[Sending files to blocked site]

5 hours ago, Laurent75 said:

if I deactivate it works

Of note is if the "X" symbol is selected, the result is the disabling of the browser green frame indicating B&PP mode is active: https://help.eset.com/essp/16.2/en-US/idh_config_opp_badge.html . The browser remains in B&PP mode.

If file uploads are allowed with the green frame disabled, that is the source of issue for some unknown reason.

[Sending files to blocked site]

4 hours ago, Laurent75 said:

I have a forum and a Wordpress site and I would like to send files of +25MB and I am blocked by your secure browser module on my 2 sites.

Must have something to do with these 2 web sites. I can upload 25+MB file to a public file sharing site in B&PP mode w/o issue.

[URL on cloud blacklist - rbpf.bs]

Is rbpf.bs your ISP and you receive e-mail from them?

[URL on cloud blacklist - rbpf.bs]

Below are the results of tracert to rbpf.bs from my device. Connection is being made;

However the above shows that rbpf.bs domain, also confirmed by Robex output below, has nothing to do with the Bahama government;

Note that the results show rbpf.gov.bb domain. Perhaps that is the one you should be using?

[URL on cloud blacklist - rbpf.bs]

1 minute ago, ICTimpacs said:

In checking the systems the two domains to not share infrastructure other than the same top level domain.

Sound to me like a backbone DNS server issue to me. Can't help on that one.

[URL on cloud blacklist - rbpf.bs]

24 minutes ago, ICTimpacs said:

The bahamas.gov.bs domain is not blacklisted on mxtoolbox.

No problem with access to that domain on my Eset installation;

[URL on cloud blacklist - rbpf.bs]

17 minutes ago, ICTimpacs said:

because rbpf.bs is on the blacklist

I can't access this domain in a browser.

[IP/URL/Domain on blacklist - Mail security universalpackagesys.com]

I can access the domain w/o issue in a browser. As such, I don't see any blacklist activity by Eset;

[IP/URL/Domain on blacklist - Mail security universalpackagesys.com]

The website is using outdated software resulting in a high security risk use classification by Sucuri; https://sitecheck.sucuri.net/results/universalpackagesys.com .

[Allow Disabling of Status - Missing Support for Azure Code Signing]

I am posting a link to Eset's official notification article on this issue: https://support-eol.eset.com/en/trending_weol2023_10_2022.html .

Specifically noted in this article is;

Quote

Notifications in ESET products

Application statuses in affected endpoint and server products and alerts in ESET PROTECT management console appear from July 10, 2023, displaying the "Your operating system is outdated" message. In the first half of September 2023, this message started displaying "Missing support for Azure Code Signing". The same message will appear also in ESET home products.

It will be possible for administrators to hide the messages in Advanced setup during September 2023. For more information on how to hide application statuses in ESET business products, see the appropriate section in the documentation:

•ESET endpoint products

•ESET server products

•ESET PROTECT

It is fairly obvious that Eset will not be providing this notification disabling capability in NOD32, EIS, or ESSP. Furthermore, it is Eset long established policy not to allow for disabling of critical operational notifications in these products.

-EDIT- Removed prior EULA reference based on this posting: https://forum.eset.com/topic/1169-future-changes-to-eset-nod32-antivirus/?do=findComment&comment=173136 . I really give up on Eset licensing practices; they are a total and complete mess.

[Allow Disabling of Status - Missing Support for Azure Code Signing]

16 hours ago, whitefern said:

I am sure I will hear cricket sounds.

Actually, you will hear silence since this has been asked and answered multiple times. The latest Eset response is here: https://forum.eset.com/topic/1169-future-changes-to-eset-nod32-antivirus/?do=findComment&comment=173013 . FYI - Aryeh Goretsky is head of Eset's N.A. subsidiary which handles all product sales and support in the U.S. and Canada.

Since your Windows versions are LTSC, you are wasting time on this quest in futility. Instead you should be applying the applicable KB update to your Window installations

[JS/Spy.Banker.KJ reported on site but unable to reproduce or find.]

Eset detection here is not the only issue. Domain is first blocked via uBlock Origin TPL detection.

[Website detected - JS/Agent.RAW]

4 hours ago, lucamc said:

I have the same problem too. It seems that the malware is linked to the WordPress theme called "Newspaper". I also have that theme, and Grzegorz's site also has it.

However, on the theme's support forum, the developer "TagDiv" says that the theme is clean.

Per Sucuri web site analysis, below is the Newspaper plug-in being used. Is this the latest plug-in version?

