itman
-
Posts
12,199 -
Joined
-
Last visited
-
Days Won
321
Posts posted by itman
-
-
The Github certificate is self-signed. Strongly suspect this is the same issue manifested in the Chromecast thread.
Adguard must be performing some MITM port redirect activity to ports other than 443 and this is what Eset's SSL/TLS protocol scanning is hiccuping on.
Present there are two solutions:
1. Only specify port 443 in SSL/TLS protocol scanning.
2. You will have to find out what ports Adguard is performing its proxy activities with and exclude those ports from the existing Eset SSL/TLS port 0-65535 specification. For example if Adguard is using ports 1010,1011, and 1012, the Eset SSL/TLS port specification should be: 443,0-1009,1013-65535. Note that this will only work if Adguard is using static proxy port assignment. If it changes ports dynamically, you're out of luck.
I whole heartily expect many more posts like this for other apps.
-
2 hours ago, Marcos said:
0-8008, 8010-65535
I would suggest 443, 0-8008, 8010-65535.
It appears the developer set the HTTPS scanning to initially trigger on port 443 and then check for any port directed MITM proxy activity on any other ports which BTW, is what this Eset modification is all about. This processing was initially borked and all processes were being detected and added to the list of SSL/TLS protocol scanned processes. Based on recent testing, it appears the all processes HTTPS scanning has been corrected. I am observing only processes listed that originally connected via port 443.
-
Based on the SFC scan findings, I would say a Win 10 reinstall is called for.
The least painful way to do so is to use the "Reset" feature in Win 10 described in this article: https://www.laptopmag.com/articles/reset-windows-10-pc . This feature will allow you to keep all your personal files but all your Windows non-Store apps will have to be reinstalled including Eset. So if you have customized Eset settings, make sure you export those prior to performing the Win 10 Reset.
Hopefully after the Reset installation is completed and Eset reinstalled, it will function normally.
Also note that a Win 10 Reset does not modify any existing Win 10 account logon profiles. So if there are issues associated with those settings, they will persist after a Reset is performed.
-
1 hour ago, itman said:
Bottom line - unless browser based Chromecast is used, the Chrome Media Router extension should remain in its default disabled state.
Realized this might be misinterpreted.
Based on what I have read, once the Media Router extension is enable in Chrome via use of the Chromecast casting feature, the extension remains permanently enabled. As such, you remain vulnerable to any attack misusing it.
-
You can running this command from admin level command prompt window:
sfc /scannow
When that completes if you are running Win 10, then run the following command:
DISM /Online /Cleanup-Image /CheckHealthRef.: https://www.windowscentral.com/how-use-dism-command-line-utility-repair-windows-10-image
Note that both sfc and DISM will take a while to complete.
-
34 minutes ago, joeyjo said:
Hi, thanks for your suggestions but in ESET there is no obvious Firewall.
This would infer you are using NOD32 which does not contain a firewall.
-
11 hours ago, lamar said:
Where does the above quote come from?
From the bleepingcomputer.com link in regards to Kaspersky like issues I posted previously.
11 hours ago, lamar said:Do you suppose this bearded malware was able to remain invisible for Eset?
Eset along with most VirusTotal AV vendors detect the Trojan. None from what I can tell, detect any of the malicious JavaScript's it uses.
Bottom line - unless browser based Chromecast is used, the Chrome Media Router extension should remain in its default disabled state.
-
Whereas there is a way to export the self-signed cert. from their webmail site here: https://webmail.jpberlin.de/roundcube/ and import it into Eset's list of SSL/TLS known certificates, I don't know if it would work in regards to Eset's client e-mail scanning. Someone from Eset will to comment on this.
I am assuming the webmail certificate is the same one their client e-mail servers are using.
-
What we really haven't talked about is the origin of the problem which is:
QuoteWhat is causing these errors is a hidden Chrome extension called Chrome Media Router that automatically scans a network for Chromecast devices when the browser starts.
Here's a detailed analysis of a recent malware that exploited Chrome Media Router:
QuoteGoogle Chrome
Razy edits the file ‘%PROGRAMFILES%\Google\Chrome\Application\\chrome.dll’ to disable the extension integrity check. It renames the original chrome.dll file chrome.dll_ and leaves it in the same folder.
It creates the following registry keys to disable browser updates:
- “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\AutoUpdateCheckPeriodMinutes” = 0 (REG_DWORD)
- “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\DisableAutoUpdateChecksCheckboxValue” = 1 (REG_DWORD)
- “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\InstallDefault” = 0 (REG_DWORD)
- “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\UpdateDefault” = 0 (REG_DWORD)
We have encountered cases where different Chrome extensions were infected. One extension in particular is worth mentioning: Chrome Media Router is a component of the service with the same name in browsers based on Chromium. It is present on all devices where the Chrome browser is installed, although it is not shown in the list of installed extensions. During the infection, Razy modified the contents of the folder where the Chrome Media Router extension was located: ‘%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm’.
https://securelist.com/razy-in-search-of-cryptocurrency/89485/
-
I just came across an interesting Google posting related to Chromecast titled;
Cannot cast content from a wired PC connected to same router as wifi to which chromecast 3 connected
Of note is the last recommendation:
QuoteTurn Windows Defender OFF.
https://support.google.com/chromecast/thread/4191235?hl=en
As such, I don't expect a speedy resolution to this issue other than the Eset SSL/TLS protocol scanning HTTPS port 8009 exclusion.
-
3 hours ago, joeyjo said:
Any advice on how I allow SAGE to send VAT info to HMRC?
Don't believe this is an Eset firewall issue. When I was on the Sage web site, I received multiple alerts from uBlock Origin filter on FireFox about adware/tracking activities on the web site.
Post a screen shot on any alerts from Eset it is generating while on the Sage web site.
