itman

One possibility here is that Password Manager is not supported in trial versions. I couldn't find any info of this but it seems logically to me. I believe the PM is actually a third party product and is installed as such during the paid Eset installation phase. For trial versions, it is probably installed when a valid license key is entered.

Strange. Opened FF today and green border appeared. So guess that problem got resolved. Don't know what you mean by "Tab Page is mostly Green with white "You're in BPP" indicated." If your referring to the top tab as shown in my below IE11 B&PP web page screen shot showing "Secured by Eset", that did not show in FF. -EDIT- It showed. I just had to reposition the web page window slightly. Also as the screen shot shows, no issues w/B&PP in IE11:

After the most recent Win 10 x(64) cumulative update, ekrn.exe is back to using 57K memory versus the 90K+ memory it was using previously. Go figure ………..?

For what it is worth, I gave up on scheduled scans when multiple issues with the feature surfaced after the ver. 12.1.34 upgrade. I am just waiting until the next ver. upgrade to verify that the issue has been resolved.

Also McAfee has an article on how to reset the affected registry key back to IMAGE_STATE_COMPLETE. Note that by doing so is at your own risk since the IMAGE_STATE_UNDEPLOYABLE status indicates an unsuccessful OS deployment: https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&locale=en-US&articleId=TS102833&_afrLoop=1087443705220366&leftWidth=0%&showFooter=false&showHeader=false&rightWidth=0%&centerWidth=100%#!%40%40%3FshowFooter%3Dfalse%26locale%3Den-US%26_afrLoop%3D1087443705220366%26articleId%3DTS102833%26leftWidth%3D0%25%26showHeader%3Dfalse%26wc.contextURL%3D%2Fspaces%2Fcp%26rightWidth%3D0%25%26centerWidth%3D100%25%26_adf.ctrl-state%3Dugptswwfq_9 I suspect the OOBE issue that affects McAfee successful installation might also be affecting Eset successful installation/operation.

https://social.technet.microsoft.com/Forums/en-US/3eb137b8-f074-48a6-aa5a-33ec192e5422/imagestateundeployable-on-some-systems?forum=configmanagerosd

I just recently installed FireFox and B&PP appears to work fine. It even opens my bank's web site directly from Firefox. What I don't like is the way the Firefox web page show as an overlay to the B&PP web page versus a green bar around the page as in done in IE11. Is this the way BP&P is supposed to work with Firefox?

Good luck on this one. As far as I am aware of, there is no Eset setting that controls scan logging. Is the scanned entry missing from the Scan log file or when you open the entry, it won't show any scan log details?

Also, Firefox doesn't store the Win root CA store certificate thumbprint like IE11. As far as matching what stored in FireFox in regards to Eset's Authorities certificate, Subject Key Identifier is probably the best match:

What we really need to know for sure at this point, is what certificate FireFox is triggering the "Secure Connection failed" message on. Click on the FireFox lock symbol and from there you can extract info on both the web site cert. and what it is chained to. Note this is shown in a single display screen versus how IE11 graphically shows the chaining path.

Will also add this is a classic example of a RDP brute force attack. Simply implementing an account lockout policy after three failed logon attempts would prevent this.

On a device that FireFox displays the "Secure Connection failed" message, open up FireFox's Authorities CA store and verify that Eset's certificate setting for "This certificate can identify websites" is enabled as shown in the below screen shot:

I would say that is the answer we have been looking for. So we can "bury" that issue from discussion.

I believe this is by design. The browser is for all practical purposes locked down. You can however print from the browse. So, you could print the statements; I assume Firefox's .pdf reader is not blocked?

Refer to the below screen shot. Is the noted option set to "Ask ……….?" I believe if that is set to block, Eset will just block the activity and you will not receive any alerts on the activity:

There is another possibility in regards to your Eset installations. Reviewing again your posted badssl.com test results, it appears the connections were actually blocked. So the real issue is why you're not receiving any Eset alerts? In the List of SSL/TLS filtered applications section of the Eset GUI are all your browsers set to "Auto?"

The issue is to verify that no man-in-the-middle activity is occurring. Again when you perform the badsll.com test, you should be receiving multiple Eset alerts which are not occurring from any browser you test with. BTW - you do have Eset SSL Protocol scanning enabled on all test endpoint devices?

You misinterpreted the statement. What I stated was the only test I failed was the SHA-1 test when Eset SSL protocol scanning was enabled.

Do this: 1. Navigate to IE11's Tools option. 2. Open Internet options. 3, Click on Content tab. Click on Clear SSL slate. When the popup message appears that SSL slate has been cleared, click on OK for that popup. Close IE11. The above forces IE11 to repopulate its SSL cache with current certificates from all Windows CA stores sources. Reopen IE11 and perform the badssl.com test again reverifying that the web site's Eset root certificate matches the thumbprint in the Windows root CA certificate store. Eset's updates via ESMC should not have any bearing on replacement of Eset's root certificate in the endpoint's Windows root CA certificate store; at least it doesn't for EIS. My Eset root certificate dates back to my last full install of EIS ver. 12.

To begin with, I am having no issues in regards to the badssl.com web site test using either IE11 or Firefox. My test results are identical to those previously posted by @Marcos; initially a red popup Eset alert is displayed about a revoked certificate and thereafter, a yellow untrusted certificate popup alert for each badssl.com test performed.

That's somewhat what I expected. Thanks for the feedback.

Please refer to this forum thread: https://forum.eset.com/topic/14650-malware-win32exploitagentnzk/

Also, are you stating that all your files were changed to this file extension after installing Eset? You state that a "test" version of Eset was installed. Where did you download this "test' version from? For the record, Eset doesn't have "test" versions. You download, install, and run the full production version in "30 day trial" mode if you haven't purchased an Eset license.

Smart mode is a more aggressive setting. To be honest, I have always run the HIPS in that mode and have never received an Eset HIPS alert with that setting enabled.

Did you mistype that driver name? There is no Eset or Win 10 driver so named that I am aware of.