Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conflicts involving avast's web/mail shield certificates and firefox


  • Please log in to reply
16 replies to this topic

#1 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:40 AM

Posted 13 May 2015 - 07:15 PM

I recently had to restore from a system image (full restore of C:\ drive where my program and system files are kept, no changes to D:\ so my personal files weren't reset, and probably some temp files and preferences weren't either) and after doing so, and then reinstalling avast onto this system image (the image was made at a time when I had a different antivirus) I encountered a problem with firefox which seems to be something to do with conflicts with it and avast.


Immediately after the system imaging firefox worked fine, and immediately after avast's installation avast worked fine too. The I updated both of them to the latest state, restarted and logged back on. This time when I opened avast to go to google I got a warning about a certificate on google's page being unrecognised (Unfortunately I can't remember the exact wording), But I was able to follow some of the options on the dialogue brought up by firefox and see a certificate related to avast was causing the issues. I tested by temporarily disbaling avast's web and mail shields and opening firefox again, that time it went to google.co.uk without issues. I turned the web and mail shields of avast back on and I got the same certificate problem again.

Eventually I used the "I know the risks button" in firefox and created an exception, which I think might not have been the best way to solve this. Because I still had problems loading other https pages (for exmaple the links to google plus or gmail from the google home page). I am now rather confused as to what settings my browser has for certificates, and think they are probably the wrong ones, although at present google is able to load. I also did something involing removing some certificates from "firefox sandwich button"-->options-->advanced-->view certificates, I don't know if this helped or made things worse, I can't remember precisely what I did.

I haven't installed avast's browser cleanup tool, so it can't be responsible, I have disabled avast's plugin in both FF and chrome so it isn't the problem, And this issue hasn't occured in chrome at all, just FF.

So my current situation is that firefox seems to be loading pages again, chrome was never affected, avast currently has those shields turned on, no avast plugins have been active in the browsers or are currently active. But I think my certificate list might be in quite a mess.

Firstly, can anyone explain the precise causes of what happened here?

Secondly, please can someone tell me how to get my certifcate settings back to what they should be? I want them back to what firefox should have, I don't know if these are the same certificates as can be controlled through the option which is brought up when searching for "certificate" in control panel. I don't know if avast added one, or took one away or something, and whether this is thr right configuration to have. I also don't know quite why only firefox was affected and not chrome (I didn't test IE, I never open it). I would like to set firefox's (and perhaps the whole computer's) certificates back to the normal setting, but don't want to have to do a system image again to run the whole computer back, and don't want to reset firefox in a way that will wipe out all my extensions and all my settings, I just want to reset my certificates, I don't think there is anything wrong with any of my other settings in firefox. If I had to reset (or uninstall and reinstall) firefox entirely that would be difficult as it might take quite a while to return all my settings to the way I like them (settings like: which plugins are enabled/disabled, what happens to different file types when I download them, which buttons are and aren't on the various bars within firefox...) and reinstall extensions and everything. I would hope there was a way to just set the certificates (and anything that is directly linked and follows on from them) back to defaults. Does anyone know how, all I could find on google was stuff about full resets of all settings and extensions. Also If I reset the certificates how will I know when they are correctly reset and how will I know none have stayed in place which shouldn't be, how can I check?

Thirdly: if this ever happens again what should I do? I don't think i followed the best route this time, I was tired and had never seen this kind of certificate security warning before. With the outcome of both having firefox work properly and having avast's web shield (mail shield would be helpful also but I'm not sure if it's relevant to me, I do all my mail through gmail accessed through either browser)running. What needs to be done?

Apologies for the probable repetition of certain things in the post above, it's late where I am and I've just spent ages struggling with a series of dodgy windows updates, then full failure of windows update itself, then a system image, then reinstalling things and then this happened. The windows updates issues aren't a matter for this thread, I think I fixed them by going back to a system image but I've still got to go through the list again and try and install all those I can, trying to work out which caused the issues so which not to try installing this time.

