Jump to content

secured2k

Members
  • Posts

    9
  • Joined

  • Last visited

About secured2k

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    USA Minor Outlying Islands
  1. Environment: Windows 11 22H2 Outlook 365, 2301 (Current Channel) ESET Endpoint Security 10.0.2034.0 Exchange ActiveSync Account (Outlook.com Consumer email as example) With no ESET AntiSpam enabled, Microsoft services automatically block most junk/spam email on the server side (95% correct block rate). With ESET AntiSpam enabled, emails appear to be re-scanned, and the detection rate is substantially worse (less than 50% classified correctly). I also tried looking up the documentation and could not find the difference between the "Spam" button and "Spam Address" button in the Outlook ESET Addon. Could anyone answer/comment on this? Are there settings in ESET that could help enhance the spam filtering? I have the Integrate into Outlook, Advanced email client Processing, antispam, advanced antispam scan, etc. all enabled. I have enabled logging and see that many of the messages that used to get auto filtered by Microsoft on their servers are marked, "No rule classifies the email." and Score = 0. Granted there are some that are allowed or blocked in the list, but the detection rate seems very low compared to industry standards. Is there a known issue? I saw an update about email protection not working after sleep for 9.1 and 10.x and I am running the latest stable release of 10.x. I also have set my system to not go to sleep as a test and when Outlook is left running, this is when the problem shows up. Below is a screenshot of the filtered list of AntiSpam logs for "No Rule..." Note the email from and subject lines are obvious spam.
  2. Yes, disabling Secure Brower features would be a work-around but disables the option to use the feature entirely. For the recent Microsoft Edge 110 update, the minimal fix is to disable just the website redirection option. There was no issue on the previous 109 versions so this is a common programming/compatibility issue. The feature has worked well for what it does - a virtualized/sandboxed container and/or enhanced HIPS restrictions on memory/processes. Those with high end hardware and licensing for Windows (Pro/Enterprise) can use Application Guard to get similar (or better) protections as well. In Enterprise, high security environments sandbox everything and only allows for specific exceptions IT Admins set. I think ESET needs to document to normal users that the higher level of security does come at the cost of convenience - so it is expected that some copy/paste, printing, saving, extensions, etc. will not work as smoothly. Then they could go as far as showing simple attacks (malware and keyloggers) not working in the secured container vs non-secured application. However, most home users don't know or don't care. They assume things are secure enough rather than using a multilayered approach.
  3. Further testing found the issue is something in the new update for Edge may be trying to query or access sites ESET considers a secure banking or payment site. ESET detects the attempt and tries to read the website that was opened in a tab, but since the website was not in a tab/address bar, no data is presented to the programs - which results in a crash. This also could be ESET trying to close the Edge browser window that needed to be redirected but also does not exist. It looks like the product needs some improvement with compatibility with whatever Edge/Chromium is doing now as well as some additional validation (corrected coding/programming) to prevent redirection failure. The current work around is to disable the Automatic Redirection if enabled under the Secure browser settings. See the image below from ESET Endpoint Security, under Web and Email, Secure Browser Settings. Note: The list is maintained by ESET so it may be possible for them to fix or disable the feature in an automatic module update (Secure Browser module, v1294, Jan 10, 2023).
  4. Further testing found the issue is something in the new update for Edge may be trying to query or access sites ESET considers a secure banking or payment site. ESET detects the attempt and tries to read the website that was opened in a tab, but since the website was not in a tab/address bar, no data is presented to the programs - which results in a crash. This also could be ESET trying to close the Edge browser window that needed to be redirected but also does not exist. It looks like the product needs some improvement with compatibility with whatever Edge/Chromium is doing now as well as some additional validation (corrected coding/programming) to prevent redirection failure. The current work around is to disable the Automatic Redirection if enabled under the Secure browser settings. See the image below from ESET Endpoint Security, under Web and Email, Secure Browser Settings. Note: The list is maintained by ESET so it may be possible for them to fix or disable the feature in an automatic module update (Secure Browser module, v1294, Jan 10, 2023).
