Rivetti 0 Posted August 29, 2018 Share Posted August 29, 2018 I use the ESET Banking and Payment Protection site for my banking and credit card information. I noticed this morning that the site is listed as Not Secure. I had not noticed this before, and wonder what I need to do to fix that. Thanks for your help Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted August 30, 2018 Administrators Share Posted August 30, 2018 Do you mean that if you go to your bank's Internet banking website, it uses http connection instead of https? Could you post a screen shot? Link to comment Share on other sites More sharing options...
galaxy 11 Posted August 30, 2018 Share Posted August 30, 2018 would also be interested Link to comment Share on other sites More sharing options...
Rivetti 0 Posted August 30, 2018 Author Share Posted August 30, 2018 This is the browser screen that opens in the ESET Banking and Payment Protect program. The actual tab for the bank's website is https. Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted August 30, 2018 Administrators Share Posted August 30, 2018 That is ok. The address serves just for the purpose of redirection and no such request is actually sent out. It's a recent change in Chrome that causes Chrome to report "Not secure" for all http websites. A secure browser with a bank's website and https address in the address bar should open in a new window. Link to comment Share on other sites More sharing options...
camelia 6 Posted August 30, 2018 Share Posted August 30, 2018 (edited) I never use that option because it can not run sandboxed and no help @ https://www.sandboxie.com/ Thanks Camelia Edited August 30, 2018 by camelia Link to comment Share on other sites More sharing options...
Azure Phoenix 11 Posted August 30, 2018 Share Posted August 30, 2018 @camelia You mean the banking feature? I thought it already used its own sandbox. Link to comment Share on other sites More sharing options...
camelia 6 Posted August 30, 2018 Share Posted August 30, 2018 Just now, Azure Phoenix said: @camelia You mean the banking feature? I thought it already used its own sandbox. yup, the banking feature... Oh I didn't know it runs sandboxed too Camelia Link to comment Share on other sites More sharing options...
Rivetti 0 Posted August 30, 2018 Author Share Posted August 30, 2018 1 hour ago, Marcos said: That is ok. The address serves just for the purpose of redirection and no such request is actually sent out. It's a recent change in Chrome that causes Chrome to report "Not secure" for all http websites. A secure browser with a bank's website and https address in the address bar should open in a new window. Thank you, Marcos Link to comment Share on other sites More sharing options...
TomFace 539 Posted August 30, 2018 Share Posted August 30, 2018 (edited) Camelia, you may want to review the BPP use via this KB. While it does not get into the technical aspects of BPP, it's a good review. I do not know if BPP uses it's own sandbox, so Azure Phoenix may have a leg up on me. One thing I do know is that it works well with my PW manager LastPass v4.1.48 which is a Godsend for me. https://support.eset.com/KB5657/?locale=en_EN&segment=home Edited August 30, 2018 by TomFace Link to comment Share on other sites More sharing options...
Azure Phoenix 11 Posted August 30, 2018 Share Posted August 30, 2018 (edited) 17 minutes ago, TomFace said: Camelia, you may want to review the BPP use via this KB. While it does not get into the technical aspects of BPP, it's a good review. I do not know if BPP uses it's own sandbox, so Azure Phoenix may have a leg up on me. One thing I do know is that it works well with my PW manager LastPass v4.1.48 which is a Godsend for me. https://support.eset.com/KB5657/?locale=en_EN&segment=home The fact it says "secured environment" makes me think of a sandbox. @Marcos can correct me if I'm wrong. Edited August 30, 2018 by Azure Phoenix Link to comment Share on other sites More sharing options...
itman 1,786 Posted August 30, 2018 Share Posted August 30, 2018 (edited) Eset doesn't employ any sandboxing methods other than the dynamic one used by heuristics in realtime scanning. Also believe LiveGrid processing employs like sandboxing method. BBP can best be described as "hardening" your browser against malware attacks; especially those employed by banking trojans and the like. If you observe a BPP session running in Process Explorer, you will see your browser running as a child process under Eset's kernel process, ekrn.exe. You will also see eOPPFrame.exe running as a child process that additionally assists with detection of any browser tampering. Finally, Eset injects a .dll into the browser that will scramble all your keystrokes so you're protected against both browser based and global keyloggers. -EDIT- Also remember that sandboxing is a containment mechanism. It's primary purpose is to prevent for example, any browser based malware from infecting the rest of your system. Depending on the third-party sandbox software used, "your mileage" greatly varies on any protection given to the browser itself. Edited August 30, 2018 by itman Link to comment Share on other sites More sharing options...
