Web content control - Secure Connection Failed

hyvokar
hyvokar W/ Alumni Posts: 165 Junior Protector

Hi,

 

As I wrote earlier, we have problems with tons of false positives on web content control.


When you are using IE, you get a decent and clear message, 

Blocked

Web site blocked
https://www.certest.es

This web site contains restricted content.
Access to this type of content has been blocked.

Adult content

 

 

However, if you are using Firefox or Chrome, you will get something totally different...

Firefox:

Secure Connection Failed

An error occurred during a connection to www.certest.es. Peer received a valid certificate, but access was denied. Error code: SSL_ERROR_ACCESS_DENIED_ALERT

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

 

 

Chrome:

This site can’t provide a secure connection

www.certest.es sent an invalid response.

 

  • Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
 
 
 
This is HIGHLY confusing. Why cant we get same error message in Chrome and Firefox that we get in IE ?

 

Comments

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Hi,

     

    Thank you for your reply.

     

    Is there a way to force these extensions enabled from policy manager, or is this something users need to do themselves?

    It seems that the extensions is disabled atleast on Chrome

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    The user need to enable it. The reason in short is that browsers are preventing automatic installation of extensions in order to protect user from getting unwanted extensions.

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Unfortunately, I dont think all my users can turn it on, even if properly instructed.


    I'll try to force it on via group policy, following these instructions :

    http://dennisspan.com/deploying-google-chrome-extensions-using-group-policy/

     

    One question, does the extension ID stay the same, when FSCSpr is updated/upgraded?

     

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Extension ID always stays the same.

     

    Best regards,

    Vad

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Thanks Vad, I'll get to work then! Smiley Happy

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Dear Vad,

     

    > The reason in short is that browsers are preventing automatic installation of extensions in order to protect user from getting unwanted extensions.

     

    F-Secure could maybe perform the install action during Windows boot-up time, when browsers are not yet running and protecting themselves?

     

    Best regards: Tamas Feher, Hungary.

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello Tamas,

     

    I will discuss this option with developers.

     

    Best regards,

    Vad

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    afaik, it's just a registry setting, but then again, I know nothing about browsers and how they work (or doesnt work...) . 

     

    Anyways, made a group policy with chrome admx templates and it seems to be working, browsing protection is now forced enabled on chrome. Need to check out firefox next. 

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]
    "1"="jmjjnhpacphpjmnnlnccpfmhkcloaade;https://clients2.google.com/service/update2/crx"
  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    What is the f-secure browsing protection addon ID for mozilla firefox?

     

    E: dug up this 5a0d4f7a-beaa-455c-883c-9449cee46199 from the depths of fireforx, is this correct? 

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Hi!
    Just found out that browsing protection cannot be enabled using group policy for 'standard' firefox, but you should use firefox ESR. Is the browsing protection supported in Firefox ESR, 32 and 64bit?

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello hyvokar,

     

    Yes, it is supported.

     

    Best regards,

    Vad

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Still need the Extension ID for F-secure Browsing protection for firefox.

  • hyvokar
    hyvokar W/ Alumni Posts: 165 Junior Protector

    Still need the extension ID

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello hyvokar,

     

    Sorry for the delay.

    There’s a ID in registry. Go to LOCAL_MACHINE “SOFTWARE\\Mozilla\\Firefox\\Extensions”. There will be a value ols@f-secure.com if the extension is installed.

     

    Best regards,

    Vad

This discussion has been closed.