Daffie

@itman : I would not expect much response from ESET to this problem. Seems to me they have given up on SSL in v8. My topic is still unsolved after weeks. https://forum.eset.com/topic/7050-dont-use-eset-ssl-protocol-filtering-in-v8/

Anyone from ESET looking into this?

https://madiba.encs.concordia.ca/~x_decarn/papers/tls-proxy-ndss2016.pdf Reading these kind or reports is not making me less concerned. I have put SSL protocol filtering OFF for now until someone from ESET can explain why ESET is vulnerable to BEAST and FREAK. This is not acceptable for a product that should make you more secure, not less.

This is a problem of Schannel which ignores the information that TLS 1.2 is supported. If the remote server used 1.2 though, it would work but some rely on the inaccurate information provided by Schannel. Not sure if MS has addressed this in a hotfix, will try to get more info from our devs. Hi Marcos, any news about this yet? If I understand your post correctly, you are saying that although my browser is saying TLSv1.0 in fact it is using TLSv1.2 ? I need to be sure, I do not want to be more exposed than needed. If this is not the case, I am better of turning SSL protocol filtering off in ESET.

Thanks Marcos, looking forward to it. I am using Windows 7 Enterprise x64 by the way.

Not a problem with the latest .319 ver. of SS 8. All my https: web pages show TLS 1.2. You can verify this using your browser. You can also exclude privacy sensitive web sites from protocol scanning; I do. SSL protocol scanning is a bit like "you're damned if you do, and you're damned if you don't" quandary. I will say I have been using it for a while now and never encountered a HTTPS web site that Eset alerted to as malicious. I also checked this in my browser (Waterfox latest version) and it showed TLS 1.0 ! How can this be? I had to manually install the ESET ssl root certificate because I am using a portable installation of Waterfox. But that should have nothing to do with it. Any ideas why it is showing TLS 1.0 here?

https://device5.co.uk/blog/do-not-use-eset-ssl-protocol-filtering.html After reading this article I am not so convinced I am doing the right thing by enabling SSL protocol filtering in Smart Security v8. They seem to be making valid points in this article. Not only that, the ESET application downloads page (and the download itself) is served over unencrypted HTTP, meaning malicious actors can easily serve up modified and/or malicious versions of the ESET application without raising suspicion. This seems still valid, download of the installer is over unencrypted HTTP. Not only that, inspecting SSL negotiation with Wireshark shows the ESET application actually downgrades your SSL connection to TLSv1.0 even if your browser and the site you are visiting would normally use the much stronger TLSv1.1 or TLSv1.2. You may remember that TLSv1.0 is vulnerable to the BEAST attack and should generally not be used. Also this part about TLSv1.0 seems worrying to me! They end the article with : So, should you use ESET SSL protocol filtering? In my opinion, no. Leave it switched off. It isn’t worth giving a proprietary program access to view and alter all your secure communications on the off-chance it might catch a threat occasionally. It also results in false-positives, claiming that valid certificates have issues and should not be trusted. If you want to take advantage of the part of this feature that restricts using SSLv2, then there you should use your browser settings to do this instead of using ESET. I would appreciate feedback from ESET on this article. I am using the ESET SSL protocol filtering at the moment but I am not so sure anymore after reading this.

I think it works quite differently. For one, it does not work with signature database files. From their website : Blocks dangerous exploit-based malware and prevents the damage it can do Malwarebytes Anti-Exploit Premium protects you from zero-day exploits targeting browser and application vulnerabilities. Its proprietary technology guards you in that critical period between the release of a new exploit and its security patch. And, unlike antivirus products, Malwarebytes Anti-Exploit Premium proactively prevents the exploit from installing its payload. Before it can do damage. How it works for youFour layers of exploit protection (application hardening, protection against Operating System security bypasses, memory caller protection, application behavior protection) Proactive technology Protection for older Windows operating systems, including Windows XP Ability to add and manage custom shields No signature database Small footprint Anti-malware and antivirus compatible Blocks unknown and known exploit kits What it does for youProtects browsers, including Internet Explorer, Firefox, Chrome, and Opera Protects browser components, including Java and Flash Defends against drive-by download attacks Shields vulnerable applications, including Microsoft Office, PDF readers, and media players

Problems mentioned in this thread are on W7 systems. Nothing to do with W10. Wrong! I use 8.1 and also have these problems. My point was that it has nothing to do with W10. Last time I checked 8.1 is not W10.

