Hello
The update from Edge for Chromium and from Windows Update has not worked for about 1 month without temporarily deactivating the eblocker ...!!
Raspberry Pi 4 4 GB RAM
HTTPS switched on
otherwise no problems ..
Salat44
You probably need to grant MS trusted app status:
Just add Microsoft/Windows as Trusted App under Settings/https. See screenshot (here for spotify, replace the search term for „micro“):
Please me know if it worked.
THX!
Hello
Made the settings. Unfortunately without success.
Look at the pictures.
If I deactivate the eblocker for a short time, I can do the update.
salat44
I'm on windows 10 (latest release) and can not confirm any issues with microsoft updates, if the MS Trusted App is enabled. I guess, it must be something "special" to your environment.
Have you added additional blocking lists (next to the eBlocker standard list) or made other changes to eBlocker?
If the problem persists, try to record the SSL-domains to put them on a temporary Trusted App list and share your findings here (see https://eblocker.org/docs/eblocker-https-diagnostics/ )
Good luck.
I can confirm this trouble. Have problems with Windows (10) Update since roughly 2 months - not all updates blocked but some. No rule detected behind. The only solution is to deactivate eBlocker. All computers in the network with same effect.
Trusted Apps "Microsoft IP Addresses" and "Windows (Updates, Store, XBox, Live, Office 365, Outlook)" are activated. Additionally some other MS-adresses activated (was necessary some years ago and now still active).
Manuell search without success.
@user-js @satat44 Very strange. I‘m also on Win10 Pro and have no issues updating. 🤔
In a few weeks we hope to release the Personal Device Firewall which should yield to more transparency and control over the blocking process.
To start investigation of what‘s going on before the release could you please
- share the domains (or a screenshot) of the https-recording when triggering the update
- share the Dashboard statistics of blocked domains (both: trackers & ads tab) of the windows device after resetting the stats (also after triggering the update)
THX!
Even if this might not help to solve your issues @user-js @satat44 - here is my Windows10 update log:
My eBlocker runs in Expert Network Mode (fixed IP, serving as DHCP server), eBlocker certificate is installed in Win10 as well as Firefox. Trusted Apps "Skype" and "Microsoft Updates" are enabled - but nothing special otherwise. I run Windows 10 Pro, 64-bit on a Surface 4.
Just an idea: Have you installed the eBlocker certificate into Windows correctly? You can check this best in MS Edge and run the eBlocker Function Test in the Dashboard. Needs to look like this:
If it doesn't please follow the setup instructions closely (selecting the correct certificate storage is important for instance): https://eblocker.org/docs/how-to-add-the-eblocker-certificate-in-windows/
Hope this helps. Pls let me know...
Hello The certificate seems ok to be. Advertising is blocked and I have no other problems, except with the Windows updates and Edge for Chromium updates.
I will try to use the HTTPS diagnosis to record the addresses visited by Windows Update, etc. I only installed the standard on the blockers .. And otherwise I'll wait for the firewall ..
salat44
Update was working properly for years. No issue with the certificate. Something changed 2 months ago.
Update does not really fail - it simply does not download/stops at 0%
There are several suspicious domains under "trackers" but if I add those domains to the list of allowed domains it does not help.
Manuell search gives no results. All domains are not activated for blocking.
domais under "Tracker" after reset:
if I add those domains to the list of allowed domains it does not help
I can only suspect the issue is related to HTTPS certificate pinning (which is very common for updates). Adding the domains to the Allowed Domains (in Dashboard) has no influence on the HTTPS handschake. You need to define a Trusted App (seetings/https/trusted apps tab) to add exceptions for HTTPS (cert pinning) and I‘d recommend to add all microsoft.com domains only.
THX!
"You need to define a Trusted App"
This is what I did but without success.
We have discussed this issue in today‘s eBlocker supporter meeting. All members using Windows are not experiencing update issues at all. Very strange 🤔
@random I wonder why crl.microsoft.com is showing up as being blocked as this is very probably the Certificate Revocation List, which should not be blocked…
@user-js please make sure no other blocking list is enabled but the standard eBlocker lists. I believe some overblocking is taking place due to „accidentally“ added lists. Please double check all pattern lists (ads & trackers) under Settings>Blocker… to make sure.
I have no own lists. Just the standard lists are activated.
The only thing which is changed by me (from time to time) is the list of trusted apps.
Hi,
testet on my Test PC Windows 10 Pro 20H2.
EDGE Update working 👍
Windows Update working 👍
Import certifikate to certifikate-store Current User and Local Machine (Tristed Root Certificate Authorities), shown in the help.
Trusted Apps "Windows Updates"
thats all...
regards
PIO78
Dear PIO78,
no doubt that the updates are working for the most of us. Unfortunately for at least two user it is not as easy as described by you.
You can read above that there is no issue with the certificate. Everything works fine, except the W10 update and Edge (did not regognize this before but have the same problem).
Somebody should focus on the last 8 weeks to check what changed with the eblocker during this time, to find the reason. I do nothing with the eBlocker - just keep it running.
It is not a big problem to deactivate eblocker once per month, but sooner or later this will become annoying.
It is an side issue that I have repeating DHCP trouble for W10 devices with the eBlocker, caused by fixed IP adresses for all devices in the network (defined by the router based on MAC). I gave up to follow up years ago. No idea if this might be interconnected with the new update issue.
Somebody should focus on the last 8 weeks to check what changed with the eblocker during this time, to find the reason.
eBlockerOS has not changed in the past 8 weeks. So I guess you need to correct your suggestion to „what has changed with Microsoft“ as I rather feel some change on their update mechanism is causing this.
