Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by cvvorous

  1. yeah, i'd also like to shut it up - it wasn't working before (webcam detection bug) and now that it's working, I wish it wasn't, haha.
  2. the blog both articles refer to is really light on details beyond inferring that bad actors are using html5 redirects on mobile devices with specific criteria; my guess is that eset would protect the user from the domain a browser is redirected to. imo, the html5 "malware" referenced doesn't seem like "malware" so much as using html5 features to do sketchy stuff.
  3. not sure whether dashlane is a typically supported pw manager (gave up on it a while ago) but it seemed like eset needs to release updated banking protection modules to keep up with supported pw mgrs; this is part of why i've given up on banking protection altogether.
  4. Are there any other sites/services that don't load correctly? Does the network in question have WPA or similar encryption, or is it an unencrypted public network with a captive portal?
  5. I think Marcos was asking about whether the issue goes away if you completely uninstall ESET and reboot your machine.
  6. my client fires the same 6 requests over and over, with different values based on date/time. afaict, this telemetry hasn't changed since 2013 or so (if you search for chsquery you'll find weirdos posting stuff about ESET participating in NSA/CIA SIGINT ops, lol) POST https://ts.eset.com:443/query/chsquery.php HTTP/1.1 Host: ts.eset.com:443 Content-Type: multipart/form-data; boundary=------------------------3kMBisMe5ab5274 Content-Length: 3021 Connection: Keep-Alive --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="chc_pversion" Content-Transfer-Encoding: 8bit 6 --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="chc_sversion" Content-Transfer-Encoding: 8bit 88 --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="chc_gmdatetime" Content-Transfer-Encoding: 8bit 2018-03-23 16:11:56 --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="chc_datetime" Content-Transfer-Encoding: 8bit 2018-03-23 10:11:56 --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="datatype" Content-Transfer-Encoding: 8bit �f --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="key" Content-Transfer-Encoding: 8bit <redact> --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="priority" Content-Transfer-Encoding: 8bit � --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="hitcount" Content-Transfer-Encoding: 8bit � --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="firsthitdate" Content-Transfer-Encoding: 8bit �gT�[U�L^^ ZV[BS�G_ --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="lasthitdate" Content-Transfer-Encoding: 8bit �gT�[U�L^^ ZV[BS�G_ --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="firsthitdatedelta" Content-Transfer-Encoding: 8bit �fQ�O --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="attributes" Content-Transfer-Encoding: 8bit <redacted encoded data> --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="sessionid" Content-Transfer-Encoding: 8bit �gS�C]�U^ --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="file"; filename="file" Content-Type: application/octet-stream <redact encoded data> --------------------------3kMBisMe5ab5274 Content-Disposition: form-data; name="chc_valid" Content-Transfer-Encoding: 8bit 1 --------------------------3kMBisMe5ab5274--
  7. Looks like BPP pre-release module dated 03/20 added support for the current stable 1password extension. Thanks.
  8. planetside 2, elite dangerous, x-plane, stellaris on pc for me. adding sea of thieves on tuesday.
  9. New BPP module (3/9/2018) but still no support for the stable 1password extension. This extension build came out on 3/1/2018. https://app-updates.agilebits.com/product_history/OPX4
