Looking for a fix

I get the below message Ad Nauseum. Looking for a fix to rectify...

msedge.exe attempted to establish a connection relying on an untrusted certificate to wpad. We blocked the connection to keep your data safe since untrusted certificates are issued by unrecognized Certificate Authorities.

Any Help is a Help!

Best Answer

Answers

  • Hello @Flawdaboy and welcome to the Community!

    If you are getting this message, then it's most likely paired with the "Suspicious connection blocked" pop up triggered by the Online Threat Prevention module. If this is correct, head to the article below to find steps on how to tackle this:

    Let us know how it goes.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thanks. It kind of helped. The message seems to be generated when Microsoft Edge goes out to look for something. I never use Microsoft Edge. I only use Firefox. Conversely, when I do go to sites via Firefox that may have certificate issues, that's on me and understandable.

    I guess I want to stop Edge from doing what it's doing without me even being on it. For the record, I have no extensions built into Edge because I don't use it.

  • I started getting this tonight but I'm not even using Microsoft Edge browser. I'm using Firefox and I've had three pop ups in the last 40 minutes.

    --------------------

    Suspicious connection blocked

    one minute ago

    Feature:

    Online Threat Prevention

    msedge.exe attempted to establish a connection relying on an expired certificate to bzib.nelreports.net. We blocked the connection to keep your data safe since websites must renew their certificates with a certification authority to stay current, and outdated security certificates represent a risk.

    Add to exceptions

    -------------------

    Searched for info on Google, got this.

    bzib.nelreports.net is a subdomain of nelreports.net. DNS resolution of bzib.nelreports.net points to 23.195.105.139 with a location in Seattle, Washington US. Parent domain registration belongs to Microsoft Corporation, registered through CSC Corporate Domains, Inc.. The server responds with an SSL certificate issud by Microsoft Corporation to Microsoft Corporation under the common name *.nelreports.net.

    Cloudflare security assessment status for nelreports.net: Safe ✅.

    ---------------------

    I'm just gonna add it to exceptions but it's weird this pop up happens when I don't even have Edge open.

  • I'm having this exact problem today and it is getting annoying, I have 16 notifications so far. It started 4 hours ago and everyone that I know (that have Bitdefender) is having the same problem.

    deff.nelreports.net

    bzib.nelreports.net

  • @Jota @STRATOS55

    Hello.

    You might be a victim of adware, so do the following:

    1) Start your PC in Safe Mode, by following these steps:

    https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

    2) Open the Run command:

    https://www.makeuseof.com/windows-open-run-command-dialog-box/

    and run the below commands one by one:

    temp - delete all the folders/files in the folder

    %temp% - delete all the folders/files in the folder

    prefetch - delete all the folders/files in the folder

    3) Restart your PC in General Mode, by following these steps:

    https://www.techwalla.com/articles/how-to-restart-a-computer-in-normal-mode

    4) Reset your browser:

    Microsoft Edge - https://malwaretips.com/blogs/reset-microsoft-edge/

    5) Run a System Scan with your Bitdefender program.

    6) Restart your PC.

    7) Scan (and disinfect, if needed) your PC with Bitdefender Rescue Environment:

    https://www.bitdefender.com/consumer/support/answer/29132/

    8) Restart your PC.

    9) If the steps provided above didn't help, do the following steps:

    Take screenshot(s) of the issue,

    create a log file on your Windows device using Bitdefender Support Tool, by following these steps:

    https://www.bitdefender.com/consumer/support/answer/1733/

    and

    create a log file on your Windows device using BDsysLog, by following these steps:

    https://www.bitdefender.com/consumer/support/answer/1922/

    Next, contact Bitdefender Consumer Support by e-mail:

    https://www.bitdefender.com/consumer/support/help/

    with short description of the issue.

    After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.

    Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step.

    Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.

    Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.

    NOTE: If any of the log file is larger than 25MB, you can upload the log file here:

    https://upload.bitdefender.net/

    After the upload is done, you will get a notification with the file's URL and then you can share the file's URL with the Bitdefender Consumer Support.

    Regards.

  • Alexandru_BD
    Alexandru_BD admin
    edited November 2023

    Hello @Jota & @STRATOS55,

    This is a known situation that has been reported intensively on the forum in the past days. Below I have shared one of the relevant threads where the reason behind this is explained:

    There are also some instructions that you can follow to address this behavior, but otherwise I think this is something that microsoft needs to sort out..

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Surely to goodness adding it as an exception should stop these popups or what's the point of adding exceptions?

    The site is legit, just lacking a certificate.

  • Hello,

    Microsoft owns the domain, and the SSL certificate recently expired, but there is no danger of malware or harm to the devices. This type of notification is triggered by the Online Threat Prevention module whenever the website you are trying to access doesn't have an SSL certificate (HTTPS) and it's not safe to access, and the alert is also triggered when you try to visit a secured website (HTTPS) with an invalid security certificate and this is what actually happens here.

    I understand that several community members have raised concerns about the certificate issue on Microsoft forums, and most probably they are working on a resolution and will release a fix soon.

    For further information, you can also contact the Microsoft Support Team.

    It has been noticed that adding exceptions for OTP can be an effective way to stop the pop-ups.

    I hope this gets resolved asap.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thanks, but this is not an adware problem, it is a problem of Bitdefender and MS, hoping that they solve it soon, any machine using bitdefender is having this problem at the moment, at least 20 machines I've noticed, meanwhile machines and vm's without bitdefender have no problem, I hope that Bitdefender actual employees and MS solve this problem with certificates soon.

  • @STRATOS55 you are right, this is not an adware problem, as the notification trigger was later revealed. At the time Gjoksi commented, everyone here was trying to figure out what was happening and as soon as we discovered that concerns have been raised by several users regarding this certificate issue on Microsoft forums as well, it became clear it was a problem. The good part is that there is no actual security threat there.

    It’s likely that Microsoft is already working on a solution, and we anticipate a fix to be released in due course. You can track the ongoing discussion and progress on this matter through this link: https://answers.microsoft.com/en-us/microsoftedge/forum/all/what-is-bzibnelreportsnet-and-deffnelreportsnet-in/747c0517-f9d5-4ab6-b11f-cce0defd5f50

    Thank you!

    Premium Security & Bitdefender Endpoint Security Tools user

  • llsutton
    llsutton
    edited December 2023

    Is this the same problem? Getting notices indicating that it is Firefox that is attempting to connect - not EDGE.

    "firefox.exe attempted to establish a connection relying on an unmatching security certificate to mozilla.cloudflare-dns.com. We blocked the connection to keep your data safe since the used certificate was issued for a different web address than the targeted one."

  • Hello @llsutton and thanks for joining us here.

    As the notification explains, this is a different scenario where the certificate in question is not expired, but was issued for a different web address. The feature responsible for the detection is the Encrypted web scan available in the Online Threat Prevention security module. You can find out more information about this detection and possible remediation steps by clicking on the link below:

    Let us know if the issue could be solved and if the notification is still present afterwards.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user