Jump to content

Protocol Filtering


Recommended Posts

  • Most Valued Members

What are the dangers in excluding Chrome from protocol filtering in ESS?

Link to comment
Share on other sites

Hello.

Now days emails and web browsing are the most prevelant ways to catch viruses.

You would be at risk if stumbled upon a bad site etc.

Its not a good idea for chrome.

If you would like specifics let us know. :)

Link to comment
Share on other sites

  • Administrators

The danger of excluding a browser from protocol filtering is that you may get infected with threats while browsing the web. Why would you like to that?

Link to comment
Share on other sites

  • Most Valued Members

The danger of excluding a browser from protocol filtering is that you may get infected with threats while browsing the web. Why would you like to that?

I'm having problems with lsass.exe using lots of memory. I have read that it is the nature of lsass.exe to not release memory till needed by something else but at one point it reached over a GB. If I close chrome and reopen it again lsass.exe increases every time. It tends to use more memory when opening HTTPS sites.

 

Thank you both for your replies

 

On Edit: It will also increase on each page change will increase lsass.exe memory about 12 mb as will simply closing and opening Chrome.

Edited by SCR
Link to comment
Share on other sites

  • Most Valued Members

This is a known issue.

For now restart your workstation to release the memory.

Thanks Arakasi,

 

This seems to have been a known issue for a while.

 

With Chrome excluded from protocol filtering lsass.exe stays at about 6 to 8 mb.

Link to comment
Share on other sites

  • Most Valued Members

Thanks again, Kind of kills the "light on resources" claim for now.I really didn't notice the problem in previous versions of ESS or perhaps I just did not watch the memory as closely.

 

Do you know if v6.x had this issue?

Edited by SCR
Link to comment
Share on other sites

I don't have this issue myself, but then I don't have SSL scanning enabled.

 

Do users only experience this Isass memory usage problem with SSL scanning enabled? If YES, then why not let SSL scanning be disabled for now. ?

Link to comment
Share on other sites

Thats what i do Swex. I leave it disabled.

I cannot recall if this existed in version 6, i dont think it did.

However as stated, this is not related to ESET, but to a flaw in windows and the way lsass handles memory allocation.

A windows update or KB, could have caused this unknowingly; possibly a garbage collection or destructor flaw, maybe finalizer etc, could be the problem. However im not sure myself what the problem is unless i researched further, and without pay, i will not do. :)

The reason i speculate these reasons is that AFAIK Nod32 etc is built from a mixture of C/C++ and Assembly language.

I may be wrong though as im guessing and i have never asked myself. I know it does not require .NET to run and install as previously mentioned before by Marcos

 

I think ESET has reported the issue to Microsoft states Mmx (ESET staff).

:)

Edited by Arakasi
Link to comment
Share on other sites

Well, some vulnerability will be there if malware or similar is being transported securely.

However keep in mind, with secure connections, they are "secure" .... encrypted communication. Its not as popular for malware to come accross in a secure connection, but it has been done and seen.

ESET still will not have the private key for decryption, so it wont be checking the secure connection, but "watching it" and when it finally arrives at your machine and gets decrypted, whatever is released will be scanned immediatly by ESET.

I think this question would be better explained by Marcos or similar, but i think having multiple layers of protection in your AV (Nod32/ESS) if something malicous comes through, the other layers could possibly catch it like the exploit blocker, or advanced memory scanner, or the real time file protection.

So disalbling SSL scanning turns off ESET from watching it.

I do not scan SSL protocol, and i will return to it when the issue is resolved.

Link to comment
Share on other sites

What are the dangers in disabling SSL scanning? 

Well I can tell you that under all the years I have used ESET I have Never had SSL scanning enabled. And every threat that have tried to get in have been blocked or detected at the source by the http scanner. So IMO the danger level is Low.

 

It may be more important to have it enabled in the future, but at the moment I feel no need to enable it. :)

 

It's 1000 times worse (danger level extreme) excluding a whole browser.  :D

Link to comment
Share on other sites

  • Most Valued Members

Arakasi and SweX,

 

Thank you for the detailed explanation. I will disable SSL scanning as well until the issue is resolved. At the moment it's taking 670 MB of RAM to run ESET. That includes the LSASS.exe overhead. Before I shut down last night it hit 942 MB, That's crazy. 

 

As soon as I read your replies I removed the setting that exclude the browser. No need to ask for trouble it usually finds me without assistance.

 

I appreciate your time taken to reply,

Link to comment
Share on other sites

  • Most Valued Members

I've disabled SSL Protocol Filtering and lsass.exe stays around 3.7 to 4.0 kb, this is great. In addition ekrn.exe dropped from 114 MB to 96 MB. 

 

This is all terrific with one exception, the only way I can check my imap email through a local client is to exclude it from filtering. This doesn't seem good.

 

On Edit: I changed settings so that the client is not  exclude from filtering but instead unchecked enable imap checking.

Which way would be best or is there some other way to set this up?

 

Will my email still be scanned either way?

Edited by SCR
Link to comment
Share on other sites

  • Most Valued Members

I restored my settings to where they were before and picked up another stick of RAM, problem solved.

 

I wasn't comfortable not having things set the way I've been using Eset. Sooner or later it will get fixed. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...