Jump to content

itman

Most Valued Members
  • Content Count

    5,856
  • Joined

  • Last visited

  • Days Won

    167

Posts posted by itman


  1. Quote

    In this blog post, we’ll be looking at HP Support Assistant which is “pre-installed on HP computers sold after October 2012, running Windows 7, Windows 8, or Windows 10 operating systems”. We’ll be walking through several vulnerabilities taking a close look at discovering and exploiting them.

    Protecting your machine

    If you’re wondering what you need to do to ensure your HP machine is safe from these vulnerabilities, it is critical to ensure that it is up to date or removed. By default, HP Support Assistant does not have automatic updating by default unless you explicitly opt-in (HP claims otherwise).

    It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine (Option 1).

    Option 1: Uninstall

    The best mitigation to protect against the attacks described in this article and future vulnerabilities is to remove the software entirely. This may not be an option for everyone, especially if you rely on the updating functionality the software provides, however, removing the software ensures that you’re safe from any other vulnerabilities that may exist in the application.

    For most Windows installations, you can use the “Add or remove programs” component of the Windows control panel to uninstall the service. There are two pieces of software to uninstall, one is called “HP Support Assistant” and the other is called “HP Support Solutions Framework”.

    Option 2: Update

    The next best option is to update the agent to the latest version. The latest update fixes several vulnerabilities discussed except for three local privilege escalation vulnerabilities.

    There are two ways to update the application, the recommended method is by opening “HP Support Assistant” from the Start menu, click “About” in the top right, and pressing “Check for latest version”. Another method of updating is to install the latest version from HP’s website here: https://www8.hp.com/us/en/campaigns/hpsupportassistant/hpsupport.html

    https://d4stiny.github.io/Several-Critical-Vulnerabilities-on-most-HP-machines-running-Windows/

    I personally would opt for the uninstall option.


  2. 44 minutes ago, Raven said:

    Is there any other way to remove the fragments from this program that linger on my laptop without having to go through safe mode and using the uninstall tool on my laptop? If not I might have to forego having it dual run on my laptop as well.

    You should be able to uninstall the version of Smart Security on the laptop via the way you uninstall any other app. Namely, open Control Panel -> Programs -> Uninstall a program. Reboot after the uninstall is completed. Then download the current version of Smart Security as done previously and install it on the laptop.


  3. 36 minutes ago, taquionbcn said:

     

    I don't think so, no other flicker anywhere and I do intense use of the nvidia this days, for simulations with cuda and gaming , also if I disable nod32 real -time and windows defender is enabled(automatically) as shown in the second figure of previous post there is no flicker.

    Are you still getting update errors in the Eset Event log?


  4. Assuming you're using Win 10, refer to this article: https://support.microsoft.com/en-us/help/4028379/windows-10-how-to-use-remote-desktop . This also only applies to client to client PC connections.

    To utilize full RDP connectivity in a client to server scenario, you need to have Win 10 Professional or above installed. The Win 10 Home version does not support full RDP connectivity.

    An alternative here is to determine if your workplace allows remote connection via a VPN connection.

     


  5. 20 minutes ago, COStark26 said:

    A common solution has involved Controlled Folder Access = OFF via a W10 Defender setting But I confirmed mine has always been OFF ( I only found Controlled Folder Access by stumbling onto - Allow Defender to Scan Randomly with ESET- and the On/Off choice becomes available).

    I really don't don't know what you are referring to here.

    Windows Defender Controlled Folders option only applies if Windows Defender is the active real-time protection solution. If you have Eset installed, it is the active real-time solution and should be reflected as such in Windows Security Center.

    Activating the Windows Defender Periodic scanning option does not enable the Controlled Folders feature.

    In regards to this:

    Quote

    I only found Controlled Folder Access by stumbling onto - Allow Defender to Scan Randomly with ESET- and the On/Off choice becomes available

    I have never seen like setting. I do suspect however it might be indicative of both Eset and Windows Defender real-time scanning being enabled which should not happen if Eset was properly installed.


  6. 1 hour ago, SeriousHoax said:

    The link you shared is interesting. Malware installing fake certificate to make itself trusted

    Sadly, this issue isn't restricted to fake certs.. Legit certs. have been stolen. The attackers then proceed to sign their malware code with them. In a couple recent incidents, stolen/misappropriated driver certs. were used. Now you can't get better than that. Win 8.1/10 Secure boot will protect you here but you need to have the hardware to support it.

    Bottom line - anyone in "the security know" will flat out state the whole certificate concept is completely broken. But that's a topic for wilderssecurity.com or malwaretips.com posting and discussion.


