This morning I was included on an email asking a few of us if we’ve been able to use Fiddler. He said when he tried to use it he saw it do its update check then make a request to oscex-en.url.trendmicro.com but it wouldn’t capture anything else regardless of which sites he visited.
I’ve been using Fiddler a lot lately to help test a new RESTful WCF service I’m prototyping and hadn’t been having any trouble with it but then I remembered that I didn’t have filters enabled. I clicked over to the Filters tab and checked the “Show only Internet Explorer” traffic, refreshed a page, then nothing… Fiddler wasn’t capturing anything. What gives? This worked the last time I used it.
I started searching for something about filters not working and found a post that recommended enabling the Troubleshoot Filters option in the Help menu. I’d never used this option before but basically it shows all traffic but strikes out the requests that would normally be excluded by the filter. It also provides a comment about why the request would be hidden. In this case the comment read “Hidden due to FiltersTab>HideNonIE.” That didn’t make any sense since I’d made the request from IE but then I saw that the Process column listed tmproxy:5460 instead of iexplore. Another search for tmproxy and Fiddler revealed that the Trend Micro virus scanner does indeed insert itself as a proxy between IE and Fiddler (and most other processes for that matter) so it is reported as the process.
By injecting itself in that manner it essentially breaks the Client Process filters in Fiddler so we need to revise our filter. I found that setting up a Host filter to only show requests where the host is my laptop gave me the best results. The Host filter accepts a semicolon delimited list of host names so setting it up is pretty easy. Once the hosts were set up I only saw the requests that I was interested in.
Generally speaking filtering by host name is probably better than filtering by browser but I enjoyed the convenience of just checking a box.