100 2 Posted September 1, 2018 Share Posted September 1, 2018 (edited) I have set Internet Explorer as my default browser and Sandboxie is set to always force it into a sandbox. The mail program should open links in Internet Explorer, which then starts automatically in a sandbox. All browsers have their own sandbox, which will always be emptied, when the browser will be closed. That's why I can't use Esets secure banking. It would be very helpful when the browser for secure banking could be set in the settings of Eset. Maybe then it would be possible to copy iexplore.exe to iexplore_2.exe and use it for Esets banking protection, as it would not automatically be forced into Sandboxies sandbox. Edited September 1, 2018 by 100 Link to comment Share on other sites More sharing options...
itman 1,786 Posted September 2, 2018 Share Posted September 2, 2018 (edited) On 9/1/2018 at 4:15 PM, 100 said: Maybe then it would be possible to copy iexplore.exe to iexplore_2.exe and use it for Esets banking protection, as it would not automatically be forced into Sandboxies sandbox. There might be a way to accomplish what you want to do using Sandboxing. The following comments assume you are running a Windows x(64) OS version. Note that there are always two versions of IE11 installed; a 32bit and a 64 bit version. When you set your default browser to IE11 in Windows x(64) , Windows internally will set it to use the x(64) version. What you can experiment with is doing the following: 1. Set Sandboxie to protect the 32 bit version of IE11. It is located in this directory: C:\Program Files (x86)\Internet Explorer. 2. Assuming you run IE11 by clicking on its icon shown in the lower desktop taskbar, refer to the below posted screen shot. Charge the target directory from "Program files" as circled in the screenshot to "Program Files x(86)". Click on the "Apply" button to safe yur changes. This will result in every time you click on the taskbar icon, the 32 bit versions of IE11 will run that is under Sandboxie control. When you click on the Eset Banking & Payment Protection icon on your desktop, Eset will use your designated default browser which is IE11 x(64) which doesn't run under Sandboxie control. Note: I don't use Sandboxie. As such, I don't if it is possible to change it to use the 32 bit version of IE11. Edited September 2, 2018 by itman Link to comment Share on other sites More sharing options...
100 2 Posted September 2, 2018 Share Posted September 2, 2018 (edited) Thank you very much itman, but Sandboxie recognizes applications only by their process name. The path doesn't matter. Therefore Sandboxie opens both IE versions (32 and 64 bit) sandboxed and Esets BPP then fails. Edited September 2, 2018 by 100 Link to comment Share on other sites More sharing options...
itman 1,786 Posted September 2, 2018 Share Posted September 2, 2018 1 hour ago, 100 said: Thank you very much itman, but Sandboxie recognizes applications only by their process name. Personally, the "culprit" here is Sandboxie. It should allow for creation of exceptions for AV processes to access the browser. Link to comment Share on other sites More sharing options...
100 2 Posted September 3, 2018 Share Posted September 3, 2018 (edited) Yes, you are right and it is possible to create exceptions in sandboxie, but you need to know exactly which files and registry paths are used by the Eset Banking Protection. Edited September 3, 2018 by 100 Link to comment Share on other sites More sharing options...
galaxy 11 Posted September 3, 2018 Share Posted September 3, 2018 The banking system does not work once again Link to comment Share on other sites More sharing options...
elquenunca 6 Posted September 3, 2018 Share Posted September 3, 2018 on the subject of secure payment of eset there is one thing that is not normal if eset if you open directly a website of a bank does not automatically start the safe payment of eset (in kaspersky bitdefender and other suites if) I have to go to the icon of protection of payments and online banking and then if you open the secure browser (chrome use) I would like to know if it is normal or just happens to me.a greeting Link to comment Share on other sites More sharing options...
galaxy 11 Posted September 3, 2018 Share Posted September 3, 2018 Unfortunately had to change again, also the autostart of ESET does not always go, you have to start it again and again by hand Link to comment Share on other sites More sharing options...
galaxy 11 Posted September 3, 2018 Share Posted September 3, 2018 I'm also back to my old AV Link to comment Share on other sites More sharing options...
Recommended Posts