems with Sandboxie

    When you say it doesn't work anymore, what is happening exactly?  Was it working before with the exact same versions of the programs? If so, consider creating a new Sandbox with default settings to re-test. Also try a new Firefox profile to see if that helps. 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Hi Barbara,

    Barb@Sophos said:
    When you say it doesn't work anymore, what is happening exactly?  Was it working before with the exact same versions of the programs? If so, consider creating a new Sandbox with default settings to re-test. Also try a new Firefox profile to see if that helps.

    Before my post I had tested a new Firefox profile and a new sandbox (with no restriction and full access to the Firefox profile folder) but with no success. Only an update of Firefox may have caused the problem, but I don't know with which version it worked last. But it was certainly a 6x version.

    With the portable versions of Firefox it is unfortunately not possible to test it, because Eset doesn't recognize them and no trick (rename FirefoxPortable.exe to Firefox.exe; add the path manually to Eset; import the certificate manually) helps.

    Unfortunately, version 5.30 would not be an alternative as long as the problems with Internet Explorer 11 persist. Maybe someone else with Eset and version 5.30 can confirm the problem. I think it should exist with 5.30 as well.

    Best regards


    Windows 7 x64 with all updates • Sandboxie 5.31.6 x64 • Browser (each with its own sandbox, cleared on exit): Firefox 70 x64, Internet Explorer 11, Pale Moon 26.5.0 x86 • Eset Internet Security 13

  • Note: The web pages are displayed with the original certificate instead of the Eset certificate. Therefore I don't know which Firefox version starts causing the problem.

    I have also tested the Firefox setting "security.sandbox.content.level" with different values (down to 0), but also without success.

    Then I have installed the portable version 67.0.4 in a sandbox. This works for both methods (Eset certifate in Firefox; or without certificate in Firefox but using windows certificate store through the Firefox setting "security.enterprise_roots.enabled = true"). After changing the method, it is nessecary to delete the Firefox path in Eset.

    Have anyone any idea for the outside installed non portable version of Firefox? Testing direkt access for the whole AppData path doesn't help. I think it is neccesary to have direkt acccess to a certain registry path.


    Windows 7 x64 with all updates • Sandboxie 5.31.6 x64 • Browser (each with its own sandbox, cleared on exit): Firefox 70 x64, Internet Explorer 11, Pale Moon 26.5.0 x86 • Eset Internet Security 13

  • Barb@Sophos said:

    Please, re-test with a supported version of Sandboxie (5.30 or latest beta), and provide the rest of the details so that we can review them:
    How to report problems with Sandboxie

    Hi Barbara,

    now I have tested it with 5.30 on a test machine with the same results.

    1 - Sandboxie 5.30, Windows 7 x64 bit with latest updates
    2 - Firefox 67.0.4 x64 bit with clean/new profile, installed outside of Sandboxie
    3 - Eset Internet Security 12.1.34
    4 - Go to https://www.ecosia.org/ with native Firefox (outside Sandboxie) and check the certificate. It should be from "Eset, spol. sr. o.". Then do the same with the sandboxed Firefox. The certificate is now from "Let's Encrypt".
    5 - Yes
    6 - No error messages

    Best regards


    Windows 7 x64 with all updates • Sandboxie 5.31.6 x64 • Browser (each with its own sandbox, cleared on exit): Firefox 70 x64, Internet Explorer 11, Pale Moon 26.5.0 x86 • Eset Internet Security 13

  • Hi tec tec,

    I see the behavior with your steps. ESET is not a supported application, however, per guidelines, I have escalated to the dev team.

    I will post any updates if/when they become available/ leaving this thread open in case anybody wants to contribute.  

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • Barb@Sophos said:

    ESET is not a supported application, however, per guidelines, I have escalated to the dev team.

    Thank you very much, Barbara.

    But Eset is detected from Sandboxies compatibility list and the template is aktivated. So it should be supported.


    Windows 7 x64 with all updates • Sandboxie 5.31.6 x64 • Browser (each with its own sandbox, cleared on exit): Firefox 70 x64, Internet Explorer 11, Pale Moon 26.5.0 x86 • Eset Internet Security 13

  • Hi tec tec, 

    Supported apps are found below:
    How to report problems with Sandboxie

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.