Thank You

Edited by rp88, 13 May 2015 - 07:17 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:40 PM

Posted 13 May 2015 - 07:37 PM

It's a known issue with avast! from my experience, take a look.

https://support.mozilla.org/fr/questions/981937
https://forum.avast.com/index.php?topic=161376.0
http://kb.mozillazine.org/SSL_Security_Error
https://support.mozilla.org/fr/questions/1032509

I think the instructions you are looking for are in the first link.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 13 May 2015 - 07:43 PM

Although this topic is for Chrome, a user with Firefox and similar issue as you are experiencing was referred to the steps provided by lukor. Since this has happened before, it may need to be reported again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:40 AM

Posted 13 May 2015 - 08:21 PM

Quietman post #3:

Regarding the post you linked to
1) my date and time is correct, it wasn't immediately after the reimage due to daylight saving time here in the UK, but I had already updated my time via control panel before this issue started.
2)Should I do that, it will take a while? Would it actually fix anything wrong with firefox's own list of certificates though?
3)
i)Under "Trusted Root Certificate Authorities \ Certificates" in the "certlm" "manage computer certificates" MMC window opened by searching the term "certificate" I control panel I have "avast! Web/Mail Shield Root" listed, expiring on 11/05/2025.
Also in the certlm MMC windows I notice a two whole "folders" of things named "avast! Mail Scanner Trusted" and "avast! SSL Scanner Cache" listed.
ii)Would this help me in my situation?

Can I post a brief list of things found in both my "certlm" list and in firefox's list and can you see if anything in either of them looks like it shouldn't be there? I'm concerned than in my making the exception when I tried to visit google other things might have got themselves onto the certificate list.




Aura post#2
Thanks, but I found some of those a bit confusing. They are helpful but they still leave me unsure as to whether my certificates (both in the browser and across the rest of the system) are in the right state now or not.



I do notice that most https pages I am visiting are saying "Verified by avast! Web/Mail Shield" when I click on the padlock icon, in firefox atleast. In chrome there is a mention of avast in the drop down which can be shown by clicking the padlock icon, though there are quite a lot of other details there as well.
I'll be back tomorrow, it's really late here now.

Edited by rp88, 13 May 2015 - 08:23 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:40 AM

Posted 14 May 2015 - 01:21 PM

Ok, I've logged on again today. I haven't hit a certificate issue yet while browsing in firefox but still think my settings with cetificates might not be as they ought. Can I post lists of the ones in firefox (and on the compuer as a whole) here, would people be able to recognise which should and shouldn't be there? Thank You
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:40 PM

Posted 14 May 2015 - 02:26 PM

I know there's a page on Microsoft Support website which list the certificates that should be in the Root Certificate store. I'm sure that if you Google the ones from Firefox, you'll find them as well. I can try to find the Microsoft Support page.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:40 AM

Posted 14 May 2015 - 03:29 PM

Please do try and find that page. I assume it lists all the ones microsoft puts in as defaults, and anything not on it has either been added by a program or shouldn't be there. There are quite a lot in the firefox list, it would take rather a while to google them all.

Thanks

Edited by rp88, 14 May 2015 - 03:29 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 14 May 2015 - 06:00 PM

Google Searches

Microsoft Root Certificate Program list
Microsoft Root Certificate links
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:40 PM

Posted 14 May 2015 - 06:02 PM

The one I found was the first link from the second search provided by quietman.

https://support.microsoft.com/en-us/kb/293781

There will also be other certificates there depending on the programs you have installed on your system. Like Digicerts ones.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 14 May 2015 - 06:25 PM

Manage Trusted Root Certificates in Windows
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:40 AM

Posted 15 May 2015 - 03:08 PM

This is what I've managed to find:


Firefox has the following list:

in the "Servers" tab(NOTE:each of these has sub-things listed below it, these are the "category" names)
DigiNotar
DigiNotar B.V.
Entrust.net
Equifax Secure Inc
GTE Corporation
The USERTRUST Network