Also Sucuri noted that the password entry field on this web site is not encrypted; i.e. HTTPS, meaning it can be intercepted by a hacker.

[A Norton phishing PDF I sent in the end of July looks to have been missed]

2 hours ago, Marcos said:

Where in the pdf is a clickable hyperlink?

Another important detail is no data exists on where to make the payment to. This leads me to believe the e-mail itself contained this info along with possibly a malicious link. I assume the .pdf was an attachment to the e-mail.

Bottom line - there is nothing malicious about the .pdf per se other than to support the attempted scam attempt.

-EDIT- Duh ..... Just realized the .pdf was a receipt. So the whole purpose was to get the e-mail recipient to open the .pdf. Was the attachment a .pdf or something else? I suspect the later. Let's say the attachment was an archive. When Eset scanned it, it removed any malware leaving the benign .pdf file.

[Interactive Firewall useless since 16.2]

37 minutes ago, sovchen said:

That doesn't sound right. Blocking via prompt stopped any network interaction nvdisplaycontainer tried to do, and it hasn't attempted to deploy from elsewhere either, I have verified this on my machine.

Refer my prior posting here: https://forum.eset.com/topic/37283-interactive-firewall-useless-since-162/?do=findComment&comment=172757 .

As long as the NvDisplayContainer.exe firewall rule specifies child processes, all outbound network traffic from it will be blocked. It is the NvDisplayContainer.exe child process that is performing the network connection.

[Allow Disabling of Status - Missing Support for Azure Code Signing]

5 hours ago, whitefern said:

Isn't this forum is a place for that where you get user's request and send it to ESET HQ?

Product enhancement requests are to be posted to this forum section, "Future changes to ESET NOD32 Antivirus."

[Allow Disabling of Status - Missing Support for Azure Code Signing]

6 hours ago, whitefern said:

I have no way to reach out to ESET corporate.

@Marcos suggested you contact your in-country support source first.

Since you are located in the U.S., go to the bottom of this web page: https://www.eset.com/us/existing-customers/ . Then initiate a Live Chat session, or submit a technical support request.

[Banking Ridirection Not Working]

4 hours ago, URBAN0 said:

Is there a way to have this page not appearing while redirection is made or at least being behind the actually redirected page like it was in working in previous releases.

I notice this also. You have to manually close the B&PP home page to view the URL in B&PP mode you originally entered. In previous versions, the B&PP home page auto closed.

[Allow Disabling of Status - Missing Support for Azure Code Signing]

9 hours ago, whitefern said:

It is BECAUSE it is a legitimate request. And the ESET Developers are ignoring a legitimate request from their user.

The request wasn't ignored by the Eset moderator. It was stated that Eset NOD32, EIS, and ESSP will not be modified to accommodate your request. If you are dissatisfied with this response, escalate your request to Eset corporate and stop wasting forum disk space. 

[Firewall rules magically disappear]

31 minutes ago, Binabik said:

In the firewall rules window, every time I select a rule, after a few seconds (up to a minute), it disappears automatically. 

I can't duplicate this behavior.

32 minutes ago, Binabik said:

If I close the window by clicking on the cancel button and reopen it, the deleted rules are still in the list,

This is expected behavior since you canceled the delete action.

33 minutes ago, Binabik said:

but if I close the window by clicking on the accept button (accepting the changes) and reopen the window, the deleted rules are gone forever.

Again, this is expected behavior since you confirmed the rule delete action.

[Allow Disabling of Status - Missing Support for Azure Code Signing]

53 minutes ago, whitefern said:

I will ask again. All I/We are asking is to give users the option to disable of the status/notification of "Missing Support for Azure Code Signing". It is just a Check Box. Users who disables the notification knows fully of the consequence.

You've asked this question no less than 14 times in this thread.

You're fortunate that the Eset forum is tolerate of such activity. You would have been banned long ago on most security forums.

[Antimalware Service Executable - Still Runs After Nod32 Install]

Select Manage Providers option in Virus & threat providers section of Windows Security Center to verify Microsoft Defender is actually turned on;

 

[JS/Agent.RAN]

5 minutes ago, Marcos said:

I cannot reproduce the detection, most likely the website has been cleaned in the mean time.

Same here. Web renders w/no Eset detection;

[Interactive Firewall useless since 16.2]

2 hours ago, x7007 said:

did new version release or I'm imagining 16.2.1.15.0

I got it via manual update option.

[ESSP 16.2.15.0 Whats New]

Also since nothing new was noted in the change log from the previous release, assume this was a bug fix release;

https://help.eset.com/changelogs/