Jump to content

Protected browser launch error


Recommended Posts

Windows 7 Ultimate x64, ESET Endpoint Security 8.1.2037.2, default browser Mozilla FireFox 88.0.1 x32. When trying to start a protected browser, an error window appears:

hxxp://images.vfl.ru/ii/1636610901/03e28739/36639695.png

If you enable redirection from electronic payment pages in the program settings, then in the browser window we see such a message:

hxxp://images.vfl.ru/ii/1636610902/06908edb/36639696.png

Trying to fix this error, I roll back the detection module to the earliest possible state. As a result, we managed to return to his version 24261 (20211109). The version of the protected browser module has not changed:

hxxp://images.vfl.ru/ii/1636610903/1c3aeba4/36639699.png

In this state, the protected browser is launched:

hxxp://images.vfl.ru/ii/1636610903/ffe7d9ee/36639698.png

The redirect to the e-payment page also works correctly:

hxxp://images.vfl.ru/ii/1636610902/8d48fc83/36639697.png

The program updates are now temporarily suspended. Please help sort out this error. Sorry for my english - used an online translator

 

 

Link to comment
Share on other sites

  • Administrators

To start off, please provide ELC logs collected after launching normal browser. Most likely the secure browser attempts to load an untrusted dll and crashes.

Link to comment
Share on other sites

  • Administrators

Hello,
You wrote that you use Firefox as the default browser, however, it was not running when logs were collected. Please launch Firefox (the standard browser) and while running, collect ELC logs. You can delete the content of the Diagnostics folder since we don't need advanced logs in this case.

Link to comment
Share on other sites

  • Administrators

The logs didn't reveal anything suspicious.

Please create a Procmon log from time when you attempt to launch a secure browser. Next save the PML file, compress it and upload it here.

Last but not least, please update / replace SysInspector.exe (from 2015) in d:\programms\eset with the one in c:\program files\eset\eset security.

Link to comment
Share on other sites

11 hours ago, Marcos said:

Last but not least, please update / replace SysInspector.exe (from 2015) in d:\programms\eset with the one in c:\program files\eset\eset security.

I didn't quite understand what it was for...

Log file created with a 
Procmon in attachment

Logfile.zip

Link to comment
Share on other sites

  • ESET Staff

Hello,

it seems that it may be problem in collision with installed network modifiers:

  • NetLimiter 4
  • XFast LAN
  • (potentially, if uninstall of previous apps didn't help) AdGuard

Please try to disable/uninstall them and let us know, if it helps.

Thanks

Edited by constexpr
Link to comment
Share on other sites

Unfortunately, your recommendations did not help at all. The NetLimiter and XFast LAN programs were removed and the computer rebooted. Before starting Protected Browser, the AdGuard service was stopped, that is, in fact, it did not work. However, an attempt to launch a protected browser caused the same errors that are described in my first message. If you need to collect logs - ask.
Thanks for the help

Link to comment
Share on other sites

  • ESET Staff

Interesting. I'm not sure, if you can upgrade to Endpoint v9. If yes, in product advanced setup (F5 > Tools > Diagnostics > Advanced logging) was added logging for Secure Browser. Enable switch, replicate an issue and run Log collector again to get this logs.

If upgrade to the newest version of EES is not possible, you can still try, if Secure Browser works from IE/Edge or Chrome:

  • when you change default browser to other supported and run Secure Browser from shortcut, or
  • when you open IB link of any bank page in this browser, you should be redirected to Secure Browser.

At least we can identify, if problem is with all browsers, or it's FF specifics. Also, you use 32bit Firefox on 64bit system. Try to install 64bit Firefox and check, if problem is the same.

In procmon log is visible, that between Firefox success load and unexpected terminate, there was active several processes:

  1. NetLimiter, AdGuard and XFast Lan - but as you mentioned, disable service or uninstall doesn't help
  2. Atomic Alarm Clock, EveryLang - I don't believe that this may be problematic, but nothing is normal there, so who know ...

 

Edited by constexpr
another hint added
Link to comment
Share on other sites

2 hours ago, constexpr said:

I'm not sure, if you can upgrade to Endpoint v9.