in the "Authorities" tab(NOTE:each of these has sub-things listed below it, these are the "category" names)
© 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
A-Trust Ges. f. Sicherheitssysteme im elektr, Datenverkehr GmbH
AC Camerfirma S.A.
AC Camerfirma SA CIF A82743297
ACCV
Actalis S.p.A./03358520967
AddTrust AB
AffirmTrust
Agencia Catalana de Certificacio (NIF Q-0801176-I)
AS Sertifitseerimiskeskus
Atos
Autoridad de Certificacion Firmaprofesional CIF A62634068
avast! Web/Mail Shield
Baltimore
Buypass AS-983163327
Certinomis
Certplus
certSIGN
Chine Internet Network Information Center
Chunghwa Telecom Co., Ltd
CNNIC
COMODO CA Limited
ComSign
Cybertrust, Inc
D-TRUST Root Class 3 CA 2 EV 2009
Deutsche Telekom AG
Deutscher Sparkassen Verlag GmbH
Dhimyotis
DigiCert Inc
Digital Signature Trust
Digital Signature Trust Co.
Dissg a.s.
E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.
EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.
EDICOM
Elektronik Bilgi Guvenligi A.S.
Entrust, Inc.
Entrust.net
Equifax
Equifax Secure Inc.
Generalitat Valenciana
GeoTrust Inc.
GlobalSign
GlobalSign nv-sa
GoDaddy.com, Inc.
Government Root Certification Authority
Hellenic Academic and Research Institutions Cert.Authority
Hongkong Post
IZENPE S.A.
Japan Certification Services, Inc.
Japanese Government
Microsec Ltd.
Netlock Halozatbiztonsagi Kft.
Netlock Kft.
Network Solutions L.L.C.
PM/SGDN
QuoVadis Limited
RSA Security Inc
SECOM Trust Systems CO.,LTD.
SECOM Trust.net
SecureTrust Corporation
SG TRUST SERVICES
Sistema Nacional de Certificacion Electronica
Sociedad Cameral de Certificación Digital -Certicámara S.A.
Sonera
Staat der Nederlanden
Starfield Technologies, Inc.
StartCom Ltd.
Swisscom
SwissSign AG
T-Systems Enterprise Services GmbH
Taiwan-CA
TC TrustCenter GmbH
TeliaSonera
thawte, Inc.
The Go Daddy Group, Inc.
The USERTRUST Network
Trustis Limited
Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK
TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. © Aralık 2007
TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. © Kasım 2005
Unizeto Sp. z o.o.
Unizeto Technologies S.A.
VeriSign, Inc.
VISA
Wells Farge WellsSecure
WISeKey
WoSign CA Limited
XRamp Sceurity Services Inc


Then within windows's certifcate list under control panel I find:
The "folder" called "Trusted Root Certification Authorities" containing:

AddTrust External CA Root
avast! Web/Mail Shield Root
Baltimore CyberTrust Root
Class 3 Public Primary Certification Authority
Copyright © 1997 Microsoft Corp.
DigiCert Assured ID Root CA
DigiCert Global Root CA
DigiCert High Assurance EV Root CA
Entrust Root Certification Authority
Equifax Secure Certificate Authority
GeoTrust Global CA
GlobalSign Root CA
Go Daddy Class 2 Certification Authority
GTE CyberTrust Global Root
Microsoft Authenticode™ Root Authority
Microsoft Root Authority
Microsoft Root Certificate Authority
Microsoft Root Certificate Authority 2010
Microsoft Root Certificate Authority 2011
NO LIABILITY ACCEPTED, ©97 VeriSign, Inc.
Thawte Premium Server CA
Thawte Timestamping CA
UTN - DATACorp SGC
UTN-USERFirst-Object
VeriSign Class 3 Public Primary Certification Authority - G5
VeriSign Commercial Software Publishers CA



I alos find a "folder" listed in the same list as the "Trusted Root Certification Authorities" "folder" called "avast! SSL Scanner Cache"
This seems to be full of the names of websites, that is https websites I've been to in the last few days. Both sites I've visited(example *.bbc.co.uk), sites which have loaded content onto pages I have been to (example *.gravatar.com) and sites I have blocked with NoScript (example *.g.doubleclick.net) have been listed here.


Any thoughts as to whether what I am seeing here is alright, or whether there are things there which should not be?
Thank You.

Edited by rp88, 15 May 2015 - 03:08 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:40 PM

Posted 15 May 2015 - 03:26 PM

I know there was a utility (on WildersSecurity forum I think) that would check all the certificates you have on your system, and warn you about the "bad ones". I can try to find the thread where it was posted, make you run that utility and if no malicious ones are detected, then at least you'll know that on this side, you're clean.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:40 AM

Posted 15 May 2015 - 03:31 PM

It's here.

You're welcome :P

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:40 PM

Posted 15 May 2015 - 03:32 PM

Thank you Alexstrasza :) I knew I saw it being posted around the time where SuperFish was discovered.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:40 AM

Posted 15 May 2015 - 03:52 PM

I posted a list above, do they all look correct?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users