  5. After upgrading to Microsoft Edge 110, Edge will crash with Web Application filtering enabled. Issue did not happen with MS Edge 109. Environment is W11, 22H2 with January Updates. All VBS features enabled. ESET Endpoint Security 10.0.2034. Also reported on the home version products. I attached a debugger and found the crash appears with an ESET module, "eOppMonitor". This module appears to be associated with web filtering (Enable Application Protocol Content Filtering). Possible options until it is fixed with an update: Turn off the filtering feature. Revert to Edge 109 Enable web filtering (Including TLS) exceptions for affected applications like msedge.exe Enable Secure browser for all browser windows (this appears to load the browser in a VM and somehow avoids the crash). Technical: ExceptionAddress: 00007ff994a6f0f8 (msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x000000000000039c) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 000000000000001a Attempt to write to address 000000000000001a FAULTING_THREAD: 00002e2c PROCESS_NAME: msedge.exe IMAGE_VERSION: 110.0.1587.41 IMAGE_NAME: msedge.dll FAILURE_BUCKET_ID: NULL_CLASS_PTR_WRITE_c0000005_msedge.dll!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback OS_VERSION: 10.0.22621.1 BUILDLAB_STR: ni_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 SYMBOL_NAME: msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+39c MODULE_NAME: msedge 00000083`f2bfde60 00007ffa`3d617a4a : 00000083`f2bfe048 00000083`f2bfe048 00000000`0000001c 80000000`00000020 : msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x39c 00000083`f2bfdfa0 00007ff9`982b512e : 00000083`f2bfe140 00000000`00000001 00000083`f2bfe238 0000339c`0e5a94c0 : eOppMonitor+0x17a4a 00000083`f2bfe000 00007ff9`93b271f1 : 00000000`00000000 00007ff9`93b27165 00007ff9`9cf1c582 00007ff9`9d38165c : msedge!prerender::NoStatePrefetchManager::AddPrerenderForNtp+0x140 00000083`f2bfe210 00007ff9`936b4f3a : 00000000`00000000 00000000`00000000 0000339c`08393bf0 00000449`bc10f6c0 : msedge!prerender::PrerenderNtpManager::AddPrerenderInternal+0x71 00000083`f2bfe260 00007ff9`924301ac : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!IdleManager::NotifyIdleStateChanged+0x12a 00000083`f2bfe320 00007ff9`915a0477 : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::RepeatingTimer::RunUserTask+0x4c 00000083`f2bfe350 00007ff9`909a451e : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::internal::DelayTimerBase::OnScheduledTaskInvoked+0x37 00000083`f2bfe390 00007ff9`909a1fe6 : 00000000`00000001 00000083`f230a000 00000000`00000001 00007ffa`59b578c8 : msedge!base::TaskAnnotator::RunTaskImpl+0x1ee 00000083`f2bfe4e0 00007ff9`909b67e7 : aaaaaaaa`aaaaaaaa 00005dec`00222b01 00005dec`00278500 00005dec`00278500 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl+0x666 00000083`f2bfe7d0 00007ff9`92091792 : 00000083`f2bfebd8 0000006d`c2f2e8a7 0000c360`c58e64e3 00000000`00000001 : msedge!base::MessagePumpForUI::DoRunLoop+0x857 00000083`f2bfeb50 00007ff9`92a38020 : 00005dec`00238320 00000083`f2bfecf0 00000083`f2bfed98 00007ff9`912bb7e3 : msedge!base::MessagePumpWin::Run+0x82 00000083`f2bfebb0 00007ff9`9288bdd3 : 00000000`00000000 00000000`00000178 00000083`0000002f 0000c360`c58e63d3 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0x100 00000083`f2bfec40 00007ff9`92736ae0 : 00000000`00000000 00000000`00000000 00000000`00000000 0000006d`c2f2e898 : msedge!base::RunLoop::Run+0x143 00000083`f2bfed70 00007ff9`927367b9 : 00000083`f2bfef20 00007ff9`929f9b40 0000339c`00034088 00000000`0000001c : msedge!content::BrowserMainLoop::RunMainMessageLoop+0x9a 00000083`f2bfede0 00007ff9`927360a9 : 00000000`00000000 00007ff9`9d399218 00000000`00000018 00000000`00000000 : msedge!content::BrowserMain+0xa4 00000083`f2bfee90 00007ff9`927355e8 : aaaaaaaa`aaaaaaaa 0000aaaa`aaaaaaaa 00007ff9`9c725790 00007ff6`00000001 : msedge!content::RunBrowserProcessMain+0xd2 