cvvorous
-
Posts
55 -
Joined
-
Last visited
Posts posted by cvvorous
-
-
It could be that you have a specific archive that is crashing the scanner. Are you able to reproduce the crash whenever you run an in-depth scan?
Nope, it only crashes on the initial scan. After I reinstalled following a normal product uninstall, reboot, safe mode + uninstall tool run, it didn't crash again on my workstation. I'll see whether I can repro on my other affected machine. I submitted a sysinspector report to support, and they just repeated the event viewer log back to me and said it was an "unreported issue" and to engage chat support.
-
Hey,
I've encountered a crash during initial scan on two different PCs both running Win10 x64. The product is otherwise functioning normally following a reboot, but I've been able to reproduce this same crash with each reinstall of ESS.
I guess my question is: Are there any known product issues in this build that might lead to this sort of a crash? I reached out to support, and submitted a sysinspector report following the crash, but they're having a hard time differentiating between "crash on initial scan" and "crashing all the time due to software conflict"
Windows Event Viewer indicates: "The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service." 08/11/2016 21:47:10 - if I don't reboot the PC after this, the GUI indicates no protection services are functioning.
*EDIT* I removed to reproduce again and ran ESET's uninstaller utility in safe mode and reinstalled and that seems to have cleared it up. Just mentioning that in case anyone else runs into this.
-
The MRG report does not state whether the tests were done using the AV's financial protection secured browser feature. I assume the 360 tests did not since MRG does a separate test for such protection. However even if the tests were performed using Eset's OPP feature, the browser MRG used for testing was Microsoft Edge. Eset specifically states that the OPP feature is not supported for the Edge browser. So take those financial malware test results "with a grain of salt."
IMO, it doesn't matter if the test's scope is only whether the system gets infected and whether the product remediated the infection after 24h. As you said, the payment protection is tested as part of the banking-specific report, and that particular test is conducted on systems running Win7 x64 w/IE 11 as the browser.
This particular one seems to me as straightforward a test as any - does the product protect the system from infection? If not, does it remediate the infection after 24h?
From the report:
This assessment measured the ability of security products to protect an endpoint from a live infection, and, in the event of a system being compromised, the time taken to detect the infection and remediate the system. The timeto-detect-and-remediate component relied on each security product being manually forced to conduct a scan every thirty minutes over a twenty-four hour period.
-
-
In the mean time I've found out that only a trial version of 1Password is available for download so whitelisting it would not probably help. I'll try to reach out to Agilebits for a license that would enable us to download the current version of the plug-in whenever needed.
do you need the extension/plugin and the local agent to whitelist, or just the extension?
-
Ok, so once it goes final we will consider whitelisting the plug-in.
My mistake - it looks like they actually just released a new stable version and browser extension last week - https://app-updates.agilebits.com/product_history/OPW4- I completely forgot that my PC was following their beta release cadence because of new features vs the old stable version from February.
-
They have a ton of users on OSX. 1password on Windows is currently in beta and is frequently updated. The agent itself is sometimes updated several times per week.
-
-
This happens only when you temporarily disable Banking and payment protection. If you don't want to use it at all, choose to disable it permanently and the protection status won't change then.
Did you see the two screenshots I added? It's set to "disable permanently". This is following a fresh install after running the ESET uninstaller, as the regular uninstall of *.349 borked the network adapters on my notebook. I tried toggling banking protection on and back off again (again, setting it to disable permanently), and it shows the red exclamation point again.
I figured it was a change in the newer build, as I didn't have any trouble with the old one. I suppose I could try removing it and reinstalling again, since something must be messed up if it's not supposed to be doing that.
-
sounds like you have the protocol filtering chain interrupted at some place: maybe the HTTP scanner or the protocol filtering itself. If I am correct, you should already know, no?
Uhh, no, protocol filtering is enabled/set to default. The only product functionality disabled that is usually enabled is banking protection. The "security tools" part of the UI that I mentioned encompasses banking protection, parental controls and anti-theft. The only one of those three options on by default is banking protection, and I have it turned off. Anti-theft and parental controls are off because I don't need or want either.
-
Is there any chance we might be given the ability to fully ignore the status of "security tools" in ESS? In build *.349.0, if you turned off banking protection and completely ignored its status, it was like it didn't exist. In *.375.0, however, I can ignore individual tool statuses, but in the case of baking protection, it signals in the UI that "required security tools aren't enabled" - If I go through the trouble to turn off banking protection, AND set ESS to ignore that it's turned off, why would I also want a persistent red "!" to remind me of that fact?
I'd leave it on if it wasn't so flaky and if it supported password managers (I saw a mention in another thread that some have been whitelisted if you have prerelease updates enabled, but when I tried it, Dashlane still wasn't whitelisted).
The way I would have expected this to work:
Turn off banking protection > Product informs that it's turned off w/signalling of some sort (which it does)
Ignore status of banking protection in UI elements / application statuses > product doesn't bother me about it in any way (it doesn't, it shows a red "!" on the setup UI element)
Thanks
-
What if I don't use LastPass? How can we add add-ons?
It's not possible. Only ESET can whitelist trusted add-ons.
Is Dashlane supported?
*EDIT* tried it, and it doesn't work when using the dashlane install URL their application provides (uses the chrome store to install it). Would be cool if ESET would consider vetting it and approving it, as not having a working PWM in payment protection is part of why I turn it off. (well, that and it regularly fails to detect banking sites half the time)
-
In the target applications section, just checkmark "Start a new application." That will just give you an alert when an executable runs in your Download folder.
yeah, problem is that it's also prompting windows subsystems running when i engage properties dialogs and stuff as well
-
Make a new rule with Action = Ask and Operations affecting Applications.