-
2 hours ago, Marcos said:
Try deleting the files in safe mode as suggested here:
Re-installation of Windows would also fix the issue but that's not what we would like to recommend since there's an easier way how to fix the problem with the Windows transaction system.
If the entire quoted reference is read, the only thing that fixed this for the OP was a reformat of the OS partition and a clean install of Win 10.
-
Although not directly related to this Eset Chromecast issue, it is imperative that one validate that ports 8008, 8009, and 8443 are not open on the WAN side of the router. Before you ignore this, read this Sophos article:
QuoteThis time, it seems the Giraffe was aided and abetted by an online chum going by the name
j3ws3r(whether that’s an anti-semitic slur or just hacker-style spelling of the word “user”, where thejis pronounced asy, is an open question).According their own website, the pair identified more than 72,000 vulnerable Chromecast and Google Home devices
-
Do you have any games installed from RTS Arena?
-
You're not following what I posted. There is something wrong with the initialization processing of Win 10 Windows Security Center.
Your choices? Do as I suggested or live with the popup notification.
-
1 hour ago, Rami said:
I can understand it's Dell's ..
Contact Dell support. They might have a special firmware flash utility or procedure to deactivate. I would imagine this would require you proving to them that you are the real owner of the device.
Also if the chip is not soldered to the motherboard, they could sent you a new chip. Chip replacement is dicey.
-
This is a long known Win 10 issue caused by Windows Security Center not properly initializing and the issue has nothing to do with Eset being installed. It has manifested when Windows Defender was the only AV installed.
This old fix shown below appears to be no longer available since Microsoft has locked down these service settings in later Win 10 versions. The same could possibility be done by modifying the associated service start value setting in the Registry. But, that also might be locked down.
QuoteTo make this change:
Type "services.msc" (without the quotes) in the search bar
- Scroll down the list of services to find "Security Center" and double-click on it
- Change the Startup type setting to "Automatic" and hit "OK"
- Close the services window
- Re-start the machine to test
What you might try doing is uninstalling Eset and see if the alert disappears with only Windows Defender running. If so, then reinstall Eset and hopefully the issue is resolved.
-
5 hours ago, Rami said:
Yes I understood that from your earlier post , but I thought if I disable it in the BIOS(It was set as Deactivated) it would disappear(the detection)
Thanks again.
Did a bit more checking.
It appears once Computrace is activated in the BIOS/UEFI, there is no way to permanently disable it. This actually is by design to prevent whomever stole your laptop, etc. from doing the same. It also appears that setting is controlled by the chip firmware itself. And reflashing the BIOS/UEFI won't deactivate it.
-
Also there is some confusion about terminology. Computrace was originally named Lojack. There is a Trojanized malware version of Lojack which Eset name "Lojax" that is creating the confusion:
QuoteStarting in at least early 2017, trojanized versions of an older userland agent of the popular LoJack anti-theft software from Absolute Software were found in the wild . We call this trojanized LoJack agent LoJax . LoJack attracted a lot of attention in recent years as it implements a UEFI/BIOS module as a persistence mechanism .
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
Of note is Eset's detection for the malware version is LoJack agent LoJax.
-
1 hour ago, am_dew said:
Thanks. Both desktop PCs are network connected via hard wire. I'm not going to spend any more time getting it to work since one PC connects to the Chromecast dongle fine as does my Android phone.
Check this out: https://support.google.com/chromecast/answer/3249268?hl=en . Run the automated troubleshooter first.
-
1 hour ago, am_dew said:
What does not make any sense to me is why one PC in the same house, on the same network, can connect to the Chromecast without issue now that I've applied the temp fix. I've been through every network related setting on the problem PC and it all looks OK.
I am far from an expert when it comes to IoT connectivity.
But based on this article: https://blog.bestbuy.ca/tv-audio/tv-home-theatre-tv-audio/how-to-connect-chromecast-chromecast-audio-to-your-av-receiver , connecting the Chromecast dongle to an AV receiver only allows for output from that dongle to anything directly connected to the AV receiver. That usually is a TV, X-Box, etc..
It appears latter version Onkyo receivers haves Chromecast built-in but that is only for audio streaming.
In other words in this configuration, I see no way how your PC not physically connected to the AV receiver could communicate with a Chromecast dongle attached to the AV receiver.
-
3 minutes ago, am_dew said:
The Chromecast dongle I am not able to connect to with one of my PCs is attached to an Onkyo audio-video receiver.
Onkyo equipment is notoriously temperamental.
This also might be routing issue. PC that can't connect to Chromecast device can't "see" the dongle since it is connected to the AV receiver.
-
2 minutes ago, am_dew said:
No, I've never been able to get Chromecast to work on it (new PC as of Sept 2018). I was hoping that it was an ESET issue now that we've learned more about the issue and resolution.
Since it appears you are using Chromecast on multiple network devices, on which device is the dongle attached to?
-
2 minutes ago, am_dew said:
Thanks, but no success. Since it did not work without ESET installed, I'm thinking it must be an issue outside of ESET.
Did Chromecast work properly on this device prior to ver. 12.2.23?
Constant Certificate Warning
in ESET Internet Security & ESET Smart Security Premium
Posted · Edited by itman
Researching this a bit and using the cert. name, *.dev.rtsarenagame.com, as a clue, it appears this is a development certificate. You can read about what development certificates are here: https://smallstep.com/blog/step-v0-8-6-valid-HTTPS-certificates-for-dev-pre-prod.html
The gist of the matter is development certificates are for internal use only. It is possible one of your apps had a borked update resulting in this certificate being used, etc.. I wouldn't worry about it unless Eset starts alerting about it again.
What you can also do is to check if that cert. somehow got added to the Windows root CA certificate store using certmgr.msc.