Jump to content

Secure Browser: Remote Control Warning


Recommended Posts

I have been using Eset Internet Security for a couple of years, but this message was new to me:

When I opened the secure browser, I got a warning message like this: "This computer is remotely controlled. Using internet banking may be unsafe. In case you use this software by pupose, you can safely ignore this message. The remote access software is: svchost.exe" (translated by myself, so the original wording will likely be quite different.)

I am not aware of my machine being remotely controlled, but I have seen svchost.exe running in the past as well. So I wonder what to make from this message - is there a threat to me? How to find out?

Link to comment
Share on other sites

  • Administrators

Svchost.exe is a standard system process, not necessarily malware. Couldn't it be that you are connected to the machine via RDP?

Link to comment
Share on other sites

Thank you for this quick answer.

No, I am not connected by RDP, I am working directly at the machine (with keyboard, mouse, LAN and monitor attached).

Link to comment
Share on other sites

2 hours ago, Chance said:

When I opened the secure browser, I got a warning message like this: "This computer is remotely controlled. Using internet banking may be unsafe. In case you use this software by pupose, you can safely ignore this message. The remote access software is: svchost.exe"

Post a screen shot of this.

I can find no reference to such an alert generated from Banking and Payment Protection. I am also wondering how it would be able to detect such activity. In normal operation, B&PP opens another browser instance in a locked down mode via an Eset process. The message being displayed seems to indicate that svchost.exe is initiating the display of locked down browser instance.

Edited by itman
Link to comment
Share on other sites

(1) My immediate concern is gone. After a reboot, the secure browser behaves as usual.

(2) I am still curious what may have happened, so I have attached the screenshot, in case you are still willing to have a look at it. The text in the little grey box is the same as the text in the yellow box.

Thank you so much!

eset-secure-browser-2021-03-10.png

Link to comment
Share on other sites

  • Administrators

I was able to reproduce it only when connected to the machine via RDP:

image.png

Link to comment
Share on other sites

I am assuming that the OP is running a Win 10 Home version? If this is the case, RDP is not installed; at least the inbound portion of it.

It is possible to install RDP on Win 10 Home but the RDP wrapper would have to be downloaded and then installed as noted here: https://www.itechtics.com/remote-desktop-windows-10-home/ . Finally, Win 10 would have to be configured to use RDP.

@Chance did you do all the above previously?

Link to comment
Share on other sites

I am running Win 10 Pro, and way back when the computer was new (maybe 3 years ago) I did try RDP but have never seriously used it and certainly not within the last year. I do however use TeamViewer (support for my mother and my father-in-law) and RealVNC on a regular basis.

 

Link to comment
Share on other sites

1 hour ago, Chance said:

am running Win 10 Pro, and way back when the computer was new (maybe 3 years ago) I did try RDP but have never seriously used it and certainly not within the last year.

I would then strongly advise you disable RDP use and also its associated services.

Also disable Eset's default firewall rule that allows inbound RDP traffic. This is done by disabling Eset's "Allow remote desktop in Trusted Zone" in the firewall Services section.

 

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
2 hours ago, Chance said:

I am running Win 10 Pro, and way back when the computer was new (maybe 3 years ago) I did try RDP but have never seriously used it and certainly not within the last year. I do however use TeamViewer (support for my mother and my father-in-law) and RealVNC on a regular basis.

 

I can confirm that I have received this warning a few months ago in secure browser. It occurred when I began a remote connection to my father's computer using TeamViewer which you mention using.

I don't get the message when TeamViewer is running and logged on but not connected to another machine. Where you connected to anything when this popped up?

Link to comment
Share on other sites

12 hours ago, itman said:

I would then strongly advise you disable RDP use and also its associated services.

Also disable Eset's default firewall rule that allows inbound RDP traffic. This is done by disabling Eset's "Allow remote desktop in Trusted Zone" in the firewall Services section.

 

Thank you itman, I disbaled RDP in both Win10 and Eset.

Link to comment
Share on other sites

11 hours ago, peteyt said:

I can confirm that I have received this warning a few months ago in secure browser. It occurred when I began a remote connection to my father's computer using TeamViewer which you mention using.

I don't get the message when TeamViewer is running and logged on but not connected to another machine. Where you connected to anything when this popped up?

I wonder whether some game could do such thing.

I had my session running for a while, and in between my son used the computer with his own account. He watched youtube, played browser-games and Roblox.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...