00000083`f2bfef90 00007ff9`926e593a : 00000083`f2bff140 00007ff9`926e422c 00000000`001e001c 0000027d`862473b0 : msedge!content::ContentMainRunnerImpl::RunBrowser+0x4be 00000083`f2bff0f0 00007ff9`926e4dd1 : 00005dec`00238320 0000c360`c58e7e63 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!content::ContentMainRunnerImpl::Run+0x31a 00000083`f2bff230 00007ff9`926e3445 : 00007ff6`219c0000 00006ebc`0027c140 00000083`f2bff530 0000027d`86204d60 : msedge!content::ContentMain+0x21f 00000083`f2bff450 00007ff6`21a7f5c8 : 00007ff6`21cd05a0 00007ff9`926e31a0 00000000`21cd0500 00006ebc`002702a0 : msedge!ChromeMain+0x2a5 00000083`f2bff630 00007ff6`21a7c623 : 00000000`0027c100 aaaaaaaa`aaaaaaaa 00006ebc`0027c140 0000006d`c2e4ee52 : msedge_exe!MainDllLoader::Launch+0x392 00000083`f2bff8c0 00007ff6`21b3aee2 : 00000000`00000000 00007ff6`21b3af59 00000000`00000000 00000000`00000000 : msedge_exe!wWinMain+0x468 00000083`f2bffdc0 00007ffa`59cf26bd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge_exe!__scrt_common_main_seh+0x106 00000083`f2bffe00 00007ffa`5b08dfb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d 00000083`f2bffe30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28
  6. I have the same issue with the business product, ESET Endpoint Security 10.0.2034. I attached a debugger and found the crash appears with an ESET module, "eOppMonitor". This module appears to be associated with web filtering (Enable Application Protocol Content Filtering). Possible options until it is fixed with an update: Turn off the filtering feature. Revert to Edge 109 Enable web filtering (Including TLS) exceptions for affected applications like msedge.exe Enable Secure browser for all browser windows (this appears to load the browser in a VM and somehow avoids the crash. Technical: ExceptionAddress: 00007ff994a6f0f8 (msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x000000000000039c) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 000000000000001a Attempt to write to address 000000000000001a FAULTING_THREAD: 00002e2c PROCESS_NAME: msedge.exe IMAGE_VERSION: 110.0.1587.41 IMAGE_NAME: msedge.dll FAILURE_BUCKET_ID: NULL_CLASS_PTR_WRITE_c0000005_msedge.dll!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback OS_VERSION: 10.0.22621.1 BUILDLAB_STR: ni_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 SYMBOL_NAME: msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+39c MODULE_NAME: msedge 00000083`f2bfde60 00007ffa`3d617a4a : 00000083`f2bfe048 00000083`f2bfe048 00000000`0000001c 80000000`00000020 : msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x39c 00000083`f2bfdfa0 00007ff9`982b512e : 00000083`f2bfe140 00000000`00000001 00000083`f2bfe238 0000339c`0e5a94c0 : eOppMonitor+0x17a4a 00000083`f2bfe000 00007ff9`93b271f1 : 00000000`00000000 00007ff9`93b27165 00007ff9`9cf1c582 00007ff9`9d38165c : msedge!prerender::NoStatePrefetchManager::AddPrerenderForNtp+0x140 00000083`f2bfe210 00007ff9`936b4f3a : 00000000`00000000 00000000`00000000 0000339c`08393bf0 00000449`bc10f6c0 : msedge!prerender::PrerenderNtpManager::AddPrerenderInternal+0x71 00000083`f2bfe260 00007ff9`924301ac : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!IdleManager::NotifyIdleStateChanged+0x12a 00000083`f2bfe320 00007ff9`915a0477 : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::RepeatingTimer::RunUserTask+0x4c 00000083`f2bfe350 00007ff9`909a451e : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::internal::DelayTimerBase::OnScheduledTaskInvoked+0x37 00000083`f2bfe390 00007ff9`909a1fe6 : 00000000`00000001 00000083`f230a000 00000000`00000001 00007ffa`59b578c8 : msedge!base::TaskAnnotator::RunTaskImpl+0x1ee 00000083`f2bfe4e0 00007ff9`909b67e7 : aaaaaaaa`aaaaaaaa 00005dec`00222b01 00005dec`00278500 00005dec`00278500 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl+0x666 00000083`f2bfe7d0 00007ff9`92091792 : 00000083`f2bfebd8 