pcguy
-
Posts
46 -
Joined
-
Last visited
-
Days Won
1
Posts posted by pcguy
-
-
I am seeing this when I use an unpacked extension in Brave Browser (chromium based). I have no idea why it is being blocked. Dev said that "The only thing tweetdeck.dimden.dev is used for in 3.0.0 is receiving notifications about new updates, idk why its marked as virus"
-
40 minutes ago, itman said:
All browsers by default should be blocking access to web site with a revoked cert using their default cert. security settings.However, browser default cert. security settings can be overridden as shown in this article: https://bytebitebit.com/turn-off-security-certificate/ .
That is what should happen however I have tried 3 computers here two do not have Eset installed and which I know for certain are using the default settings and both MS Edge and Chrome go to https://transfert-transfer.bac-lac.gc.ca/ without any issue. All of these computers are Windows 10 boxes fully up to date. A friend in the USA has the same experience with Windows 10 MS Edge they also get the login page.
-
If I disable ESET HTTPS scanning vai "Enable SSL/TLS protocol filtering none of the Chromium based browsers complain. MS Edge, Chrome and Brave get me to a login page. Firefox is the only browser who continue to throw up a warning page.
-
On the Eset machine, I use Brave Beta as my main browser. I have no issue going to https://transfert-transfer.bac-lac.gc.ca where I am presented with a login page. Firefox gets the ESET blocked page and so does MS Edge
-
8 minutes ago, itman said:
Actually, Microsoft Defender has nothing to do with revoked certificate validations since it does not perform HTTPS scanning activities.
It is the browser responsibility to block a web site connection with a revoked certificate where a security solution is installed that does not perform HTTPS scanning.
Do you have AdGuard installed?
I do not have AdGuard installed. The non Eset computer is simply a Windows10 Pro installed with only MS Defender plus MS Edge and Brave Browser. MS Edge loads the page fine on the non ESET computer. On the Eset computer MS Edge throws up the Cert Revoked message.
-
If one goes to https://transfert-transfer.bac-lac.gc.ca which is a Canadian Federal government website you get a website certicate revoked. Yet when you go to the same site in the same browser on a Windows10 computer that does not have Eset Anivirus there is no issue reading a page or downloading files. If the cert is revoked would not Windows Defender also block that site?
-
I have someone else using Windows10 22H2 with a desktop and Internet Security 16.0.26.0 getting these emails as well. The emails occur when Eset updates itself and has to reboot or when Windows updates occur and the computer has to be rebooted. I have checked and all of the user accounts on this computer have passwords that have to be entered on computer boot up EXCEPT the phantom account.
This has been happening on this computer for months now and I am at a lost on why ESET thinks someone has attempted to login to the phantom account.
-
I have someone who periodically gets warnings that their Phantom account is logged in on Win10. Currently at 15.2.11.0 for Eset Anti-theft. Their main account is password protected. These warnings so far this month occurred 3 times within the last 3 weeks and no one during this time has accidentially logged into the Windows10 Phantom account.
-
Looks like I will have to issue the above series of commands on a bunch of Windows10 computers using NOD32 and O&O Syspectr as they are showing the same error multiple antivirus applications installed.
-
It seems that NOD32 Antivirus is creating these duplicate entries at least on Windows10 machines. I did a query on a system here that had upgraded in place to the current 13.0.22.0 and it too had the above two entries in WMI in AntivirusProduct Class and it did not have the O&O product installed.
-
I discovered what the issue was. In fact the issue showed up on this computer as well. I noticed that when I did a WMI query on root/SecurityCenter2 for Classaname AntivirusProduct I got the following result
I had to issue the following commands
sc config winmgmt start= disabled
net stop winmgmt
Winmgmt /salvagerepository %windir%\System32\wbem
Winmgmt /resetrepository %windir%\System32\wbem
sc config winmgmt start= autoOnce that was done then O&O showed only one instance of Eset installed
-
I thought of doing that too however I would probably want to do that when I am physically there as the warning for the tool indicates it can screw up the network settings. Something I do not need to happen if I am remoting into the computer. Well thanks for the help. Will have to try the uninstall the next time I am onsite.
-
9 hours ago, Marcos said:
They can get information about the product name from HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info\ProductName and ProductVersion. I recall it's also possible to query WMI.
Well I looked at that key on one of the problem machines and Product Name is "ESET NOD32 Antivirus" and ProductVersion is " 13.0.22.0". For some reason Syspectr reports two entries like
ESET Security is active and up-to-date -
I can remote in again to one of these machines perhaps later tonight when they are not in use and check the key. I had already looked at the registry for anything glaringly wrong but could not spot anything. This was after O&O could not provide me any further information where they were seeing these duplicate NOD32 entries.
-
I asked them whether they check the Windows Registry or directories on the hard drive and all I got back was " No, we use the Windows API only. Contact ESET for further support with this issue please. "
-
I have 3 computers at a location. All three are Windows10 1903 that are 4 months old. I use O&O Software Syspectr to monitor these computers. However Syspectr is reporting that there are 2 installations of "ESET Security is active and up-to-date ". If i remote into the computer and use the Windows uninstall of NOD32 Antivirus off this computer then one of these entries in Syspectr disappears.
