Jump to content

ESET Banking and Payment Protection site - Not Secure


Recommended Posts

I use the ESET Banking and Payment Protection site for my banking and credit card information. I noticed this morning that the site is listed as Not Secure. I had not noticed this before, and wonder what I need to do to fix that.

Thanks for your help

Link to comment
Share on other sites

  • Administrators

Do you mean that if you go to your bank's Internet banking website, it uses http connection instead of https? Could you post a screen shot?

Link to comment
Share on other sites

This is the browser screen that opens in the ESET Banking and Payment Protect program. The actual tab for the bank's website is https. Thanks.

image.thumb.png.a7060b3ca8c2338a42bcff960f062fc4.png

Link to comment
Share on other sites

  • Administrators

That is ok. The address serves just for the purpose of redirection and no such request is actually sent out. It's a recent change in Chrome that causes Chrome to report "Not secure" for all http websites.

A secure browser with a bank's website and https address in the address bar should open in a new window.

Link to comment
Share on other sites

Just now, Azure Phoenix said:

@camelia

You mean the banking feature? I thought it already used its own sandbox.

yup, the banking feature... Oh I didn't know it runs sandboxed too 

Camelia

Link to comment
Share on other sites

1 hour ago, Marcos said:

That is ok. The address serves just for the purpose of redirection and no such request is actually sent out. It's a recent change in Chrome that causes Chrome to report "Not secure" for all http websites.

A secure browser with a bank's website and https address in the address bar should open in a new window.

Thank you, Marcos

Link to comment
Share on other sites

Camelia, you may want to review the BPP use via this KB. While it does not get into the technical aspects of BPP, it's a good review. I do not know if BPP uses it's own sandbox, so Azure Phoenix may have a leg up on me.;)

One thing I do know is that it works well with my PW manager LastPass v4.1.48 which is a Godsend for me.:rolleyes:

https://support.eset.com/KB5657/?locale=en_EN&segment=home

Edited by TomFace
Link to comment
Share on other sites

17 minutes ago, TomFace said:

Camelia, you may want to review the BPP use via this KB. While it does not get into the technical aspects of BPP, it's a good review. I do not know if BPP uses it's own sandbox, so Azure Phoenix may have a leg up on me.;)

One thing I do know is that it works well with my PW manager LastPass v4.1.48 which is a Godsend for me.:rolleyes:

https://support.eset.com/KB5657/?locale=en_EN&segment=home

The fact it says "secured environment" makes me think of a sandbox. @Marcos can correct me if I'm wrong.

Edited by Azure Phoenix
Link to comment
Share on other sites

Eset doesn't employ any sandboxing methods other than the dynamic one used by heuristics in realtime scanning. Also believe LiveGrid processing employs like sandboxing method.

BBP can best be described as "hardening" your browser against malware attacks; especially those employed by banking trojans and the like.

If you observe a BPP session running in Process Explorer, you will see your browser running as a child process under Eset's kernel process, ekrn.exe. You will also see eOPPFrame.exe running as a child process that additionally assists with detection of any browser tampering. Finally, Eset injects a .dll into the browser that will scramble all your keystrokes so you're protected against both browser based and global keyloggers. 

-EDIT- Also remember that sandboxing is a containment mechanism. It's primary purpose is to prevent for example, any browser based malware from infecting the rest of your system. Depending on the third-party sandbox software used, "your mileage" greatly varies on any protection given to the browser itself.

Edited by itman
Link to comment
Share on other sites

I have set Internet Explorer as my default browser and Sandboxie is set to always force it into a sandbox. The mail program should open links in Internet Explorer, which then starts automatically in a sandbox. All browsers have their own sandbox, which will always be emptied, when the browser will be closed. That's why I can't use Esets secure banking. It would be very helpful when the browser for secure banking could be set in the settings of Eset.

Maybe then it would be possible to copy iexplore.exe to iexplore_2.exe and use it for Esets banking protection, as it would not automatically be forced into Sandboxies sandbox.

Edited by 100
Link to comment
Share on other sites

On ‎9‎/‎1‎/‎2018 at 4:15 PM, 100 said:

Maybe then it would be possible to copy iexplore.exe to iexplore_2.exe and use it for Esets banking protection, as it would not automatically be forced into Sandboxies sandbox.

There might be a way to accomplish what you want to do using Sandboxing. The following comments assume you are running a Windows x(64) OS version. Note that there are always two versions of IE11 installed; a 32bit and a 64 bit version. When you set your default browser to IE11 in Windows x(64) , Windows internally will set it to use the x(64) version.

What you can experiment with is doing the following:

1. Set Sandboxie to protect the 32 bit version of IE11. It is located in this directory: C:\Program Files (x86)\Internet Explorer.

2. Assuming you run IE11 by clicking on its icon shown in the lower desktop taskbar, refer to the below posted screen shot. Charge the target directory from "Program files" as circled in the screenshot to "Program Files x(86)". Click on the "Apply" button to safe yur changes.

This will result in every time you click on the taskbar icon, the 32 bit versions of IE11 will run that is under Sandboxie control.  When you click on the Eset Banking & Payment Protection icon on your desktop, Eset will use your designated default browser which is IE11 x(64) which doesn't run under Sandboxie control.

Note: I don't use Sandboxie. As such, I don't if it is possible to change it to use the 32 bit version of IE11.

Eset_IE11.thumb.png.73b637352ef61f8fb0c9bef09f0c1a3c.png

Edited by itman
Link to comment
Share on other sites

Thank you very much itman, but Sandboxie recognizes applications only by their process name. The path doesn't matter. Therefore Sandboxie opens both IE versions (32 and 64 bit) sandboxed and Esets BPP then fails.

Edited by 100
Link to comment
Share on other sites

1 hour ago, 100 said:

Thank you very much itman, but Sandboxie recognizes applications only by their process name.

Personally, the "culprit" here is Sandboxie. It should allow for creation of exceptions for AV processes to access the browser.

Link to comment
Share on other sites

Yes, you are right and it is possible to create exceptions in sandboxie, but you need to know exactly which files and registry paths are used by the Eset Banking Protection.

Edited by 100
Link to comment
Share on other sites

on the subject of secure payment of eset there is one thing that is not normal if eset if you open directly a website of a bank does not automatically start the safe payment of eset (in kaspersky bitdefender and other suites if) I have to go to the icon of protection of payments and online banking and then if you open the secure browser (chrome use) I would like to know if it is normal or just happens to me.a greeting

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...