Orange RImmed BPP screen

[christiaan-boland 0]

Although a similar topic has been treated, it did not solve the issue I'm facing lately:

When I'm sent to an ESET Protected Browser for a banking site, first I get the blue rimmed Protected Website, immediately followed by the orange rimmed window (see screencap).
I can do my banking, but only unprotected, by using the "Ignore Risk" button.

I've googled, read various topics in this forum etc. but cannot find how to solve this.

Some data:
I run Firefox 50.1.0, 'No proxy' (during my investigations set from 'Use system proxy settings' to 'No proxy'), System proxy set on "Automatically detect settings"
Addons:
- 1Password 4.6.2, mentioned in some other threads (last updated january 9, 2017; but the issue is from slightly earlier, I think) disabled the addon to no avail.
- Enable WhatsApp Web 0.1.3.1
- FirePHP 0.7.4.1
- Mail and Save 1.1.1
- HTML5 Video Everywhere! 0.3.4
- SaveLink 4.0.1
- Video DownloadHelper 6.2.0
I've all of them disabled - restarted PC - no avail

As the orange rimmed window states "If you're using software proxy, you need to disable it for loopback address." I looked at Hosts

Hosts: (C:\Windows\System32\drivers\etc\hosts)
127.0.0.1       localhost
127.0.0.1    ngm1780
::1    ngm1780
127.0.0.1    Pqp
::1    Pqp
127.0.0.1    pqp.test
::1    pqp.test

On my PC I run both WAMP and IIS

WAMP: uses testport 80
ISS: uses port 8181

I have a Laptop too, with similar settings, including WAMP and IIS (as I alternatively use both and they are synced as good as possible, including addons etc).
Both Desktop and Laptop are linked to the same Router ASUS RT-N66U - could there be a setting there? I did not lately change anything, but....

What can I do, where should I look to solve the problem of the orange-rimmed Protecte Web browser Window?

Thanks,

Christiaan

 

 

[itman 1,659]

1 hour ago, christiaan-boland said:

127.0.0.1    ngm1780
::1    ngm1780
127.0.0.1    Pqp
::1    Pqp
127.0.0.1    pqp.test
::1    pqp.test

These are localhost proxy server connections that can intercept Internet traffic. As such, Eset's Online Payment Protection feature cannot guaranty point-to-point data security. That is why it can't be activated. 

[christiaan-boland 0]

Hi ITman,

Thanks.

Now I think I read somewhere that I can kind of "circumvent" this problem by a (more) explicit limitation of the loopback adress.....

On my Laptop, funny enough, this is no issue. What could be the difference?

Christiaan

[itman 1,659]

Only secure online banking procedure I know of is to do what the Eset alert instructs; disable the proxy software using those localhost connections prior to initiating an Eset Online Payment Protection browser session.

[christiaan-boland 0]

Dear ITman,

 

I've cleaned the host file (actually copied hosts.txt -> host), so now only active line is "127.0.0.1       localhost"

I've disabled all addons in Firefox, I've stopped IIS and WAMP, restarted and made sure none of these is running, but still the orange rimmed BPP window telling me

Protected browser could not be started. If you're using software proxy, you need to disable it for loopback address.

If you cannot tell me where I should look , who can?

 

Thanks to still try to help me ;-)

Christiaan

[itman 1,659]

Download SysInternals TCPView from here: https://technet.microsoft.com/en-us/sysinternals/tcpview.aspx . Extract it to the folder of your chosing. Open the extracted folder and run tcpview.exe. Look for any connections to/from IP address 127.0.0.x where x = 1 - 255. The process associated with the localhost address is the one running the proxy. It also could be very well malware associated.

If no localhost connections are shown, minimize TCPView and start FireFox. Maximize TCPView and again look for any localhost connections.

[christiaan-boland 0]

Dear ITman,

After I posted my previous post, I decided to 'put everything back' and un- and reinstall ESET Smart Security.
While installing, ESET told me there was another virus program, Ad-Aware Web Companion that blocked the installation.
It took a while, as in Control Panel>Programs> it was listed under Web Companion (so in the alphabetical order not under "A" but under "W"), but I could delete this progam that appeared to have been installed on January 9 2017! Must have slipped in with another program, although it is the only one installed on that day. Some mistery remains.....
The removal of Ad-Aware Web Companion did the trick.
I've now everything working under protection of ESET again.

I've downloaded TCPView and had a look at all 127.0.0.xx in/out connections.
Noticed their are about 30 rpdsvc.exe (Realplayer), 3 Teamviewer, 4 Dropbox and 3 Firefox connections. All of them in & out to 127.0.0.1. Seems a little overdone, but that I've to further analyse. It is an interesting tool anyway.

Thanks for your help.