Most Valued Members SCR 195 Posted January 5, 2014 Most Valued Members Share Posted January 5, 2014 What are the dangers in excluding Chrome from protocol filtering in ESS? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 5, 2014 Share Posted January 5, 2014 Hello. Now days emails and web browsing are the most prevelant ways to catch viruses. You would be at risk if stumbled upon a bad site etc. Its not a good idea for chrome. If you would like specifics let us know. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted January 5, 2014 Administrators Share Posted January 5, 2014 The danger of excluding a browser from protocol filtering is that you may get infected with threats while browsing the web. Why would you like to that? Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 5, 2014 Author Most Valued Members Share Posted January 5, 2014 (edited) The danger of excluding a browser from protocol filtering is that you may get infected with threats while browsing the web. Why would you like to that? I'm having problems with lsass.exe using lots of memory. I have read that it is the nature of lsass.exe to not release memory till needed by something else but at one point it reached over a GB. If I close chrome and reopen it again lsass.exe increases every time. It tends to use more memory when opening HTTPS sites. Thank you both for your replies On Edit: It will also increase on each page change will increase lsass.exe memory about 12 mb as will simply closing and opening Chrome. Edited January 5, 2014 by SCR Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 5, 2014 Share Posted January 5, 2014 This is a known issue. For now restart your workstation to release the memory. Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 5, 2014 Author Most Valued Members Share Posted January 5, 2014 This is a known issue. For now restart your workstation to release the memory. Thanks Arakasi, This seems to have been a known issue for a while. With Chrome excluded from protocol filtering lsass.exe stays at about 6 to 8 mb. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 5, 2014 Share Posted January 5, 2014 Here my friend https://forum.eset.com/topic/1474-local-security-authority-process/ Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 5, 2014 Author Most Valued Members Share Posted January 5, 2014 (edited) Thanks again, Kind of kills the "light on resources" claim for now.I really didn't notice the problem in previous versions of ESS or perhaps I just did not watch the memory as closely. Do you know if v6.x had this issue? Edited January 5, 2014 by SCR Link to comment Share on other sites More sharing options...
SweX 871 Posted January 6, 2014 Share Posted January 6, 2014 I don't have this issue myself, but then I don't have SSL scanning enabled. Do users only experience this Isass memory usage problem with SSL scanning enabled? If YES, then why not let SSL scanning be disabled for now. ? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 6, 2014 Share Posted January 6, 2014 (edited) Thats what i do Swex. I leave it disabled. I cannot recall if this existed in version 6, i dont think it did. However as stated, this is not related to ESET, but to a flaw in windows and the way lsass handles memory allocation. A windows update or KB, could have caused this unknowingly; possibly a garbage collection or destructor flaw, maybe finalizer etc, could be the problem. However im not sure myself what the problem is unless i researched further, and without pay, i will not do. The reason i speculate these reasons is that AFAIK Nod32 etc is built from a mixture of C/C++ and Assembly language. I may be wrong though as im guessing and i have never asked myself. I know it does not require .NET to run and install as previously mentioned before by Marcos I think ESET has reported the issue to Microsoft states Mmx (ESET staff). Edited January 6, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 6, 2014 Author Most Valued Members Share Posted January 6, 2014 What are the dangers in disabling SSL scanning? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted January 6, 2014 Share Posted January 6, 2014 Well, some vulnerability will be there if malware or similar is being transported securely. However keep in mind, with secure connections, they are "secure" .... encrypted communication. Its not as popular for malware to come accross in a secure connection, but it has been done and seen. ESET still will not have the private key for decryption, so it wont be checking the secure connection, but "watching it" and when it finally arrives at your machine and gets decrypted, whatever is released will be scanned immediatly by ESET. I think this question would be better explained by Marcos or similar, but i think having multiple layers of protection in your AV (Nod32/ESS) if something malicous comes through, the other layers could possibly catch it like the exploit blocker, or advanced memory scanner, or the real time file protection. So disalbling SSL scanning turns off ESET from watching it. I do not scan SSL protocol, and i will return to it when the issue is resolved. Link to comment Share on other sites More sharing options...
SweX 871 Posted January 6, 2014 Share Posted January 6, 2014 What are the dangers in disabling SSL scanning? Well I can tell you that under all the years I have used ESET I have Never had SSL scanning enabled. And every threat that have tried to get in have been blocked or detected at the source by the http scanner. So IMO the danger level is Low. It may be more important to have it enabled in the future, but at the moment I feel no need to enable it. It's 1000 times worse (danger level extreme) excluding a whole browser. Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 6, 2014 Author Most Valued Members Share Posted January 6, 2014 Arakasi and SweX, Thank you for the detailed explanation. I will disable SSL scanning as well until the issue is resolved. At the moment it's taking 670 MB of RAM to run ESET. That includes the LSASS.exe overhead. Before I shut down last night it hit 942 MB, That's crazy. As soon as I read your replies I removed the setting that exclude the browser. No need to ask for trouble it usually finds me without assistance. I appreciate your time taken to reply, Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 6, 2014 Author Most Valued Members Share Posted January 6, 2014 (edited) I've disabled SSL Protocol Filtering and lsass.exe stays around 3.7 to 4.0 kb, this is great. In addition ekrn.exe dropped from 114 MB to 96 MB. This is all terrific with one exception, the only way I can check my imap email through a local client is to exclude it from filtering. This doesn't seem good. On Edit: I changed settings so that the client is not exclude from filtering but instead unchecked enable imap checking. Which way would be best or is there some other way to set this up? Will my email still be scanned either way? Edited January 6, 2014 by SCR Link to comment Share on other sites More sharing options...
Most Valued Members SCR 195 Posted January 8, 2014 Author Most Valued Members Share Posted January 8, 2014 I restored my settings to where they were before and picked up another stick of RAM, problem solved. I wasn't comfortable not having things set the way I've been using Eset. Sooner or later it will get fixed. Link to comment Share on other sites More sharing options...
Recommended Posts