Problems mentioned in this thread are on W7 systems. Nothing to do with W10.

Good question : i would like to know this also. @SCR : it is quite funny that you also want to go back to V8 after defending V9 so heavily in this topic : https://forum.eset.com/topic/6276-unable-to-disable-certain-security-alerts-in-eset-smart-security-9/page-2 I have a feeling there are more and more people going back.

Yep, also W7 x64 here. But since going back to V8 all problems are gone. I noticed same behavior as rept30.

Nothing wrong with sticking with a version of software you are happy with. It is not like V8 is not supported anymore. It works great. V9 is not working so good for me, but that doesn't mean I will not move to it in the future.

I am moving back to ESET 8. I had quite often lagging and unresponsive behavior since I updated to V9. Also the warning system and new GUI puts me off. Maybe I will try it again in a few months but for now I am sticking to version 8 where I had 0 problems with.

You can try installing Internet Explorer again? Just a guess, but could work.

When I just ignore the pop-up screen when inserting USB media, nothing gets scanned here.

Anyways, as I have written previously the notifications will be improved for advanced users in future versions. Thank the Gods for this!

Hey Marcos, I know that. But just like the OP I sometimes have the problem that my internet connection is a little bit later ready than usual, making ESET skip the update. I don't like that my PC is exposed for the next 60 minutes. This is a security risk. Do you have any suggestions to fix this?

I am afraid today it happened again. Seems ESET wants to update before my network is "ready". Any other suggestion Marcos? Maybe show the ESET splashscreen at startup? Will that give the network more time to get "ready"?

My post was also my real world experience. Believe me I know a lot of people in my circle of friends and family who are no technical users (noobs if you will). And believe me, most of them do not look at the tray icon. That is not to say that your real world experience can not be any different. In short, I respectfully disagree with your way of thinking

Saying you had to participate in a BETA program for things that are not working the way you are used to from all previous versions is rubbish. That is like saying : you need to shut up because you did not participate in the BETA program. Every person can complain about software he paid for. This has nothing to do with participating in a BETA program. No. That is absolutely not what I meant with what I said, not even near. But since you start to insinuate stuff - there is no point for me to explain what I actually meant with what I said. Like I said: I think some need to improve their knowledge so they better understand the product and what disabling e.g Webaccess protection does - and how it affects the protection and detection abilities of the product. And how the features collaborate with each other. I know it was not what you said but it sounded a little like that to me. No offense intended. Please explain how disabling webaccess protection affects the protection and detection abilities of the product. I would like to learn. To my knowledge it is just a database of websites that gets blocked when accessing it.

I agree with the OP, it is a jumbled mess. Eset 8 was a lot more clear on which application the rule applied to. Now you have to really look for it. Not handy when you want to clean the rules and get rid of applications you removed/uninstalled.

You are making a huge mistake in your thinking. These mass users you are describing that do not have a clue - these users will mostly not respond to a little cross in the tray icon either. They only respond to flat in your face huge pop-up warnings. Are we really going that way with ESET? My God, I hope not or they will lose me as a customer (and a lot of others I am guessing). Like someone here said before : give 3 warning windows when deactivating a certain feature (telling the user that they will not be 100% protected) and you did your job as software developer. If you make your product install with default settings to maximum you have covered these kind of users who do not have a clue. Or do you really think these kind of users will look in the tray at the ESET icon?

I assume you refer to the Web access protection when you say "interfere with my network" ? Maybe you could list those other tools for our interest ? Shame to hear that only your half brain is working, but you seem to be ok anyway (; Saying you had to participate in a BETA program for things that are not working the way you are used to from all previous versions is rubbish. That is like saying : you need to shut up because you did not participate in the BETA program. Every person can complain about software he paid for. This has nothing to do with participating in a BETA program. That being said : you can perfectly disable web and email protection in ESET and still be very well protected with HIPS, firewall, Livegrid and real-time protection. And if you are also using ublock origin, Noscript and OpenDNS (like I do) I honestly rather disable it in ESET (because it is giving me ''lagging'' problems since V9).

To be fair, he did respond to it by saying that they plan to make improvements.