Jump to content

Minimalist

ESET Insiders
  • Content Count

    15
  • Joined

  • Last visited

Posts posted by Minimalist

  1. 14 hours ago, itman said:

    What I was referring to was issuing IE11 as default browser and manually opening up FireFox, etc., for normal browsing activities. I ran this way for sometime until totally ditching IE11 and switching my default browser to FireFox.

    I understand. This wouldn't work for me as I couldn't use IE as default (I would have to copy paste all links from email client instead of just clicking on them and similar)...

  2. 7 hours ago, itman said:

    This is usually accomplished the reverse of what you are doing.  In Win, the default browser would be set to IE11. The advantage of this is if your browsing in FF and then land on an Eset whitelisted banking site for example, Eset would auto open that site in IE11 using Banking and Payment Protection.

    BTW - no one including Microsoft recommends using IE11 for anything anymore. Also as far as FireFox goes, Eset creates a separate profile used only for Banking and Payment Protection. The profile FireFox uses for non-Banking and Payment Protection browsing activities is not used.

    Hm, I don't know how many people actually use IE as default browser. If so, they would also use it for browsing so there would be no separation of browsers.

    Regarding IE - I just prefer to use it that way. Bank uses personal certificate for identification and I imported it to Windows certificate store and it's not accessible by Firefox. So using IE jthat way makes sense to me.

    I've had option to select which browser will be protected in previous AV solution so I thought I'll give a suggestion here.

  3. Description: FW option evaluate rules from Windows Firewall
    Detail: In Advanced setup of Firewall set to Automatic mode there is an option Also evaluate rules from Windows firewall. As described this option will allow inbound traffic allowed by Windows firewall.

    For me it would be useful to have an option that will also evaluate blocked outbound rules in Windows firewall. This way those rules wouldn't have to be recreated when migrating from Windows native firewall to ESET's.

    I apologize if any of both suggestions have already been posted.

  4. Description: Non-default browser for Banking and Payment protection
    Detail: It would be nice if we could set non-default browser to be used for banking protection when secure browser is run from main screen or using desktop shortcut. I use Firefox for day-to-day browsing (it's set as default) and Internet explorer for online banking and similar.

    I can launch protected IE if I navigate to banking website from within IE and then switch to secure browser when asked. If I launch secure browser from desktop it will always launch Firefox and as it seems that there is no option to set non-default browser to be used as secure browser.

  5. 54 minutes ago, Marcos said:

    I have reproduced a weird behavior when ekrn starts unpacking some files after clicking the utorrent icon which normally happens if a process creates a new self-extracting or runtime-packed file. We're investigating it. Nevertheless, it'd help if you too provided a log from your system.

    Attached are my logs from LogCollector and ProcessMonitor logs with and without a simulated problem. TY.

    eis_logs.zip Logfile_problem.zip Logfile_no_problem.zip

  6. 5 hours ago, Marcos said:

    I've tried to reproduce the issue to no avail.

    If you have another physical or virtual machine, could you try installing v13 from scratch, keep detection of pot. unwanted applications disabled and then install utorrent and reproduce it? If so, please provide 2 Procmon logs, one from time when the issue doesn't occur (e.g. when scan on open is disabled) and one from time when real-time protection is fully enabled and the issue manifests. Besides that, provide also logs collected with ESET Log Collector.

     

    I can't reproduce it in VM (but I have other OS version installed there). Can I attach log files to my post or should I send you PM (I would like log files to be freely accessible to everyone)?

  7. 6 hours ago, pps said:

    Excluding process from scanning makes only a little difference. Also I doubt that it's related to file execution. IMO it's file Open that causes the problem. If I right-click on file, symptoms are the same: 30+ seconds till right-click menu appears and during that time  ekrn,exe using one CPU core. If I then select Properties from righ-click menu whole thing happens again. So it's not just program startup that causes the problem.

  8. 4 hours ago, peteyt said:

    I do know eset detects utorrent as a potentional unwanted program so you may need to add it to exceptions but normally it would pop up and ask

    I've tested different settings changes and two that help are: adding utorrent.exe to performance exclusion or disabling scan on file open option in real-time system protection. Other options disabled or enabled don't make a difference.

    I checked what's happening in background using ProcessMonitor and it seems that ekrn.exe is performing same action again and again for cca 30 seconds when that executable is accessed or run.

  9. 9 hours ago, itman said:

    Are you running as a limited admin or a standard user?

    As you are aware I assume, the screen shot popup occurs when the sign-on user account doesn't have sufficient privileges to perform the required action in reference to the object being accessed. 

    Have you employed GPO in regards to SRP rules? Are you using any other security software that can restrict access to system objects such as SysHardener, OSArmor, etc..

    I run as limited admin (UAC at max). I don't use other tools. Execution is not blocked by Windows or it's mechanisms but by ESET. It happens only first time after ESET install (I tested it twice). After first time blockage uTorrent later can be run, it just takes cca. 30 seconds to start.

×
×
  • Create New...