  7. 17 hours ago, Marc3601 said:

    After the use of Eset's Online Scanner, which found one object, startup of our PC is very slow.  I must say that I did not view which object was caught, and, furthermore, I removed Eset's Online Scanner immediately after removal, with no record of what the scanner determined to be a threat. 

    @Marcos , is Eset Online Scanner Quarantine file retained after it's associated directory is removed?

    If so, Eset Online Scanner Quarantine could be reinstalled. Then the previous Quarantined item restored. Reboot and see if that resolves the slow startup issue.


  8. 2 hours ago, taquionbcn said:

    What is not shown in the static image is that the above options are flickering as if there where updated every 5 seconds

    It really appears everything is OK with Windows Security Center and Eset's registration of itself within.

    I would think that this flickering you are observing is more related to an issue with your graphics card/chip. Or possibly an issue with the driver/s it is using.


  9. Just now, SeriousHoax said:

    But anyway I fixed it by manually deleting it from the windows store, restarted the system, a new certificate has been created by Eset automatically and now everything is working fine.

    Interesting. Appears the Eset cert. in the Win root CA store got corrupted somehow. Never seen that one before.

    However, there are malware that have been known to deploy certmgr.msc; e.g. https://thehackernews.com/2018/07/cryptocurrency-mining-ransomware.html . Maybe something escaped your VM with all the malware testing you do?😬


  10. 17 minutes ago, SwartPerel said:

    If there are no issues, surely Mozilla would state that this certficate issuer is a trusted issuer. <shrug>.

    This is the standard display from Firefox when a third part root certificate is being used. It has always been displayed as such. You probably just never checked the HTTPS certificate status previously.

    -EDIT- The message display is slightly different now that FireFox is now deferring to the Win root CA store; i.e. security.enterprise_roots.enabled.


  11. 3 hours ago, Raven said:

    I just tried to uninstall the old version off my desktop and it stops in the middle of the process telling me I don't have access to the key (likely because it expired).

    That's strange. Really don't know why a License key would be required for an uninstall.

    Here's a link on how to both use and download the Eset uninstaller tool for whatever Win version you have installed: https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool . Note this must be run in Win Safe mode.

    Note: If this is a Win XP device, the OS needs to be upgraded to use any current Eset product.

    Once that hopefully successfully completes, boot back into normal Win startup mode. Download the current version of Smart Security Premium from here: https://www.eset.com/int/home/smart-security/download/  and install it. Then use the upgraded License key you purchased to activate it.


  12. 12 minutes ago, SwartPerel said:

    And the ESET certificate is still not recognised by Mozilla. Perhaps ESET should have a chat with Mozilla, since although all seems to be working properly, it would be preferable to have a certificate which is recognised by Mozilla.

    Based on the screenshot you posted here: https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/?do=findComment&comment=111963 and per @SeriousHoax previous reply to you, Eset's cert. is being used by FireFox w/o issue. So I really don't know what leads you to believe it is not.


  13. 4 hours ago, SeriousHoax said:

    I got the new internet protection module after switching to pre-release module but my Eset certificate is still not working in Firefox.

    I have a theory of what is going one here.

    It manifests when multiple Eset root CA certificates exist in the Windows root CA certificate store. Eset's root CA certificate is signed with a private key. That key is stored somewhere in the directories Eset creates at installation time. Whatever Eset certificate FireFox is extracting from the multiple ones stored in the Windows root CA certificate store has a private key that does not match the one currently stored in the applicable Eset directory. Hence use of the certificate extracted is rejected by FireFox.

    I would assume that the latest dated Eset root certificate in the Windows root CA certificate store is the one being used by the current Eset installation but there is no guarantee that is the case. Refer to the below screen shot:

    1. Open Eset GUI and navigate to Web and Email settings.

    2. Open SSL/TLS settings.

    3. Under Root Certificate section, mouse click on "View certificate."

    4. Mouse click on the Details tab.

    5. Scroll down to a line named Thumbprint. Mouse click on it which will duplicate the value to the box below it. Copy that thumbprint value and save it somewhere.

    6. Exit the Eset GUI.

    Eset_Cert.thumb.png.9db239f2385f7ba239830597120f29d9.png

    7. Enter certmgr.msc in Win 10 desktop Search bar.

    8. Open certmgr. Then open Trusted Root Certification Authorities -> Certificates.

    9. Now compare the prior saved Eset cert. thumbprint to the thumbprint of all Eset certificates shown.

    10. When a match on thumbprint is found, keep that certificate and delete all the other Eset certificates present.

    11. Exit certmgr.

    At this point, FireFox should only access the remaining Eset root certificate in the Win root CA store and there should be no longer any private key issues with FireFox's use of that certificate.


