[KB3126] Manage SSL/TLS protocol filtering in ESET Windows applications

Issue

Details

Click to expand

ESET Windows applications automatically check the security of network communications to and from your computer. This functionality is provided by the Network traffic scanner (protocol filtering), which inspects standard network traffic.

SSL/TLS protocol filtering is part of this functionality and enables the inspection of encrypted (HTTPS) communications. Network traffic scanner must be enabled for SSL/TLS protocol filtering to work.

For more information, see Network traffic scanner or SSL/TLS.

Solution

Enable or disable Network traffic scanner

Connection of Network traffic scanner to SSL/TLS protocol filtering

Network traffic scanner provides malware protection for application protocols, integrating multiple advanced malware-scanning techniques. Network traffic scanner automatically scans HTTP(S), POP3(S), and IMAP(S) protocols, regardless of the internet browser or email client.

It is also required for SSL/TLS protocol filtering, which allows ESET Windows applications to inspect SSL/TLS-encrypted connections used to secure HTTPS websites.

Because SSL/TLS protocol filtering is part of Network traffic scanner, it must be enabled for SSL/TLS protocol filtering to work.

Security impact of disabling Network traffic scanner

When Network traffic scanner is disabled, ESET Windows applications do not inspect network communications at the protocol level, including HTTP(S), POP3(S), and IMAP(S) traffic.

This includes both unencrypted traffic (such as HTTP and email protocols) and SSL/TLS-encrypted connections (such as HTTPS websites). As a result, threats delivered through these communications may not be detected at the network level.

Although ESET Windows applications continue to use application-level detection, disabling Network traffic scanner significantly reduces overall protection. For the most secure configuration, keep Network traffic scanner enabled.

  1. Open the main program window of your ESET Windows application.

  2. Press F5 to open Advanced setup.

  3. Click Scans, expand Network traffic scanner and click the toggle next to Enable Network traffic scanner to enable or disable the feature. Click OK.

Exclude an application or IP address from the Network traffic scanner

Connection of Network traffic scanner to SSL/TLS protocol filtering

Excluding an application or IP address from Network traffic scanner prevents its network communications from being inspected by protocol filtering. Because SSL/TLS protocol filtering depends on Network traffic scanner, SSL/TLS-encrypted connections for the excluded communications are not scanned.

  1. Open the main program window of your ESET Windows application.

  2. Press F5 to open Advanced setup.

  3. Click ProtectionsWeb access protection, expand Web access protection and click Edit next to Excluded applications or Excluded IPs (the example below applies to the Excluded applications option).

  4. Click Add.

  5. Click the browse icon (three dots) next to the input field, select an application and click OK.

  6. Click OKOK.

Enable or disable SSL/TLS protocol filtering

Disable and re-enable SSL/TLS protocol filtering to fix connection or certificate issues

In some cases, the root certificate used for SSL/TLS traffic filtering may not be properly installed during the installation of ESET Windows applications for Windows.

This can result in issues such as HTTPS websites failing to load, SSL-secured websites being inaccessible, or browser errors like "Connection is untrusted" or "sec_error_reused_issuer_and_serial".

Disabling and then re-enabling SSL/TLS protocol filtering often resolves the issue by triggering the correct import and registration of the root certificate.

Security impact of disabling SSL/TLS protocol filtering

When SSL/TLS protocol filtering is disabled, ESET Windows applications do not inspect SSL/TLS-encrypted connections, such as secure HTTPS websites and services. As a result, threats delivered through encrypted communications may not be detected at the network level.

  1. Open the main program window of your ESET Windows application.

  2. Press F5 to open Advanced setup.

  3. Click Protections, expand SSL/TLS and click the toggle next to Enable SSL/TLS to enable or disable the feature. Click OK.

Remove an SSL/TLS certificate

  1. Open the main program window of your ESET Windows application.

  2. Press F5 to open Advanced setup.

  3. Click Protections, expand SSL/TLS and click Edit next to Certificate rules.

  4. Select a certificate and click Delete. Click OKOK.

Change SSL/TLS protocol filtering mode

For more information, see SSL/TLS.

  1. Open the main program window of your ESET Windows application.

  2. Press F5 to open Advanced setup.

  3. Click Protections, expand SSL/TLS and select a mode from the SSL/TLS mode drop-down menu. Click OK.

Change SSL/TLS application scan rules

For more information, see Application scan rules.

  1. Open the main program window of your ESET Windows application.

  2. Press F5 to open Advanced setup.

  3. Click Protections, expand SSL/TLS and click Edit next to Application scan rules.

  4. Click Add. Click the browse icon (three dots) next to the Application field and select an application. Next to Scan action, select the scan action for the application and click OKOK.

  5. Click OK.

Last Updated: May 19, 2026

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?