No, I definitely will not do this - sorry, but I try not to deal with beta-versions of programs unnecessarily

2 hours ago, constexpr said:

you can still try, if Secure Browser works from IE/Edge or Chrome:

  • when you change default browser to other supported and run Secure Browser from shortcut, or
  • when you open IB link of any bank page in this browser, you should be redirected to Secure Browser.

Using Internet Explorer as the default browser does nothing. The only difference is that launching a protected browser in this case does not cause an error message to appear, only an entry appears in the EES event log.
 

In both cases - when starting from a shortcut ("C:\Program Files\ESET\ESET Security\ecmd.exe" /startprotectedbrowser) or from the Program Service window - the error is the same

2 hours ago, constexpr said:

At least we can identify, if problem is with all browsers, or it's FF specifics. Also, you use 32bit Firefox on 64bit system. Try to install 64bit Firefox and check, if problem is the same

I don't even want to comment on this...

2 hours ago, constexpr said:

In procmon log is visible, that between Firefox success load and unexpected terminate, there was active several processes:

  1. Atomic Alarm Clock, EveryLang - I don't believe that this may be problematic, but nothing is normal there, so who know ...

These programs have been installed and work without changing versions for a very long time. Do you want to check the launch of the protected browser when they are stopped? I'm pretty sure it won't have any effect...

Link to comment
Share on other sites

17 hours ago, constexpr said:
  1. Atomic Alarm Clock, EveryLang - I don't believe that this may be problematic, but nothing is normal there, so who know ...

Stopped the work of these programs - the protected browser does not start. Gentlemen, developers, look for a problem on your side. I'll try to reinstall EES cleanly

Link to comment
Share on other sites

  • Administrators

Would it be possible to temporarily install EES v9 beta or EIS/ESSP v15 to enable advanced Banking and payment protection logging when launching a secure browser?

Link to comment
Share on other sites

33 minutes ago, Marcos said:

Would it be possible to temporarily install EES v9 beta or EIS/ESSP v15

Both options are unacceptable. The first - I try not to use test versions of programs, the second - as you can see, the 15th version also has problems:

ESET Security page no longer shows when logging into banking

Link to comment
Share on other sites

  • ESET Staff

I assume that the reinstallation of product doesn't help.

We don't need your permanent change of product version, just change it for a moment of replication an issue as this newer version is able to log some advanced scenarios like you have. EIS15 is stable version and it's expected, that the same problem will occur also there, but you are able to log this issue such way, that can provide better answer, where is the problem.

If you reconsider to do it, please:

  • Switch on Advanced settings (F5) > Tools > Diagnostics > Enable [Baning and Payment protection|Secure browser] advanced logging
  • Switch on Advanced settings > Detection engine > HIPS > Advanced setup > Log all blocked operations
  • replicate an issue
  • Switch off both advanced logging
  • collect ELC log and upload it here

Issue you linked is not the same as you have.

Edited by constexpr
Link to comment
Share on other sites

I don't even know if this is unfortunately or fortunately, but after installing EIS 15.0.18, the problem could not be perceived, no matter how hard I tried. The protected browser is launched both from the shortcut and from the program window. Also, redirection works correctly when you open a page with payments. The "Protect all browsers" setting is working. It is important to note that the setup process successfully imported settings from the previous EES version 8.1.2037. Therefore, to be honest, I don’t know what to do next. But using the home version on a work computer is wrong.
Log archive in attachment

eis_logs.zip

Link to comment
Share on other sites

  • ESET Staff
On 11/27/2021 at 3:58 AM, Viatcheclav Bukas said:

Therefore, to be honest, I don’t know what to do next. But using the home version on a work computer is wrong.

There is no need to use home version. Technology and components of endpoint Secure Browser and home Banking and Payment Protection are the same, only configuration is different. Also all key components are fully updatable via module updates, so using "older" EES 8.1 should run Secure Browser the same way as using the newest EES 9 or EIS 15.

Probably reinstall helped more that change to home version, so now go back to your EES 8.1 and let me know, if it works, or fail again.

Link to comment
Share on other sites

As a result of removing EIS 15.0.18 and installing EES 8.1.2037, we ended up where we started. Protected browser does not start with the same errors as in the first message. I hope you will not send me to the second round of experiments ... But I would like to solve the problem...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...