HTTPS web scanner

[G-Stress]

Guys, lately been running into alot of issues when troubleshooting a customer's pc for connectivity and discovering their just not able to access any https sites. The issue all falls back to their installed AV/Firewall protection. I've searched throughout their protection and allowed outgoing https traffic even tried incomming https traffic and still no access.

On occasion their AV software might be disabled and my config options are limited so I just uninstall and that takes care of it. My ? is... is there a site I can access online that will tell me if traffic is allowed outgoing or incoming? The only other thing I can think of is pocket nmap;)

[digip]

Sure it's not some other settings in their pc? Like disabled in XP services or unselected in their browser settings to not allo wanything lower than a certain level os SSL? I know if you visit a site that only uses something like SSL3 or TLS and you have it disabled in the browser then you can't connect to the sites. Try it in your own browser to see what I mean. I use Opera and if I uncheck all of the security protocols, I get a timeout when trying to conenct to any https site.

Sorry I am not much help on this, but I never ran into this issue before myself and can only guess its something they did somehow to disable it, possibly accidently...

[Sparda]

Firefox does this?

[VaKo]

What AV and firewall are they using?

[G-Stress]

@ digip,

I can't remember exactly, but I think I did check all the security settings in the browser and set them to lowest to highest even restored defaults. Not sure if I messed with any SSL settings.

I just think it's weird that when I removed their AV security it worked just fine. They were using Norton Internet Security '07 I believe.

@ Sparda,

Yes it does it in FF and IE. Haven't tried any other browser yet, but it does do it in both of those.

@Vako,

I've seen it so far with different versions of Norton, Mcaffee and I think AVG or Kaspersky was the last one I ran into that issue.

[VaKo]

443 is probally blocked outband, no idea why it would be, but that would seem to be it. Sure its not a PEBKAC error? Does it come back when you reinstall?

[G-Stress]

@ Vako,

Not exactly sure what "PEBKAC" is. I haven't tried re-installing the AV software as it was a customer's I was working on and their subscription expired. I told they might want to purchase AV protection from a different vendor.

Yea it seems as if 443 is blocked and it blows my mind why or how. That's why I was curious if there was some sort of web app I could goto/use that might scan the machine and tell me if incoming/outgoing traffic is allowed on what ports.

My only other thought in mind is to take some sort of pocket scanner and scan the machine myself.

[digip]

PEBKAC - Problem Exists Between Keyboard and Chair

Anyway, the antivirus may actually be doing its job if they have it set to block invalid or expired certificates. Most people just click ok in their browser when they go to a page with https and they get a promt about the certificate info being different than for the site they are visiting or expired, etc. This might be the issue, but again, not really sure about that. Most browsers give you the chance to cancel when getting th promt about invalid certificates, but maybe Norton just kills it without giving you the chance to decide to accept the certificate.

Also, like Vako said, they might have blocked commonly used ports like 443.

[G-Stress]

LOL @ PEBKAC,

Yea I didn't even think anything of certificates and that is a possibility I guess. Although I believe somehow the port is just blocked. I may just end up installing Norton and then maybe mcaffee on one of my machines and do a little testing and see if I did somehow miss something.

[digip]

443 is probally blocked outband, no idea why it would be, but that would seem to be it. Sure its not a PEBKAC error? Does it come back when you reinstall?

You know, there is always that ID 10 T error to look our for as well, but I think Norton and McAffee suck anyway, so what do I know...