  10. AFAIK, Webroot can apply their identitysafe protections to Opera, but they don't use sandboxing.
  11. It looks like the current stable version of 1password's extension for Firefox ( isn't functioning with BPP again. I've tried with both stable and pre-release updates enabled in EIS. I'd really like to use BPP, but this stuff occurring on a regular basis forces me to leave it off. I understand the concern about vetting and curating a list of approved extensions, but this is disappointing. Thanks Detection Engine: 16987P (20180301) Rapid Response module: 11690 (20180301) Update module: 1013 (20171116) Antivirus and antispyware scanner module: 1535 (20180202) Advanced heuristics module: 1184.1 (20171212) Archive support module: 1272 (20180122) Cleaner module: 1154 (20180222) Anti-Stealth support module: 1126 (20180219) Firewall module: 1373.1 (20180103) ESET SysInspector module: 1270 (20170808) Translation support module: 1666 (20180220) HIPS support module: 1312 (20180215) Internet protection module: 1328 (20180226) Web content filter module: 1058 (20170406) Advanced antispam module: 6972P (20180301) Database module: 1096 (20180202) Configuration module (33): 1525.11 (20171227) LiveGrid communication module: 1043 (20180205) Specialized cleaner module: 1012 (20160405) Banking & payment protection module: 1125 (20180228) Rootkit detection and cleaning module: 1019 (20170825) Network protection module: 1617P (20180228) Router vulnerability scanner module: 1045 (20180131) Script scanner module: 1033 (20180228) Connected Home Network module: 1019.1 (20180220) Cryptographic protocol support module: 1025 (20171106)
  12. FWIW, It wasn't an "unknown" threat - it's a PUA that's existed for a long time (July) and was stupidly bundled by the developer of that payware aircraft installer to try and catch a software pirate. That particular build of the PUA was first submitted to VT back in November, and the tool itself (Chrome password dump) has been around longer.
  13. it worked fine for me as well, using an app that reads hosts and inserts an entry on startup. it didn't notify when i inserted a value to hosts via cli using echo, though, but i'd imagine that's not a common manipulation method
  14. Received the update to module 1115 today and can confirm it works - will ESET have to deploy a module update with every 1password extension or client update?
  15. Thanks for the info @Marcos - does ESET have to issue a module update for every update to the extension?
  16. I'm on 1password client 6.8 build 469 on Windows 10 Chrome extension from here: https://chrome.google.com/webstore/detail/1password-password-manage/aomjjhallfgjeglblehebfpbcfeobpgk?hl=en-US
  17. Hey, I haven't been using B&PP since it was introduced since my password manager's extension isn't whitelisted, and thus can't be used within the secure browser without manual copy/paste. Is this something ESET will ever consider doing? I'm using 1password. Thanks
  18. Could you possibly have a potentially malicious extension installed in your browser that happens to be injecting scripts into sites? You could try loading google or youtube or whatever in incognito mode (assuming you don't load the same extensions in that mode) and see whether EIS reacts.
  19. Same for me with ESS 10 on Win10 x64. Did a complete uninstall using the ESET uninstaller, and a fresh install. It seemed to fix it, but the issue came back after a couple of reboots.
  20. Hey, Are you guys able to merge retail license keys (i.e. 2 1YR 3 PC licenses into 1 2YR 3PC license)? I spoke to tech support, they directed me to sales, and sales was unsure whether it can be done or not. Thanks!
  21. Nope, it only crashes on the initial scan. After I reinstalled following a normal product uninstall, reboot, safe mode + uninstall tool run, it didn't crash again on my workstation. I'll see whether I can repro on my other affected machine. I submitted a sysinspector report to support, and they just repeated the event viewer log back to me and said it was an "unreported issue" and to engage chat support.
  22. Hey, I've encountered a crash during initial scan on two different PCs both running Win10 x64. The product is otherwise functioning normally following a reboot, but I've been able to reproduce this same crash with each reinstall of ESS. I guess my question is: Are there any known product issues in this build that might lead to this sort of a crash? I reached out to support, and submitted a sysinspector report following the crash, but they're having a hard time differentiating between "crash on initial scan" and "crashing all the time due to software conflict" Windows Event Viewer indicates: "The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service." 08/11/2016 21:47:10 - if I don't reboot the PC after this, the GUI indicates no protection services are functioning. *EDIT* I removed to reproduce again and ran ESET's uninstaller utility in safe mode and reinstalled and that seems to have cleared it up. Just mentioning that in case anyone else runs into this.
  23. IMO, it doesn't matter if the test's scope is only whether the system gets infected and whether the product remediated the infection after 24h. As you said, the payment protection is tested as part of the banking-specific report, and that particular test is conducted on systems running Win7 x64 w/IE 11 as the browser. This particular one seems to me as straightforward a test as any - does the product protect the system from infection? If not, does it remediate the infection after 24h? From the report: This assessment measured the ability of security products to protect an endpoint from a live infection, and, in the event of a system being compromised, the time taken to detect the infection and remediate the system. The timeto-detect-and-remediate component relied on each security product being manually forced to conduct a scan every thirty minutes over a twenty-four hour period.
  • Create New...