Syspectr support simply tells me " We take this to heart, but have to stress again that we only read the information from windows. " and " We use the Windows API only" to determine what software is installed and that I should contact Eset. My question is why is Syspectr reporting 2 installations of Eset Antivirus on all three machines. They are all at 13.0.22.0.
-
I have no idea. All I can say is that since I removed the password on Thunderbird closed it down and restarted I know longer see the error showing up in the log files so far for 2 days. In the past it would show up as soon as I enabled the option or every couple of hours.
Eset really needs to give more detail information in these sorts of errors so that we do not spend time going down rabbit holes. It gets tiring and frustrating.
-
In case someone at a later date stumbles upon this error message I figure I will post what the issue was. After a month and countless hours on my part and Eset support and sending numerous log files to Eset support the problem seems to fixed. The issue was caused by Thunderbird email client which was using a Master password to protect the email passwords in the application. It had nothing to do with any of the web browser applications like Brave, Firefox, Chrome or MS Edge (all variants) that I had installed on this computer. I had to temporarily remove the password off Thunderbird and re enable the option in Eset to add cert to all known browsers.
I just wished the heck NOD32 would of put out more meaningful error message when it encounters a problem like this. If it had simply indicated it was Thunderbird it would of saved a heck of lot of lost hours on my part and Eset support.
-
Is the "Personal firewall" of the "Personal firewall: An attempt to add the root certificate to all known browsers on your computer failed." referring to Windows Firewall? Because that is one Eset remote support tech told me and after 1.5 hrs session said they fixed it by disabling SSL/TLS monitoring, rebooting and re-enabling. This is something I had tried countless times over the past week along with uninstalling and wiping all traces of Eset off Windows10 and reinstalling the software. Since I had to leave for an appointment I did not check for an hour and so. When I did I discovered that the reason why the error was not showing up was because SSL/TLS monitoring was disabled.
-
12 hours ago, justme12 said:
I know it is a real PIA but maybe try a Windows Reset or a clean install. After my initial events, clearing the residual leftovers from
various installs seems to have worked perfectly. Running Eset on 3 pcs now and no issues.
Appreciate the feedback but resetting or doing a clean install of Windows 10 would require a week of work on my part reconfiguring all the additional software I use on a regular basis.
Eset should provide clear indication what the exact installation for the cert failed because I cleansed Firefox from this computer and registry and even reinstalling it did not solve the issue. I have searched all the browsers installed on this machine and all of them have the same cert installed.
-
18 hours ago, Marcos said:
Please carry on as follows:
- disable SSL filtering
- reboot the machine
- without launching any application, re-enable SSL filtering.Should the problem persist, start logging with Procmon and disable / re-enable SSL filtering, then stop logging and provide the generated log in a compressed form.
I did that Thursday of last week and attached both files here in this thread.
-
On 5/10/2019 at 7:41 AM, justme12 said:
I can't say for sure, but using Revo, after the FF uninstaller finished, Revo identified a vast amount of leftovers in numerous folders which I deleted. After that, all is well.
I just realized that this thread was not in the Eset NOD32 Antivirus section which is the product I am having this issue with. All the browsers currently installed have the same cert installed. Even Firefox release version. Yet the logs continue to get the same old warning message. One option that works is to disable adding the cert to known browsers. That is the least dangerous of the options if NOD32 is installed. It would have been extremely useful if NOD32 could provide a clue on what particular browser install is failing. I am now wondering what else maybe is not functioning properly in NOD32. I Just happened to stumble across this issue last week.
I even took the drastic measure of running CCLeaner to remove what it felt was errorenous registry entries, rebooted and without starting any web browsers I re-enabled TLS monitoring. Within seconds I got 2 of the same errors in the logfiles.
-
Going to leave NOD32 installed on this system for now and will probably decide whether NOD32 remains installed. Will wait for official info from Eset on what the heck is going on with this Windows10 system whether it is Eset official position that one is restricted to release versions ONLY of a web browser when using NOD32 on a system.
I have installed Firefox release version and NOD32 still is complaining apparently every hour or so that the cert cannot be installed on some unknown browser somewhere on this computer.
-
15 minutes ago, itman said:
You have already posted you are "always testing new browsers." Even if uninstalled, it is possible Eset is detecting their traces. Ditto for multiple versions of FireFox installed and then subsequently installed.
Finally, I would not install any browser other than IE11, Edge(official release), Chrome, or Firefox when using Eset.
Well then perhaps its best for Eset and I to part ways then. To hamstring a user in part due to non-descriptive error messages and to have no error handling routines to alert the end user of the issue but instead simply fill up the app log files with thousands of errors.
Why is ESET blockling grammarly.io
in ESET NOD32 Antivirus
Posted
I use Grammarly a spell and grammar checker extension in all my web browsers. Today Oct 28th ESET Antivirus 16.2.15 with current updates is blocking grammarly.io
Time;URL;Status;Detection;Application;User;IP address;Hash
10/28/2023 9:59:01 PM;https://f-log-extension.grammarly.io;Blocked;PUA blacklist;C:\Program Files\BraveSoftware\Brave-Browser-Beta\Application\brave.exe;GREG_I5\gregg;52.204.27.140;C134E1FC60311B40CEF80FBC7AAF35EFFA82C0DB