0000006d`c2f2e8a7 0000c360`c58e64e3 00000000`00000001 : msedge!base::MessagePumpForUI::DoRunLoop+0x857 00000083`f2bfeb50 00007ff9`92a38020 : 00005dec`00238320 00000083`f2bfecf0 00000083`f2bfed98 00007ff9`912bb7e3 : msedge!base::MessagePumpWin::Run+0x82 00000083`f2bfebb0 00007ff9`9288bdd3 : 00000000`00000000 00000000`00000178 00000083`0000002f 0000c360`c58e63d3 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0x100 00000083`f2bfec40 00007ff9`92736ae0 : 00000000`00000000 00000000`00000000 00000000`00000000 0000006d`c2f2e898 : msedge!base::RunLoop::Run+0x143 00000083`f2bfed70 00007ff9`927367b9 : 00000083`f2bfef20 00007ff9`929f9b40 0000339c`00034088 00000000`0000001c : msedge!content::BrowserMainLoop::RunMainMessageLoop+0x9a 00000083`f2bfede0 00007ff9`927360a9 : 00000000`00000000 00007ff9`9d399218 00000000`00000018 00000000`00000000 : msedge!content::BrowserMain+0xa4 00000083`f2bfee90 00007ff9`927355e8 : aaaaaaaa`aaaaaaaa 0000aaaa`aaaaaaaa 00007ff9`9c725790 00007ff6`00000001 : msedge!content::RunBrowserProcessMain+0xd2 00000083`f2bfef90 00007ff9`926e593a : 00000083`f2bff140 00007ff9`926e422c 00000000`001e001c 0000027d`862473b0 : msedge!content::ContentMainRunnerImpl::RunBrowser+0x4be 00000083`f2bff0f0 00007ff9`926e4dd1 : 00005dec`00238320 0000c360`c58e7e63 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!content::ContentMainRunnerImpl::Run+0x31a 00000083`f2bff230 00007ff9`926e3445 : 00007ff6`219c0000 00006ebc`0027c140 00000083`f2bff530 0000027d`86204d60 : msedge!content::ContentMain+0x21f 00000083`f2bff450 00007ff6`21a7f5c8 : 00007ff6`21cd05a0 00007ff9`926e31a0 00000000`21cd0500 00006ebc`002702a0 : msedge!ChromeMain+0x2a5 00000083`f2bff630 00007ff6`21a7c623 : 00000000`0027c100 aaaaaaaa`aaaaaaaa 00006ebc`0027c140 0000006d`c2e4ee52 : msedge_exe!MainDllLoader::Launch+0x392 00000083`f2bff8c0 00007ff6`21b3aee2 : 00000000`00000000 00007ff6`21b3af59 00000000`00000000 00000000`00000000 : msedge_exe!wWinMain+0x468 00000083`f2bffdc0 00007ffa`59cf26bd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge_exe!__scrt_common_main_seh+0x106 00000083`f2bffe00 00007ffa`5b08dfb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d 00000083`f2bffe30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28
  7. Thank you for the KB and links to the Microsoft documentation. ReflectDrivers is what I was looking for and seems to be working.
  8. Thank you for providing the KB Article. I confirmed the recovery environment could not read the system drive on reboot; likely due to the driver issue mentioned. I reviewed the KB and see it just says run the tool. Is there any documentation on what the tool is actually doing? If the problem is just a missing driver, could we make the changes manually by adding the drivers to the image or to the EFI partition?
  9. 2 Windows 10 Systems with ESET Protect / ESET Endpoint Encryption with and w/o authentication fail Windows 11 setup from the setup media (Running Setup using mounted ISO image from Microsoft). A previous post mentions an "updater utility" - is there any more information or KB on this? Description/Observation of Problem: During the first reboot, after EEE validates the password, a Safe Boot/WinRE startup occurs (Windows pre-boot kernel asks for Keyboard layout and which OS to start/Troubleshooting Options). One OS is labeled "Windows 10" and the other has no name. Tried both with no success - Windows will continue when you select a boot option via reboot and setup reverts the changes back into a pre-windows 11 state stating a SAFE_OS phase error during BOOT. On one system, fully decrypting the system and then performing the upgrade worked. I will be testing another system later this week. All ESET Protect products were using the latest available public versions and once EEE was uninstalled (post decrypt), it was re-installed and everything appears to be working normally in Windows 11.
×
×
  • Create New...