Your Connection is not Secure Re: Support Tool log

Contacted chat with this problem and was asked among other things to run the support tool log and send that along. Turns out that log is 350MB plus COMPRESSED! What the is in there that they need and how much personal info does it contain? I already answered questions about the particulars of my system. No other AV is running.

----------------

Win 10 Pro. Bitdefender 2018 Total Security .I use Chrome almost exclusively as my browser of choice. No problems. Occasionally I will fire up IE. No problems. A couple of months ago I downloaded FIrefox Portable ESR.

https://portableapps.com/apps/internet/firefox-portable-esr

No problems until the other day when I fired it up and got the message "Your Connection is not Secure." I am assuming that you can access outside links. Please go here:

https://support.mozilla.org/en-US/kb/troubleshoot-SEC_ERROR_UNKNOWN_ISSUER

I was able to resolve the issue by following the fix for Bitdefender 2015,2016 from the above link:

Bitdefender

In Bitdefender security products you can disable the interception of secure connections:

Open the dashboard of your Bitdefender application.

For the 2016 version of the Bitdefender security product, click on Modules.

For the 2015 version of Bitdefender, click on Protection.

Click on Web Protection.

Toggle off the Scan SSL setting.

I was not sure if it was safe to keep Chrome open if I toggled off the SSL setting with Chrome open so I closed it. Fired up Bitdefender and toggled that off and then opened portable FIrefox and Firefox was fine. Toggled the SSL setting back on and Firefox would not work so it was definitely the problem.

So my question is when I use Firefox instead of Chrome what does toggling off the SSL setting in Bitdefender do? I know it has something to do with verification of certificates but is it safe to browse with it toggled off? Should I always close Chrome if I toggle off that setting in Bitdefender? Is it safe to use Firefox with that SSL setting toggled off? Thank you.

Find more posts tagged with

Comments

Sergiu C.

Hello,

When the support tool is larger than ~15 MB it is typically because you have files quarantined or there are crash dumps for some Bitdefender executables. Most of what is gathered represents information on Bitdefender (settings files, event logs etc) as well as some information on your computer (specs, apps installed, information on services and drivers, windows events).

Regarding the issue, it is likely that the Bitdefender certificate is not installed in Firefox portable, and you can install it by following these steps:

- open Firefox

- click the menu button from the upper right corner then click Options

- go to Advanced > Certificates

- click View Certificates

- click Import then navigate to C:\Program Files\Bitdefender\Bitdefender Security\mitm_cache

- select fake-ca.crt then click Open and finally OK.

I verified these steps for version 52.8 of Firefox which is what was installed when I tried your link. The location of this menu was changed in the last version of the "non-portable" Firefox.

The purpose of this certificate is to allow Bitdefender to scan "https" websites. Many are of course already secure (e.g google.com ), but we have seen malicious websites which have valid security certificates. It's also needed for other features such as Search Advisor or Safepay.

phaedruspress

Thanks for the info. I will give this a try later tonight or tomorrow.

You say:"Most of what is gathered represents information on Bitdefender (settings files, event logs etc) as well as some information on your computer (specs, apps installed, information on services and drivers, windows events)

Does this imply that that support tool is gathering inadvertent or otherwise personal information as well? Thank you.

Sergiu C.

Well, I suppose this depends on what you consider personal information. As I mentioned it does let us know what applications are installed on the computer, and some may consider that personal information.

Bitdefender scan logs may contain some personal information as well, since malware can infect files you may consider personal, and the names and locations of these files would be in the scan log, as an example.

phaedruspress

>Well, I suppose this depends on what you consider personal information.

OK. I'll try what you suggested tonight or tomorrow. Should this not work and if I decide to go ahead and send that 350MB support tool log I guess what I am asking is is there any need for me to be concerned whatsoever how that information is going to be used other then for troubleshooting. Does the log containing the applications also contain the serial numbers?

>Bitdefender scan logs may contain some personal information as well

See. I am a bit confused by that statement in regards to personal information other then say what you already mentioned regarding applications installed.

I don't suppose that there is some kind of generic support tool log that you have available to look at that shows exactly what is collected? That would certainly help so that I could look at what kind of "personal information" is collected.

Thanks for the quick response.

Sergiu C.

No, we just get a list of applications, not files from those applications, so we could not extract that kind of data.

Regarding my example with the scan log, we can see what malicious files Bitdefender detects (their names and locations) and these location/file names are what I referred to as being "personal"

10 minutes ago, phaedruspress said:

I don't suppose that there is some kind of generic support tool log that you have available to look at that shows exactly what is collected? That would certainly help so that I could look at what kind of "personal information" is collected.

You could look at your own logs I assume? For the .xml files that are part of the archive I'd recommend opening them with Notepad++ .

In any case the steps I've given above should resolve the issue and we would not need any logs then.

phaedruspress

>Regarding the issue, it is likely that the Bitdefender certificate is not installed in Firefox portable, and you can install it by following these steps

Thanks so much that worked just as you said it would. One quick question if you do not mind. When I got to the end of your instructions I was not sure which if any of the "edit trust settings I needed to check" before clicking OK. See picture one. So I didn't choose any and just clicked OK. Well that did not work so I went back and clicked all three (See picture 2) and that did work and Firefox portable opened just fine. So do I need to tick off all three trust settings to make Firefox work or do I actually need all three ticked. I suppose I could do trial and error but I thought that I would ask you first. Last question I believe I mentioned in my original post that when i first fired up this same edition of Firefox portable a couple of months ago it worked just fine. So did something change along the way and update to Bitdefender that now required the certificate to be imported or was the certificate you think just lost somewhere along the way. Just curious. In any event thanks so much for your help.

Sergiu C.

It would be best to enable all 3 options, I should have mentioned that in the steps. My apologies.

The base process hasn't changed recently, you needed the certificate before as well, to be able to load pages while Scan SSL was enabled. I'm not sure when it would have been removed, perhaps during an update (while the base process is the same we have released updates for this feature).