chrcoluk
Members-
Posts
40 -
Joined
-
Last visited
Everything posted by chrcoluk
-
Hi. As confirmed on wilders. Livegrid is enabled in all modules including real time scanner module. Protocol filtering options are both enabled. The eset live grid only works for me when http module is enabled, doesnt work on local file scans. I believe this is a bug so reporting it. Also software is activated with valid license. Marcos will PM you later tonight or tomorrow with info you requested.
-
Major security issue and update settings not honouring config.
chrcoluk replied to chrcoluk's topic in ESET NOD32 Antivirus
Also I should mention after the update, the program components option changed itself to update automatically, every single other setting was preserved, only that one setting changed. If you guys are saying what I experienced isnt possible, I wonder now if I have some malware pretending to be nod32, hmmm. So I might uninstall and reinstall from the installer of the website. -
ESET 9.0 - HIPS is non-functional in WIN 10
chrcoluk replied to jcoates23's topic in ESET NOD32 Antivirus
I will test the insider version if needed, after you have working hips on insider (limited mode) I will purchase a license for my win10 machine. thanks Also I pointed eset support to this thread as they didnt seem aware of why the problem occurs. -
Major security issue and update settings not honouring config.
chrcoluk replied to chrcoluk's topic in ESET NOD32 Antivirus
yes the installer was running and stuck on a prompt saying it could not remove the old eset service. I had no eset icon in the system tray whilst it was stuck in this state. After I closed process explorer I was able to finish the installation. -
So on my win7 desktop running nod32 av v8 I have updates set to auto install definitions, but the program updates set to ask before downloading program components. To my horror a couple of weeks ago my pc was left idle overnight, when 'i woke up and started using it, nod32 was stuck updating itself in a failed state., the real time protection was disabled during this time. So 1 - why did the AV update itself automatically ignoring how I configured it? 2 - Is this poor design to disable itself until human interaction? The error was it couldnt update the nod32 service, due to the fact I had process monitor running (when process monitor is running services cannot be uninstalled/replaced).
-
As a long time paying customer I'd like to say...
chrcoluk replied to jeklor's topic in ESET NOD32 Antivirus
Agreed 9's UI is inferior 8, so lifeless. But also the font size is too big, on my 720p and 1050p displays it just looks way too big, as if its tuned for high dpi only. This stuff should be customisable. -
livegrid, protocol filtering, and https scanning
chrcoluk replied to chrcoluk's topic in ESET NOD32 Antivirus
Given all the other issues I am pretty sure it is also affected by logjam, but no browsers have patched logjam yet either, the only protection against logjam currently is to disable the suspect ciphers. (which nod32 gives no control over). So I ask the question again. If protocol scanning is enabled but http/https scanning is disabled. Does file based scanning, email scanning etc. get livegrid cloud protection? This is important because if the answer is yes, its not a big deal to disable https (or http) scanning as the content gets scanned when written to the browser cache folder anyway. -
livegrid, protocol filtering, and https scanning
chrcoluk replied to chrcoluk's topic in ESET NOD32 Antivirus
Ok an update, I have now got HSTS working, it seems I had to enable the root certificate option with firefox closed. However running ssllabs test and checking ciphers in use doesn't look good. Firefox reports me using TLS 1.0 to view my site. I don't know if that's the cipher used between nod32 and the browser or between nod32 and the website. ssllabs reports no tls 1.2 support, apparently this is coming but seems to be taking its time? ssllabs reports no OCSP STAPLING support ssllabs reports no session ticket support ssllabs reports rc4 ciphers been enabled ssllabs reports sslv3 enabled ssllabs reports none forward secrecy ciphers at top of preference list (bad) I hope these get resolved soon, and as I said in another thread, I hope you give control of ciphers in the settings. -
livegrid, protocol filtering, and https scanning
chrcoluk replied to chrcoluk's topic in ESET NOD32 Antivirus
Rugk HSTS status is sent by the server not the certificate. if a client doesn't support HSTS and HSTS is enforced by the server problems occur. Here is a copy and paste of the error but censoring my domain name as its a private domain. This Connection is Untrusted You have asked Firefox to connect securely to www.xxxx.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. HSTS will get more and more common as sites like sslabs downgrade the grading without HSTS support. My question to marcos is why does the filescanner not use full capabilities? Also check https://revoked.grc.com/ the test fails when I have https scanning enabled, but passes when the browser does the revocation check. If you going to intercept https traffic you need to keep up to date with modern ssl security practices. I think the way forward with v9 is to replace https scanning with a browser addon, only scan "after" the browser has decrypted the traffic. Your statement is also confusing. https scanning is off by default, but you have stated without it https browsing doesn't get full livegrid protection, also nod32 online knowledgebase tells people with ssl issues to disable https scanning to resolve them, but doesn't warn they lose proper livegrid protection by doing so. This is a real problem that needs resolving. -
you have ignored his question, why can you not add cipher control to the settings? Also support for HSTS hxxp://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Public Key pinning hxxp://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Plus manual verification of ceritifcates. I think the HTTPS interception is messy and goes against good security practices. Its better to just make it so livegrid can work without live http/https interception.
-
Ok so multiple questions here. For quite a while I have had protocol filtering disabled. I still scan any written and executed files and emails. But I always believed extra scanning on network traffic was redundant. Anyway a few days ago I enabled protocol filtering, http and https scanning, and found out quickly why https scanning was problematic. nod32 handles the connection to the server, and then the browser communicates with nod32, this has implications fot encryption security, as I have no idea e.g. what cipher is used between ndo32 and the server if revocation checks are been carried out. is nod32 patched against ssl vulnerabilities such as crime, heartbleed, and beast. does it work with key pinning. note these 2 web pages. https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html I already know nod32 cannot handle HSTS, my own domain has HSTS activated, and firefox will refuse access to a HSTS server if the certificate doesn't match up, when it tries to access my domain and see's the nod32 cert it gets angry and I cannot browse my site. So I currently don't scan https, however for now I have left http scanning enabled with no current ill affects. My next issue I want to raise is about protocol filtering and livegrid. I have always left livegrid on and assumed it was in use, but someone warned me on wilder's security, that livegrid does not work if protocol filtering is disabled, I see no reference to this in documentation so this needs clarifying for me please. In the settings I see a couple of options for protocol filtering. "integrate into system" - no idea what this does, but is it a on/off switch for livegrid use on file/email scanning? "enable application protocol based filtering" - this is a on/off for network scanning of http/https/imap/pop/pops/imaps but is it required for livegrid feature to work? Thanks
-
Have over a year left on license but want to upgrade
chrcoluk posted a topic in ESET NOD32 Antivirus
So I have a year left on my AV license, if I want to upgrade to the full ESS, whats the way to do it? Without losing my time left. Is ESS's firewall stable and not a performance killer? as now I decided I want an intelligent app based firewall.