100

Have you also tested it as follows: Start a software (e.g. browser) in a sandbox. Install or update a software outside Sandboxie. Exit the program in the sandbox and try to clear it. This is how the problem always occurred with me.

Yes, I can confirm the detection. I also use Firefox, but inside Sandboxie and the SSL/TLS filter no longer works if Firefox is inside Sandboxie. https://community.sophos.com/products/sandboxie/f/sandboxie-forum/113772/ssl-filtering-with-eset-doesn-t-work-with-firefox-67-0-x-in-sandboxie But the file was detected and deleted during the download. :-)

Yes, the Eset lab could do it. ;-)

Because of this article I have downloaded the three Zip archives: https://www.bamsoftware.com/hacks/zipbomb/ Only zblg.zip was detected as a zip bomb by Eset after the download and therefore deleted. zbsm.zip was probably too small, but zbxl.zip was probably not recognized because of zip64. 7-zip can do zip64, but of course I won't open it and don't have the courage to do a context scan with Eset.

I was just playing with it. It's no problem to trust the internal list. I think it will be updated automatically if one of the pages suddenly contains malicious code. For trusted domains with payment functionality it is better not to break the encryption. This is probably the intention of the internal trused list.

No, to "scan". Example: Amazon.com is on the internal list of trusted domains and therfore it is not scanned by the SSL/TLS MITM. The displayed certificate is from Verisign. If I add this certificate to the list of known certificates and set it to "scan" (the same with "auto"), the displayed certificate should be Eset, but it is still Verisign (even after restarting the browser).

Hm, a domain on the internal list of trusted domains cannot be filtered by an entry in the list of known certificates? I have tested it and it seams to be that the internal list of trusted domains have always priority.

Thank you very much, Marcos. Sorry, I overlooked this setting.

I noticed, that the SSL/TLS-MITM doesn't work for many sites (like Eset, Google, Paypal, Ebay, Amazon, Youtube). The certificates are not shown as "Eset, spol. sr. o.". On Facebook and Twitter the filter is working. I have tested it with Firefox 67.0.4 and Internet Explorer 11 on Windows 7 x64 and also with the filter settings automatic and scan.

Yes, you are right and it is possible to create exceptions in sandboxie, but you need to know exactly which files and registry paths are used by the Eset Banking Protection.

Thank you very much itman, but Sandboxie recognizes applications only by their process name. The path doesn't matter. Therefore Sandboxie opens both IE versions (32 and 64 bit) sandboxed and Esets BPP then fails.

I have set Internet Explorer as my default browser and Sandboxie is set to always force it into a sandbox. The mail program should open links in Internet Explorer, which then starts automatically in a sandbox. All browsers have their own sandbox, which will always be emptied, when the browser will be closed. That's why I can't use Esets secure banking. It would be very helpful when the browser for secure banking could be set in the settings of Eset. Maybe then it would be possible to copy iexplore.exe to iexplore_2.exe and use it for Esets banking protection, as it would not automatically be forced into Sandboxies sandbox.

Tank you very much!

In version 11.1.54 ist was possible to see what file the realtime scanner is actually scanning. I miss this in version 11.2.49. It would be helpfull to know whether Eset is scanning certain files or not, if there are delays in some cases.

Thank you very much! I didn't have the same, but a similar popup. It had no "i", in the lower third were two buttons and the blue bar was in the upper third. The translation support module should be updated very quickly via the regular update channel.

On 01. August 2018 I had an empty Eset popup in the right corner above the taskbar. It had a blue bar in the upper third and a blue button on the left and a white button on the right. But in the entire popup was absolutely no text, not even on the buttons. So I don't know, what was the reason. I did not click on any button and the popup was closed after a while. There is also an empty log entry in the Eset event log (for modul "system kernel", but the event field is empty) and it is between the hourly update cycle.Therefore an update can not be the reason. It is the absolutley first time, that I had this with Eset.

The both exclusions does also exclude the subfolders "automaticdestinations", which contains the "automaticDestinations-ms" files. These files contains the jump list entries. The problem has also exists after deleting all files and links in "recent" and the subfolders and a Windows restart. Without the exclusions I couldn't pin folders to the jump list. After the latest modul update the problem doesn't exists anymore.

After an right click to the windows explorer icon in the task bar, the jump list is shown as empty and then the explorer.exe process consumes 13 % CPU usage and up to 100 MB RAM for 1-2 minutes. But after that, the jump list is still shown as empty. It seems to be, that this issue is caused by an module update. Workaround: Add the following paths to the scan exclusions. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent C:\Users\[username]\AppData\Roaming\Microsoft\Windows\Recent

Since version 11.1.54.0 it is no more possible to exclude specified file types in a specified path. Workaround: Exclude the full path Export the settings Edit the xml settings file Import the edited xml settings file This works (tested with a context scan).

Hm, but does the problem couldn't also be caused by the firewall or the file antivirus? Edit: Eset isn't the reason.

Yes, thank you! But I have tried so many things without any success (also add the SSL certificate of the used domain and set its filtering to ignore, or add 40 IPs to the exclusion list). So I think now that it will be the best to disable Eset completely and if this doesn't make any difference I can sure, that Eset isn't the reason. :-)

I use an realtime application which have an builtin community chat and very often the new message notification doesn't disapperars when the new messages are read. It persists also after the application is restartet because the message state is saved in an file. It doesn't help to read the message again and again. It seems to be, that the correct state is sometimes not received from the server. I can solve it temporarily when I delete the file which stores the state. The application support cannot reproduce this problem which I have since some month. The application uses internal some parts of the Internet Explorer (like winamp or Windows Live Mail), but I have cookies allowed for the domain which is used by the application. I have also done antivirus exclusions for "\AppData\Roaming\application A\*" and "C:\Program Files (x86)\application A\*" but it doesn't help. I'm not sure that Eset is the reason and therefore I will now disable antivirus and firewall for some days. It should not be a security problem because I'm behind a router and I use always sandboxie for all browers and winamp. Each browser and winamp has its own sandbox, always cleared when the browser/winamp is closed.

Is it possible to use wildcards in "web and e-mail" > "protocol filtering" > "excluded applications"? Example: C:\Program Files (x86)\Application A*\application*.exe for: C:\Program Files (x86)\Application A\application.exe C:\Program Files (x86)\Application A 2\application.exe C:\Program Files (x86)\Application A 2\application_2.exe C:\Program Files (x86)\Application A 3\application.exe C:\Program Files (x86)\Application A 3\application_3.exe

This issue is fixed with 10.1.219. Thanks!

Thank you! I doesn't see your thread before.