Enrico
-
Posts
73 -
Joined
-
Last visited
Posts posted by Enrico
-
-
As I've said before:
On 10/2/2021 at 6:22 PM, Enrico said:I've uninstalled ESS and installed EIS ..., but now the "news" item appeared in EIS too.
I've had not taken any screenshot of the popup with EIS, but, as you can see below, it's related to the "news" item.
Today no popups, maybe a kernel update changed the notification behaviour?
-
"Display marketing mesages" is still disabled.
-
How can I permanently disable the advertising popups and the "news" item introduced in the latest version of EIS? (I've uninstalled ESS and installed EIS with the hope of not being nagged anymore, but now the "news" item appeared in EIS too.)
They interrupt my workflow by distracting me with what could be a security alert.
P.S.1: for security reasons I will never use a PW manager with the database saved in the cloud.
P.S.2: I have a EN locale, why notifications are in ITA?!Best regards.
Enrico
-
Can we disable push notifications and the permanent connection?
-
Thank you for the clarification. Since most are cdn's and blocking those IP ranges will adversely affect websites and component updates it's better if I compile the hosts file.
Regards.
-
Somebody can explain the difference between using the "list of blocked addresses" and the hosts file?
Wireshark & TCPview using URL Address Management (monitoring Firefox automatic startup connection):
Wireshark & TCPview using hosts (0.0.0.0):
Ping results using URL Address Management and hosts:
Regards.
-
Akamaiedge is a CDN used by multiple websites and programs, blocking that global domain can cause issues, it's better to block only some of the subdomains used for analytics or tracking (like *g.akamaiedge.*).
You can use Wireshark with the filter "dns" to log all the connection requests made by the app.
-
@itman : if I create a new zone with some IP ranges (goog), then create a deny rule for Firefox, the firewall behaves correctly.
So we have two options: something's wrong in the op rule or something was fixed with the last module update.
-
That rule is totally wrong, you must create a new rule under Firewall - Advanced - Rules - Edit - Add
Note that the IP's can change from time to time, so it's better to block domains, subdomains or even scripts with web access protection - url address management ( *line.me* ).
-
Since the last modules update the target column is empty.
Best regards.
-
The same was happening on my Dell laptop and the two workstations upgraded to 20H2. I was unable to collect logs on the workstations since I immediately rolled back to 1909 (mainly for performance reasons) and permanently disabled win updates.
I will do some more testing on the laptop next weekend.
-
I know, but tell it to the bank (that was naggin' me with "install the app from gooogle play because it's more secure" blah blah), to the insurance or to the biggest ISP here, today their are facing serious issues because of this procrastination.
-
Update: I've started having issues with FF on some websites, the solution was set "security.tls.version.min" to 1 .
-
I can confirm that disabling filtering the cert goes away...
In the 20H2 machine I've resolved with Eset reinstallation/reconfiguration, root certificates cleanup/rebuild and restoring some old firefox profiles, now everything seems ok, so probably it was a corruption or a misconfiguration due to November patches.
In the 1909 machine a newer Eset certificate was installed and after reboot no browsing issues.
Thanks
-
After the last updates I started having the certificates issue with firefox https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/page/6/
On W10 20H2 FF 78.4.1 ESR has credential issues that lead to secure connection errors and data loss, Ungoogled Chromium seems not affected.
On W10 1909 FF displays invalid cert on every website, the same with Ungoogled.
Pref "security.enterprise_roots.enabled" is "true" and locked (by Eset or by group policy)
I see no errors in browsers console.
On the third PC with 20H2 and without Eset SSP I have no issues.
I've tried disabling/re-enabling SSL/TLS filtering while monitoring TRCA, Eset SS filter CA was renewed and is valid until 15/11/2030.
Disabling SSL/TLS filtering didn't resolved the issue.
Suggestions?
-
BTW: because of professional needs I've had to disable firewall rules, hosts and reconfigure FF in order to purchase the renewal. Now EvilCorp is blocked again.
-
Google reCaptcha is a data stealer tool https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-side https://www.termsfeed.com/blog/privacy-policy-recaptcha/ .
The ITA website is hosted on Google servers (first connection is made to 35.201.113.0/24).
-
This "google is everywhere" thing is getting ridiculous, I cannot even open a support request because of goolag recaptcha.
Somebody can help me finding a license renewal process that not involves giving personal data to google?
-
UUID was removed from the link, that's why you see a blank page. You can visit this page https://eshop.eset.com/it/eset/renewal/ and see dns logs.
Strangest thing is that I load the international page
But clicking "renew" leads to eshop.eset.com/it/eset/renewal/ and relative connections to google servers.
Another strange thing: different languages=different third parties involved in user tracking (some localizations like french and dutch are more privacy friendly).
Funny that to purchase the license of a software that I use to protect me from Google (& friends) tracking I must use Google servers.
-
Yesterday I've recived a license renewal e-mail from licenze'at'enjoy.eset.com (ITA), in the recipient there was a hyperlink (renew now) to https://enjoy.eset.com/pub/cc?_ri_= ...(tracking UUID)... , the link resolves to a Google server IP (109.113.201.35.bc.googleusercontent.com ).
For privacy and security reasons I'm blocking all Google Ip ranges and domains, so no connection was made.
My question is: why license renewal process must pass trough Google data gathering?
-
Disable "Preload pages for faster browsing and searching" and see if it happens again. (in order to reduce attack surface never use prefetch/predict browser features)
It seems to me that Google Safebrowsing (aka censorship) is failing again to detect malicious websites.
-
First suggestion is to use GPO ( https://github.com/mozilla/policy-templates/releases ) or Enterprise Policy Generator add-on by Sören Hentzschel for manage security settings (so Mozz can't override user preferences), the second is to use ESR releases to avoid this kind of issues.
Try disable/re-enable the preference "Add the root certificate to known browsers" under "web and mail"-"ssl-tls" and check if Eset cert has been added to the browser. (just tested with ESR and it works)
Check also for "security.certerrors.mitm.auto_enable_enterprise_roots" (true) https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference
-
@Marcos: did you had some time to analyze the logs?
At the moment I'm using process exclusions in order to reduce complex apps/programs startup time, but it's not the most secure thing to do, also I suspect that all the 0xc0000005 CTD's I've had on both W7 and W10 are due to process scanning.
-
@Marcos: you have a PM. I've uploaded W10 logs with/without protection enabled, let me know if you need W7 logs.
@itman: what I can tell you is that it's a really complex SW written in C++, it uses Sentinel HASP for licensing and Apache FOP for documentation, it constantly write to disk and with the latest version I see a lot of Buffer Overflow in file activity entries (procmon).
EIS advertising popup notifications
in ESET Internet Security & ESET Smart Security Premium
Posted
This early morning there was no "news" on my n°1 workstation EIS main window, after a few minutes:
Rollback had no effect on the UI. (Win10 1909)