ECELeader
-
Posts
24 -
Joined
-
Last visited
Posts posted by ECELeader
-
-
No I don't see ESET verification in the certificate when using Firefox Developer Edition:
In the regular Firefox and Chrome it works just fine.
Eset detects the other AMTSO tests (eicar, cloudcar etc). The only test failing is the anti-phising one.
4 hours ago, Marcos said:As for SSL filtering, it is important to keep it enabled since more and more malware is downloaded via https and the number of malicious websites utilizing SSL is growing as well. Also the fact that browsers are starting to report http connections as unsecure, bad guys have a good motivation to move to https as well.
By coincidence last week I attended a presentation by an ethical hacker who attempted to attack a machine utilizing Meterpreter. He failed once thanks to SSL filtering employed by ESET. When he managed to bypass it, the payload was detected and blocked upon injection by Advanced Memory Scanner.
Interesting story! I know the importance of SSL filtering so I always keep it on.
-
Eset anti-phising and SSL filtering are not working in Firefox Developer Edition. They work fine in Chrome and regular Firefox, but not in the Developer edition.
Using ESET SSP 12.2.29.0. Even tried pre-release channel to see if there is a fix.
-
Please note that multi-device-security will not activate a Smart Security Premium license but an Internet Security one. That means that you won't be able to use the Password Manager and Secure data encryption features.
-
Eset is using the term Macedonia in it's official sites and products, when referring to this country: https://en.wikipedia.org/wiki/North_Macedonia
Please use the appropriate official name of the country North Macedonia, used under the national agreements.
Using the name Macedonia without the official prefix North is insulting for Greeks and against the international agreements. The largest area of the region of Macedonia is part of Greece and only the most northerner area is part of the country of North Macedonia where it is officially named after.
Please respect the official naming of the country and the international treaties and rename the country to its official name North Macedonia.
-
1 minute ago, itman said:
A while back I created a HIPS rule to block loading of lxcore.sys and lxss.sys drivers plus a HIPS rule to prevent enabling of Developer mode to prevent bashware.
Well the thing is I don't want to block lxcore.sys and lxss.sys drivers because I actively use WSL on a daily basis. I want to use WSL while still be protected from threats like Bashware.
-
5 hours ago, Marcos said:
I'm not aware of any issues with WSL except the one in the linked topic. The best course of action would be to contact customer care so that the issue is investigated, tracked and possibly fixed if confirmed.
Support for WSL was added 1 or 2 years ago if I remember correctly.
Thank you for your response! There is a new type of malware called Bashware that takes advantage of the WSL. See here and here. I have two important questions:
1) By excluding the folder of WSL app, is ESET still protecting from such type of attacks mentioned above?
2) Is ESET following Microsoft guidelines and instructions, specified in the Microsoft article regarding Pico Processes such as WSL?
A reassurance by ESET development team would be great to know if ESET products are implementing and following the Microsoft standards mentioned in the article. If yes, since which version is the feature supported?
-
In a post in October there was this issue with High CPU usage and slowdown when using WSL in Windows. A temporary solution to this problem was to exclude the folder "%userprofile%\AppData\Local\Packages\DISTRO_APP_NAME" from Eset Realtime Protection. This solution is not ideal though because ESET doesn't protect processes run in WSL mode.
I noticed that Microsoft has issued an article explaining how 3rd parties AVs and Firewalls like ESET should interact with WSL. Link: WSL Antivirus and Firewall Compatibility.
Are ESET's developers aware of this? Are there any plans to implement this in a future version? I know a lot of people that use WSL mainly for development purposes and such a feature would be appreciated by the programming community that use ESET.
-
13 hours ago, Marcos said:
Google is the maker of Android and the provider of the Google Play store. They have the right to do it even if the others dislike some of their policies.
Have you tried as ESET to submit a Permissions Declaration Form for Google Play to review as stated here and here? Maybe Google can make an exception for ESET as anti theft SMS command is a core function of Anti-Theft.
-
Thanks for the apk link, but the version offered there is older than the Play Store version. Also, will it notify users to download new version when needed?
-
Please ESET provide an optional apk download from your site where the app has SMS text commands and other security features that Google forbids through play store policies.
-
On 12/5/2018 at 3:43 PM, SM03 said:
Version 12.0.31.0
Fixed: After upgrade, "Modules update failed: Invalid digital signature" error
Fixed: Desktop notifications are not displayed
Fixed: Minor functional and localization bugs
Thanks for the info! It would be great to have this changelog posted here in forum for each update or displayed inside eset program in Help ans Support -> About section.