At the next screen select All Applications.
Next, Select the Application operations you wish to potentially block.
Next, Select Specific Applications, Click on Add and browse to your Download folder.
You should end up with a path that looks like:
C:\Users\<username>\Downloads\*.*
Click on Finish and test your rule.
Yeah, that's how I had defined my rule and was receiving way more prompts than just on-exe (which is what I selected in my application operations) - Seems like the behavior is a little different than it was with ESS8. Guess I'll just live without the extra ruleset as I despise being prompted repeatedly. Thanks for the feedback though!
-
Hi,
I had a simple HIPS rule on ESS8 that would prompt me for confirmation when launching an executable from my downloads folder. It was something like: application started from downloads folder > ask. It wouldn't ask on file properties inspection or for anything aside from executing an application from that folder. With ESS9, I'm having a hard time getting the HIPS to not spam me when Windows subsystems access files for properties dialogs, or any other trivial operation. Am I missing something?
-
FWIW, I found that the issue with protected Chrome not loading appeared (at least in my case) to be due to "allow Chrome to run in the background" being enabled by default. After I turned that off, it worked every time.
-
In my experience, messing with SSL can cause stuff to flake out. I had recurring problems w/Chrome when SSL scanning is enabled causing protocol errors left and right (due to SDCH issues). I gave up on trying to use it after a few module updates that were supposed to fix it didn't help.
-
Please try installing the latest Internet protection module 1179 as follows:
- download the new module from here and extract the archive to a disk
- start Windows in safe mode
- replace the original module C:\Program Files\ESET\ESET Endpoint Security\em019_32.dat with the new one
- start Windows in normal mode
- try to reproduce the issue.
It seems like this has fixed the issue. I'll keep trying to break it, but I haven't had any encoding errors yet.
I do still have to exclude the google drive client from protocol filtering in order for it to connect with SSL scanning enabled, but I don't think that's related to the issue with Chrome (it works if I disable blocking older SSL versions, so it seems like there might be something wrong w/the client itself and not ESS.) Thank you.
*EDIT* Actually, I've encountered a new error a few times since I posted this reply - the page fails to load, and Chrome indicates an "SSL_PROTOCOL_ERROR". Reloading the page sometimes fixes it.
-
-
Yeah, this could be the reason and could explain why it only happens with Google Chrome. So thanks for this good troubleshooting.
Wikipedia article (HTTP compression):
Additionally, third parties develop new methods and include them in their products, for example the Google Shared Dictionary Compression Over HTTP (SDCH) scheme implemented in the Google Chrome browser and used on Google servers.
https://en.wikipedia.org/wiki/HTTP_compression
It seems as this were also bug in Privoxy (a proxy which also filters web traffic) and as it was caused by a problem how it handles HTTP compressions. This could be a similar problem in ESS too.
About the commando line parameter of Chrome: Normally it should work. Can you try it with --enable-sdch=never_enabled_sdch_for_any_domain?
I mentioned I already tried the switch and it didn't change anything
-
Sure:
Google Chrome 40.0.2214.115 (Official Build) m Revision 831713c5c90271926c2ca70afaa969d32e4576f5-refs/branch-heads/2214@{#490} OS Windows Blink 537.36 (@189787) JavaScript V8 3.30.33.16 Flash 16.0.0.305 User Agent Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36 Command Line "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window --flag-switches-begin --disable-quic --manual-enhanced-bookmarks --flag-switches-end Executable Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -
I might have nailed down what causes this. It seems to be related to google's use of SDCH protocol. Google doesn't advertise SDCH on the first query, but will on subsequent search queries. I'm guessing this is why I can typically manage one search before I start getting content decoding errors.
To test, I set up a local proxy and had it scrub out SDCH from "Accept-Encoding" headers, and that seems to have fixed the issue, however, it's not really a permanent solution. There's supposedly a Chrome command line flag that should only allow SDCH on domains set by the flag (e.g. --enable-sdch=eset.com), but it doesn't work.
-
So it is the best solution to disable SSL protocol filtering? Is it that much broken? :/
It was for me. The alternative is to exclude chrome from protocol filtering altogether, which I don't think is an acceptable solution. I don't really think disabling SSL filtering is all that great either, but as I mentioned, doing "stuff" to SSL traffic can cause issues, so I'm not upset about it.
-
To install Internet protection module 1171B, carry on as follows:
- download the new module from here and save it to the disk
- start Windows in safe mode
- back up the original module C:\Program Files\ESET\ESET Smart Security\em019_32.dat and copy the new one instead
- start Windows in normal mode
- try to reproduce the issue
- let us know about your findings.
Hi,
I installed the new module and confirmed it via the "About" menu. I'm still experiencing the issue with content decoding errors and google search.
At this point, I think I'll just give up on enabling SSL protocol filtering. It seems like this issue is an ongoing thing (threads on this board and others, including posts dating back to Chrome 33.x with the same issue when SSL filtering is enabled in ESS). I know doing things to SSL traffic can cause weird stuff to happen. Thanks for the assistance.
Merging Retail License Keys
in General Discussion
Posted
Hey,
Are you guys able to merge retail license keys (i.e. 2 1YR 3 PC licenses into 1 2YR 3PC license)? I spoke to tech support, they directed me to sales, and sales was unsure whether it can be done or not.
Thanks!