  14. I also just noticed that you are attempted to upgrade Eset Smart Security 9. That product is no longer supported: https://support.eset.com/en/kb3678-is-my-eset-product-supported-eset-end-of-life-policy-home-products . This could be the issue.

    I suspect that what you purchased perhaps is a two seat license for Internet Security? I know Eset Smart Security 9 is the last version supported on Win XP. But again, it shows end-of-life as of 12/2019. As such, I don't see how you could have purchased an upgraded license for it.


  15. Quote

    Activation failed - An error occurred during activation

    Your license key is not valid in the country you selected during installation. Please select the proper country or contact your license distributor.

    https://support.eset.com/en/kb7297-resolve-act-or-ecp-errors-during-activation-home-users

    Did you purchase your upgraded license from an authorized Eset source in the U.S.? Such sources would be the Eset U.S. web site, an authorized Eset reseller in the U.S., etc..

    Also make sure that U.S. is selected as the country during installation. This should have been done automatically since the first three characters of the license key indicate country; e.g. USAX- .........

     


  16. 1 minute ago, SwartPerel said:

    I wonder whether it is safe to delete the older certificates?

    At this point, it makes no difference since you have added Eset's root CA certificate to FireFox's Authorities store. Note that by default, FireFox will search there for a certificate. If not found, it then will search in the Windows root CA certificate store. Just realize that it appears Eset is now no longer updating FireFox's Authorities store at installation time. Or for that matter, after Eset installation via prior stated update methods.

    Appears your issue was related to this:

    Quote

    Starting with Firefox version 68, when a TLS connection error occurs Firefox will automatically enable the Enterprise Roots preference and attempts to connect again. If the issue is resolved, then the Enterprise Roots preference remains enabled. However, you may want to disable this behavior, so this article explains how to do just that without compromising security.


  17. 30 minutes ago, SwartPerel said:

    Have done as you suggested, itman, screenshot below. Does the fact matter that I have three certificates from ESET, and none are as recent as yours? I should mention that I have a current licence of ESET, due to be renewed, within the next week I think, so presumably will get an updated certificate.

    That could be the issue since I don't know what Eset certificate Firefox would use when multiple ones exist now that it is deferring to the Windows root CA certificate store.

    When Eset is installed, it adds its certificate included within the installer to the Windows root CA certificate store. Likewise when Eset is uninstalled, it is supposed to delete its certificate from the Windows root CA certificate store. Note that an Eset in-product upgrade does not replace the original Eset Windows root CA certificate. However, I believe an off-line download and install on top of existing Eset installation will install a new Eset certificate. This is how most likely you ended up with multiple Eset certificates in the Windows root CA certificate store.


  18. 5 minutes ago, SwartPerel said:

    Also ESET's certificate does not appear in the Firefox's Authorities certificate store, so I could delete it. It may be why I'm having this problem? I

    Based on your screen shot, you don't need to add Eset's root CA certificate to FireFox's Authorities certificate because by default, FireFox will look for it in the Windows root CA certificate store. Therefore, the next thing is to verify that Eset's certificate exists there and is a valid certificate. Do the following:

    1. Enter certmgr.msc in the your desktop search window.

    2. Open certmgr.

    3. Verify that the Eset certificate exists in Windows Trusted Root Certification Authority per the below screen shot:

    Eset_root_CA.thumb.png.9081e003e6ad6a0bfd58366ef873e40e.png

     


  19. 7 hours ago, Marcos said:

    As of Internet protection module 1395, this won't be true any more.

    Since I have this module, I did the following:

    1. Deleted Eset's root CA store certificate from Firefox's Authorities certificate store.

    2. Shutdown FireFox. Restarted FireFox.

    Zip issues on any HTTPS web site where Eset's root CA store certificate is being used.

    Next via about:config, checked the status of security.enterprise_roots.enabled. Note that I had not previously entered this value manually. See the below screen shot:

    Firefox_Eset_Cert.thumb.png.5098836a60301ce84bca04cc0f3b6358.png

    Note the lock symbol? Appears this is something FireFox creates internally to prevent modification of that setting?

    Finally, note the two highlighted security.disable settings. I believe the highlighting indicates a change from default fault which I assume is "true." Again, this is something FireFox did internally; or perhaps by my manually accessing those via Firefox security options; or Eset did prior to module 1395?

    What I am speculating is that perhaps user manual entry of security.enterprise_roots.enabled is what is the OP's problem? That perhaps it is interfering/overriding Firefox's like created setting?

×
×
  • Create New...