Slooshy

Wow, that worked. Thank you very much! Eset's customer support team had me uploading logs. C:\Program Files (x86)\Sticky Password\stpass.exe needs to be added to Eset's browser protection allowlist.

Sticky Password's browser extension is installed. Stick Password's main application can't detect that it is installed in Firefox (or any browser). I soon as I disable HIPS, the problem disappears. I see the following in Eset's HIPS logs: C:\Program Files (x86)\Sticky Password\stpass.exe;Get access to another application;C:\Program Files\Mozilla Firefox\firefox.exe;Blocked;OPP protected process and C:\Program Files (x86)\Sticky Password\spUIAManager.exe;Get access to another application;C:\Program Files\Mozilla Firefox\firefox.exe;Blocked;OPP protected process;Modify state of another application I also see C:\Program Files (x86)\Sticky Password\spUIAManager.exe;Get access to another application;C:\Program Files\ESET\ESET Security\egui.exe;Blocked;Self-Defense: Protect ekrn and egui processes;Get access to another application. This entry is not the source of the problem. spNMHost.exe also needs to be unblocked. Sticky Password for Windows desktop app’s extension status check is blocked. Sticky Password’s Windows front-end (stpass.exe) still uses a quick low-level probe—calling Windows APIs such as OpenProcess / GetWindowThreadProcessId against each running browser—to ask, “Is my companion extension there?” ESET’s Host-based Intrusion Prevention (HIPS) treats those calls as “Modify state of another application” aimed at a browser that ESET has marked OPP-protected. The attempt is silently denied by Eset, the Sticky Password desktop app never receives the expected confirmation, and its UI falls back to showing that the extension is not installed. While Sticky Password already uses the WebExtension native-messaging channel (a JSON pipe) for high-level data exchange, its desktop (Windows) app still performs low-level UI-automation calls (window enumeration, focus change, etc.) to detect whether the extension is active and which field is focused. Those Win32 calls trigger ESET’s “Modify state of another application” signature, so native-messaging is necessary but not sufficient to avoid the block. ESET’s current browser–protection layer (“OPP protected process” in HIPS) blocks any third-party executable that opens a browser’s process handle or window handle. Sticky Password’s Windows front-end still makes those low-level Win32 calls as part of its “is my extension installed” probe. Because Eset's OPP rules are hard-wired and evaluated before any user-defined HIPS rule, Sticky Password's check fails even though Sticky Password's WebExtension itself continues to fill passwords normally. (I do not wish to use the (Sticky) Password application that is included with Eset. This problem is affecting everyone using Sticky Password's standalone Windows application, version 8.9.4.125, and Eset Smart Security Premium 18.2.1.4.0.) For what it's worth, Sticky Password's web browser extensions work and autofill usernames and passwords. Just detection of the web browser extensions fails because of HIPS. Operation Protection (OPP), which Eset calls a “protected process” rule. OPP rules appear to be hard-coded, higher-priority, and always override anything created in the HIPS rule editor.

Hi @Peter Randziak Will you be including support for Sticky Password in ESET's Protected Banking & Payment browser using Firefox 57 (64-bit)? Wondering, Slooshy

Eset Password Manager is Sticky Password and seems to lag behind the standalone version in terms of updates. The standalone version of Sticky Password 8.0.12.127 works perfectly fine in Firefox 57 (64-bit). So, it doesn't really make sense why Eset's version of Sticky Password hasn't been updated yet. However, Sticky Password version 8.0.12.127 will not install in ESET's Protected Banking & Payment browser using Firefox 57 (64-bit). Banking & payment protection module: 1115 (20171103)

There appears to be a related concern over here: https://forum.eset.com/topic/13688-banking-payment-protection-chrome-and-extensions/

The problem is not on your end.

I am getting ping responses from these servers though: https://support.eset.com/kb332/#esetlivegrid

Yeah, they were also down Friday morning (Eastern Standard Time):

Becoming a bit of a yo-yo Doesn't Eset have server failover or redundancy?

I'm experiencing the same issue. I can't believe this hasn't been resolved since July.

Thanks, but the issue is not on my end.

No. The warning popped up and disappeared after 9 minutes. But should the severs keep dropping, getting distracted from work is easy. Do Eset LiveGrid servers drop frequently?

Pretty distracting Is there any way in Eset to specify what servers to use? https://support.eset.com/kb332/#esetlivegrid

Yeah, I should have mentioned, I'm also using Windows 10 Pro x64 version 1709 (OS Build 16299.19) Eset Smart Security Premium 11.0.144.0 Detection Engine: 16313 (20171027) Rapid Response module: 10981 (20171027) Update module: 1010 (20170621) Antivirus and antispyware scanner module: 1531.2 (20171024) Advanced heuristics module: 1180 (20170914) Archive support module: 1269 (20170913) Cleaner module: 1149 (20171023) Anti-Stealth support module: 1117 (20171011) Firewall module: 1371 (20171013) ESET SysInspector module: 1270 (20170808) Translation support module: 1637 (20171016) HIPS support module: 1301 (20171016) Internet protection module: 1318 (20171002) Web content filter module: 1058 (20170406) Advanced antispam module: 6352 (20171027) Database module: 1093 (20170725) Configuration module (33): 1565 (20170919) LiveGrid communication module: 1022 (20160401) Specialized cleaner module: 1012 (20160405) Banking & payment protection module: 1114 (20171018) Rootkit detection and cleaning module: 1019 (20170825) Network protection module: 1560 (20171026) Router vulnerability scanner module: 1041 (20170925) Script scanner module: 1024 (20171019) Connected Home Network module: 1017.1 (20171018) Cryptographic protocol support module: 1022 (20170921)

And now the warning message suddenly disappeared, 9 minutes later. Do Eset LiveGrid servers drop frequently? If so, I'm going to have to disable these notifications.