-
2 hours ago, itman said:
That said, I see a few "irregularities."
TPSC has affiliations with Bitdefender, Kaspersky, and Sophos. Next as show in the below screen shot, Kaspersky only scored in 80.46% versus Eset's 95.6% in Phase 1 testing but passed overall testing? Appears that because Eset failed the Python ransomware test that was justification for the overall failure rating. Is this a standard AV lab testing methodology? Or is what we have here is a polished presentation using a pre-evaluated ransomware sample that my sponsors product detected but its major competitor did not?
The score shows only the results of proactive detection (malware was successfully blocked by the test product, prior to execution). A product is considered to pass phase 1 if after running the python script manages to keep the system clean in the end (clean sheet). You can read about the test method here.
-
It would be great to have a detailed changelog for pre-release versions, so that people who choose the pre-release cycle, know what modules were added/changed in order to focus bug testing to those areas. For example, today I updated to 12.0.31.0 and I do not know what was added/improved.
-
Although The PC Security Channel [TPSC] is not an official AMTSO member, it is a worth noting channel that uses a consistent methodology to test security products. It is a respected chanell to IT, programmers and av-fans people. I starting using ESET products this year and bought 8 licenses in total and I am disappointed that ESET failed this test. As a programmer I also code in Python and I am worried by the failed test.
-
Although parental control for Android is working great, one specific game called Dragon Land is bypassing both app restrictions and time restrictions even if I disallow the app through parental control settings. This is the only app so far that is able to bypass parental control. Can you fix it?
-
3 hours ago, 7f5ad837 said:
Just registered to chime in on this issue as well, since I'm experiencing the same behaviour: Constant CPU utilisation of around 30% from ESET with WSL running.
Instead of excluding the entire "%userprofile%\AppData\Local\Packages" directory, I'm working around this by only excluding "%userprofile%\AppData\Local\Packages\CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc\LocalState\rootfs". Admittedly this is still not exactly ideal, but it's a slightly more targeted approach at least. It might be interesting to further restrict exclusion rules to hone in on specifically "offensive" files/directories. (It's not just "bin", since only excluding that still leads to high CPU usage.)
Excluding only the Canonical folder for Ubuntu in "%userprofile%\AppData\Local\Packages" or the corresponding WhitewaterFoundry for WLinux seems to work for me also.
As you say this solution is far from ideal.
We are now at least 2 people experiencing this issue so it can't be a coincidence. Eset should take a look at this.
-
5 minutes ago, Marcos said:
There's nothing unusual. The CPU utilization by ekrn was very low all the time:
ekrn had also a very high number of file event in the same procmon I posted above.
I run sysbench fileio sequential read/write test on wsl and noticed that when eset protection is not off/or the folder C:\Users\ntona\AppData\Local\Packages is not excluded from scanning there is a latency in read/write operations.
Also i do not trust the CPU utilization because I am running the October update of Windows 10 1809 and I read that there is a bug where CPU % is reported falsely. The important thing is that in real world usage there is a slowdown caused by ESET in various WSL operations. If you install a free version of WSL like Ubuntu you can test it. With ESET protection off or the folder excluded it performs noticeably faster.
-
5 hours ago, Marcos said:
I didn't find anything unusual with regard to ESET. Ekrn spent 14,5s on the file C:\Users\ntona\AppData\Local\Packages\WhitewaterFoundryLtd.Co.16571368D6CFF_kd1vv0z0vy70w\LocalState\rootfs\lib\x86_64-linux-gnu\libc-2.27.so but other processes spent more than 700s on it.
Does excluding the folder C:\Users\ntona\AppData\Local\Packages from scanning make a difference?
The procmon log I posted in my first reply was not about gcc but was captured during apt-get install commands. I captured a new Procmon log when compiling a test project (see attachment in this post).
I tried excluding the folder C:\Users\ntona\AppData\Local\Packages and It actually makes a difference, speeding things up. Is it safe to have all the contents of this folder excluded? It would be better if there wasn't the need to exclude the whole folder though.
-
Yes i notice slowdown using wsl with eset in general. I notice a slowdown when starting/executing applications, compiling etc. Though slowdown is most prevalent during apt-get operations and dpkg but it is not limited to it. With protection disabled wsl feels overall snappier. For example when compiling a simple small project written in C with gcc I can prove that with real time protection OFF the compilation process is about 30% faster! This is a small project. Imagine when compiling a larger project, a slowdown penalty of 30% would matter a lot!
