chrcoluk

Hi. As confirmed on wilders. Livegrid is enabled in all modules including real time scanner module. Protocol filtering options are both enabled. The eset live grid only works for me when http module is enabled, doesnt work on local file scans. I believe this is a bug so reporting it. Also software is activated with valid license. Marcos will PM you later tonight or tomorrow with info you requested.

I failed the test even tho livegrid is enabled, I then clicked the eset link to look for instructions on how to fix and the link is invalid, points to a generic page on the eset site, oh dear. Can someone kindly please state on what I should do next?

Also I should mention after the update, the program components option changed itself to update automatically, every single other setting was preserved, only that one setting changed. If you guys are saying what I experienced isnt possible, I wonder now if I have some malware pretending to be nod32, hmmm. So I might uninstall and reinstall from the installer of the website.

I will test the insider version if needed, after you have working hips on insider (limited mode) I will purchase a license for my win10 machine. thanks Also I pointed eset support to this thread as they didnt seem aware of why the problem occurs.

yes the installer was running and stuck on a prompt saying it could not remove the old eset service. I had no eset icon in the system tray whilst it was stuck in this state. After I closed process explorer I was able to finish the installation.

So on my win7 desktop running nod32 av v8 I have updates set to auto install definitions, but the program updates set to ask before downloading program components. To my horror a couple of weeks ago my pc was left idle overnight, when 'i woke up and started using it, nod32 was stuck updating itself in a failed state., the real time protection was disabled during this time. So 1 - why did the AV update itself automatically ignoring how I configured it? 2 - Is this poor design to disable itself until human interaction? The error was it couldnt update the nod32 service, due to the fact I had process monitor running (when process monitor is running services cannot be uninstalled/replaced).

Agreed 9's UI is inferior 8, so lifeless. But also the font size is too big, on my 720p and 1050p displays it just looks way too big, as if its tuned for high dpi only. This stuff should be customisable.

are all the ssl vulnerabilities fixed?

Given all the other issues I am pretty sure it is also affected by logjam, but no browsers have patched logjam yet either, the only protection against logjam currently is to disable the suspect ciphers. (which nod32 gives no control over). So I ask the question again. If protocol scanning is enabled but http/https scanning is disabled. Does file based scanning, email scanning etc. get livegrid cloud protection? This is important because if the answer is yes, its not a big deal to disable https (or http) scanning as the content gets scanned when written to the browser cache folder anyway.

Ok an update, I have now got HSTS working, it seems I had to enable the root certificate option with firefox closed. However running ssllabs test and checking ciphers in use doesn't look good. Firefox reports me using TLS 1.0 to view my site. I don't know if that's the cipher used between nod32 and the browser or between nod32 and the website. ssllabs reports no tls 1.2 support, apparently this is coming but seems to be taking its time? ssllabs reports no OCSP STAPLING support ssllabs reports no session ticket support ssllabs reports rc4 ciphers been enabled ssllabs reports sslv3 enabled ssllabs reports none forward secrecy ciphers at top of preference list (bad) I hope these get resolved soon, and as I said in another thread, I hope you give control of ciphers in the settings.

Rugk HSTS status is sent by the server not the certificate. if a client doesn't support HSTS and HSTS is enforced by the server problems occur. Here is a copy and paste of the error but censoring my domain name as its a private domain. This Connection is Untrusted You have asked Firefox to connect securely to www.xxxx.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. HSTS will get more and more common as sites like sslabs downgrade the grading without HSTS support. My question to marcos is why does the filescanner not use full capabilities? Also check https://revoked.grc.com/ the test fails when I have https scanning enabled, but passes when the browser does the revocation check. If you going to intercept https traffic you need to keep up to date with modern ssl security practices. I think the way forward with v9 is to replace https scanning with a browser addon, only scan "after" the browser has decrypted the traffic. Your statement is also confusing. https scanning is off by default, but you have stated without it https browsing doesn't get full livegrid protection, also nod32 online knowledgebase tells people with ssl issues to disable https scanning to resolve them, but doesn't warn they lose proper livegrid protection by doing so. This is a real problem that needs resolving.

you have ignored his question, why can you not add cipher control to the settings? Also support for HSTS hxxp://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Public Key pinning hxxp://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Plus manual verification of ceritifcates. I think the HTTPS interception is messy and goes against good security practices. Its better to just make it so livegrid can work without live http/https interception.

Ok so multiple questions here. For quite a while I have had protocol filtering disabled. I still scan any written and executed files and emails. But I always believed extra scanning on network traffic was redundant. Anyway a few days ago I enabled protocol filtering, http and https scanning, and found out quickly why https scanning was problematic. nod32 handles the connection to the server, and then the browser communicates with nod32, this has implications fot encryption security, as I have no idea e.g. what cipher is used between ndo32 and the server if revocation checks are been carried out. is nod32 patched against ssl vulnerabilities such as crime, heartbleed, and beast. does it work with key pinning. note these 2 web pages. https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-HTTPS-security.html I already know nod32 cannot handle HSTS, my own domain has HSTS activated, and firefox will refuse access to a HSTS server if the certificate doesn't match up, when it tries to access my domain and see's the nod32 cert it gets angry and I cannot browse my site. So I currently don't scan https, however for now I have left http scanning enabled with no current ill affects. My next issue I want to raise is about protocol filtering and livegrid. I have always left livegrid on and assumed it was in use, but someone warned me on wilder's security, that livegrid does not work if protocol filtering is disabled, I see no reference to this in documentation so this needs clarifying for me please. In the settings I see a couple of options for protocol filtering. "integrate into system" - no idea what this does, but is it a on/off switch for livegrid use on file/email scanning? "enable application protocol based filtering" - this is a on/off for network scanning of http/https/imap/pop/pops/imaps but is it required for livegrid feature to work? Thanks

On AV (not ESS) I disable http module. In my opinion this is weakest part of ESET. I disable "open file" scanning but keep execute and creation enabled.

So I have a year left on my AV license, if I want to upgrade to the full ESS, whats the way to do it? Without losing my time left. Is ESS's firewall stable and not a performance killer? as now I decided I want an intelligent app based firewall.