UTM 9 and NOD32

Do you use https decryption?

Best regards

Alex

Hi Alex,

I use "URL filtering" only.

Most likely, you have two problems:

1. Your configuration is too strict, and this URL is generating a block or warn page from UTM.
2. You have not distributed the UTM CA root certificate to your client devices, so the block or warn page does not have a trusted certificate chain.

For a block or warn page to display at all, UTM has to impersonate the remote server.    If the user navigates to example.com, but the browser gets a reply from utm.mycompany.local, it will ignore the reply.     So UTM replies as if it is example.com.   

In http mode, this is easy because there is no way for the browser to check identity.   

In https mode, the secure session has to be established before the reply can be sent, and the session requires proving identity with a certificate chain.   So to send the page stating that example.com is being blocked, UTM uses its certificate authority to generate a certificate to prove that it has the right to claim to be example.com.   This certificate is only trustworthy if you have installed the UTM CA certificate to say that your device can trust anything that UTM says.

Consequently, the antivirus software is doing what you asked it to do.   If it was not generating the certificate warning, the browsers would do it instead.

At Web Protection|Filtering Options|HTTPS CAs, I generate the cert and download it. After install the cert at my computer, it still prompt many warning in yahoo web page.

I don't know how to solve it, please help.

Hi Perry,

as so often Douglas was faster with his detailed explanations.
But he was right, as long as the certificate had not yet been installed.
Which messages do you get for the Yahoo page? I just opened it and don't get any error messages.

Best
Alex

Hi Alex,

Can I use "Web Protection | Filtering Options | HTTPS CAs" Cert to fix this problem?

Following image is the warning from yahoo. Some warning show more than 1 time.

Unfortunately , I add the host name to the block list. I still receiving the warning.

Unfortunately, I don't have that knowledge for ESET. But what is the point of this concept anyway? You scan the web traffic with the UTM or with ESET or with both?
I suppose the warnings will disappear if you do the following: Disable SSL protocol scanning - support.eset.com/.../
Do the warnings only occur if the computer is behind the UTM?

Have you checked the logs to see what UTM is allowing and blocking?   I suspect you still have a problem thete.

Have you bypassef the warning so that you can see what triggered the warning?   Check tje certificste chain on the displayed oage.

Have you verified that all of the devices involved have correct time of day?   Maybe it thinks a certificate is invalid because if a clock problem.

Otherwise, you need to do something to make ESET trust the UTM CA certificate.   Maybe it is doing certificate pinning checks.   Whatever the reason, you need to ask ESET support,  now that you hopefully understand whst UTM is doing.

We have a few PCs that have ESET provided as part of a hardware and software bundle, but I have never had to any problems with it in my configuration, so I do not know the ptoduct.