I measured the compilation of the project 3 times for consistency with protection OFF and Protection ON. (We observe that each time I compile the project the compilation time is shorter due to OS/hardware optimizations like caches, TLB etc but with Protection ON is always about 30% slower)
-
No problem, I also try to learn something new every day. There is always something new to learn
Also, thanks for your interest in helping me?. I just hope ESET will take a look at this.
-
9 hours ago, Rami said:
Why don't you install Ubuntu/Linux as Virtual Machine and use the terminal from there ? , instead of that software which emulates Terminal on Windows,
But also if you feel that you don't want to stop using that software and not go for virtual machine , if you trust yourself with what you are doing in that emulator , then you can exclude it from being scanned till ESET provides you for a fix so you can use it fast while ESET is still monitoring your system.
I used VM in the past, but WSL suits me better and I prefer it. There are several reasons to use WSL. For example:
- Bash interactions with windows programs.
- Run native Linux binaries without the overhead of a VM (WSL is not an emulator as you say, but it runs Linux binaries directly).
- WSL requires fewer resources (CPU, memory, and storage) than a full virtual machine (It uses only 2 gb of storage in my machine).
- WSL also allows you to run Linux command-line tools and apps alongside your Windows command-line, desktop and store apps, and to access your Windows files from within Linux.
- WSL enables you to use Windows apps and Linux command-line tools on the same set of files if you wish.
- It is very useful for developers, because you can use developing tools from both worlds (Windows and GNU/Linux) on the same files without dual-booting or transferring files to the VM. You can even shift+right-click in Explorer and open bash quickly in the current directory with "Open Linux Shell here" option.
For me, these conveniences are enough to switch from VM/dual booting to WSL. I don't prefer to exclude WSL from being scanned and I believe it won't reduce system impact either, because each program that runs through WSL is executing directly on Windows (as shown above in the screenshot of task manager) so I will have to exclude every single user/Linux program-package I use in WSL separately in order to reduce system impact, which is not ideal. I think this is an issue that could affect many people, especially in the future where WSL may be adopted by other people. So I think it is wise to bring this issue to ESET and find a solution for this problem before it affects other people.
-
23 hours ago, Marcos said:
Does temporarily pausing real-time protection make a difference? If so, generate a Procmon log so that we can see what files are being accessed / scanned when cpu goes up. 6% utilization is not high, e.g. if a lot of files are actively being scanned.
First of all, I should note that Windows Subsystem for Linux (and consequently WLinux or any other Linux flavors that use it) is of great importance to me. I am studying computer engineering in a university and WSL is a great development tool allowing running Linux command-line tools directly on Windows. It is a shame discovering that ESET Internet Security, which is a product I admire and love, causing a slowdown when using it.
WLinux includes a built-in script that automates and simplifies the installation of various developer tools (such as python3, node.js, vscode etc). With my preferences, after running the script, WLinux occupies approximately 2gb of space in disk. In order to compare the performance impact of ESET Internet Security, I run the same script with the same preferences two times, while previously resetting WLinux app through windows settings.
Running the complete script with real-time protection disabled took about 14 minutes.
Running the complete script with real-time protection enabled took about 33 minutes! Almost 20 minutes slowdown! I noticed that the there was a significant slowdown caused by high ESET service activity, when the script was unpacking packages and installing applications through the apt-get system. Though, the slowdowns caused by ESET are also noticable in various WSL functions like opening an application like code through X410.
Here is a link to the generated Procmon log. I recorded all the events, while running the script with ESET real-time protection enabled. Because it took 33 minuted to finish, it was too big (1gb compressed) to post here so I uploaded to Mega. Also, I attach in this reply, the ESET settings I used, exported using ESET's import/export settings tool.
-
I have noticed that ESET Service has a relative high CPU usage when using Windows Subsystem for Linux compared to other processes. Please see the attached screenshot where I use WLinux, a WSL distro from Microsoft Store. My System Specs are also attached. I am running latest version of ESET 11.2.63.0.
Also, thanks for your interest in helping me
Anti-phising and ssl/tls filtering not working in Firefox Developer Edition
in ESET Internet Security & ESET Smart Security Premium
Posted
Thank you all for your help! The issue was solved after reinstalling all Firefox editions in my PC completely (removing the %AppData% folder as well) and reinstalling Firefox Developer Edition.