I’d love to investigate this further but as @benne pointed out: No one in the team can confirm the issue. For us it‘s practically impossible to diagnose a problem we can not reproduce.
So unless someone who can reproduce the issue posts the https-recording (as I suggested above) we are stuck here. Again: the MS domains that show up in your report are not normal with eBlocker but must be something specific to your setup/config…
If you feel like solving this, I‘m happy to support. Please start by providing the infos from the README and the HTTPs recording and we take it from there…
THX!
It is an side issue that I have repeating DHCP trouble for W10
Please open a new thread not to get mixed up here and describe the issue more in detail. As there is no know issue with DHCP, I'm confident we can fix this together 😉
THX!
Hello So I tried out whether the error comes from https or from a blocker module. Did the blocker analysis and lo and behold a file transfer was blocked. So I deactivated / activated the blockers step by step. And now I've found the blocker, which is obviously causing the problem. Unfortunately, I can't change anything about this blocker module here.
@user-js Can someone confirm the whole thing like that?
Salat44
I've found the blocker, which is obviously causing the problem
I‘m not clear what you say🤔
Do you mean „If I disable the DuckDuckGo Tracker list, then the Windows update works“?
THX!
Hi
Yes that's exactly what I say. Look at the pictures. The first shows the analysis of the blocked pages. The result is clear or not .. The files from the Edge update are blocked I simply deactivated blocker for blocker and kept checking whether the update from the Edge was now possible. And it is precisely the DuckDuckGo Tracker that prevents this update when the files are downloaded. So what should I do now? I can't change this blocker ... Something seems to be wrong there. But maybe the user can @ user-js also confirm this.
Salat44
@satat44 Buddy, the DDG filters are NOT enabled by default!
When we asked „are you using additional filters“ next to the default, your answer was „No“ - but it should have been „Yes, I‘ve enabled DDG some time ago“… ☹️🤨 (same with @user-js )
First of all I recommend reading the blog post regarding the introduction of the DuckDuckGo Filters: https://eblocker.org/en/magazine/eblockeros-2-6-all-new-features-at-a-glance/#ddg
BTW: In most IT cases it‘s valuable to understand the implication of setting changes first, rather than switching „everything“ on, and then start complaining „check what you have changed in the past 8 weeks“. In these cases the problem’s cause rather sits in front of your screen. 🤓
In the blog article it reads (bold from article).
„We recommend activating DuckDuckGo Blocker only to users who have particularly high requirements for tracker protection“
and
“Therefore, with the DuckDuckGo Blocker, some websites will not work at all or only to a limited extent.“
So from my perspective everything works exactly as described!
My recommendation: Just stick with the standard eBlocker list (the ONE that is enabled by default), then everything will work fine and you are covered well. This list is eBlocker curated and a good balance between convenience (=most things work) and protection.
And if you have „high requirements for tracker protection“, keep the DDG filters switched on and expect more things to break. This is expected and will not be changed on purpose (for the sake of protection).
THX!
Hello
Why the DDG filter was switched on is a mystery to me, because I've never done anything on these blocker modules, so I was of the opinion that everything is set to standard here. Anyway, I'll just disable that. But it's a bit strange that until 1 month ago everything worked with the DDG switched on. I wonder how the quality of this DDG is ...
But maybe you can simulate the whole thing and see if that's really the case and pass it on to the DDG makers.
For me the whole thing is ok I hope to have helped you a bit with the problem, because probably others have also switched on the DDG and can no longer make Windows updates.
Thanks for the support 😀
Salat44
DDG filter was switched on is a mystery to me
Your mystery is „human memory“ not remembering all changes for sure, as deterministic IT (and thousands(!) of other eBlocker users) don’t have that „mystery“ taking place…
Also the Consent-Banner blocker is disabled by default, but your screenshots show the „mystery“ that it got enabled 🤔
until 1 month ago everything worked with the DDG switched on. I wonder how the quality of this DDG is
Again, please read the blogpost carefully as it bears the answer: „we algorithmically generate the new blocking list“. And it seems the algorithm decided (based on the always changing DDG data) to block certain sites (in this case from MS). That‘s the core idea why lists get updated: to block new dangers!
Also again: The DDG list is to protect from „possible“ trackers for all operation systems. We will surely not apply changes for Windows users that bear risks for others… Same for facebook, google, xyz users who might feel their beloved services do not work with DDG enabled.
To repeat: It‘s not the goal of DDG to make everyone happy but provide very sharp tracking filters for people with high privacy needs! All others should stick with the standard default eBlocker list only.
BTW: For IT novices it’s generally a good idea to NEVER CHANGE A WORKING SYSTEM!
Sorry, I‘m a bit frustrated about supporting this request, as everything works as expected - but the human brain…
THX!
I understand your „frustration“ @random, but users tend to not read, change configs and forget the changes. This is normal and can maybe only prevented by even better user guidance.
From my perspective we might want to show an extra dialog if the user enables additional lists like „Please note that enabling additional blocking lists may cause overblocking. Resulting in apps, websites or other services may not work properly anymore. We recommend not to enable other blockers than the eBlocker curated default if you are unsure.“ together with a checkbox „I understand this change might break important Internet services“.
That‘s my takeaway from this thread.
And just in case you (@user-js, @satat44) feel like this was helpful, a reminder people tend to oversee, too: eBlocker is donation based and your donation is used to keep up this support forum…
Thanks again everyone and especially to @random for your patience 😌😎