Viatcheclav Bukas 3 Posted November 11, 2021 Share Posted November 11, 2021 Windows 7 Ultimate x64, ESET Endpoint Security 8.1.2037.2, default browser Mozilla FireFox 88.0.1 x32. When trying to start a protected browser, an error window appears:hxxp://images.vfl.ru/ii/1636610901/03e28739/36639695.pngIf you enable redirection from electronic payment pages in the program settings, then in the browser window we see such a message:hxxp://images.vfl.ru/ii/1636610902/06908edb/36639696.png Trying to fix this error, I roll back the detection module to the earliest possible state. As a result, we managed to return to his version 24261 (20211109). The version of the protected browser module has not changed: hxxp://images.vfl.ru/ii/1636610903/1c3aeba4/36639699.png In this state, the protected browser is launched: hxxp://images.vfl.ru/ii/1636610903/ffe7d9ee/36639698.png The redirect to the e-payment page also works correctly: hxxp://images.vfl.ru/ii/1636610902/8d48fc83/36639697.png The program updates are now temporarily suspended. Please help sort out this error. Sorry for my english - used an online translator Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 12, 2021 Author Share Posted November 12, 2021 I may have violated some forum rules... I do not understand why during the day none of the forum moderators or representatives of ESET developers gave any recommendations on the issue... Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted November 16, 2021 Administrators Share Posted November 16, 2021 To start off, please provide ELC logs collected after launching normal browser. Most likely the secure browser attempts to load an untrusted dll and crashes. Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 17, 2021 Author Share Posted November 17, 2021 Extended logging was enabled at the time of collection. Launched alternately default browser, then a protected browser. The latter, as expected, did not start, with the same errors I gave above. Log archive in attachment ees_logs.rar Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted November 17, 2021 Administrators Share Posted November 17, 2021 Hello, You wrote that you use Firefox as the default browser, however, it was not running when logs were collected. Please launch Firefox (the standard browser) and while running, collect ELC logs. You can delete the content of the Diagnostics folder since we don't need advanced logs in this case. Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 18, 2021 Author Share Posted November 18, 2021 Good. Then please describe in detail the sequence of my actions when collecting logs Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 18, 2021 Author Share Posted November 18, 2021 Good evening! Collected logs on recommendation in PM. Log archive in attachment ees_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted November 19, 2021 Administrators Share Posted November 19, 2021 The logs didn't reveal anything suspicious. Please create a Procmon log from time when you attempt to launch a secure browser. Next save the PML file, compress it and upload it here. Last but not least, please update / replace SysInspector.exe (from 2015) in d:\programms\eset with the one in c:\program files\eset\eset security. Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 20, 2021 Author Share Posted November 20, 2021 11 hours ago, Marcos said: Last but not least, please update / replace SysInspector.exe (from 2015) in d:\programms\eset with the one in c:\program files\eset\eset security. I didn't quite understand what it was for...Log file created with a Procmon in attachment Logfile.zip Link to comment Share on other sites More sharing options...
ESET Staff constexpr 19 Posted November 22, 2021 ESET Staff Share Posted November 22, 2021 (edited) Hello, it seems that it may be problem in collision with installed network modifiers: NetLimiter 4 XFast LAN (potentially, if uninstall of previous apps didn't help) AdGuard Please try to disable/uninstall them and let us know, if it helps. Thanks Edited November 22, 2021 by constexpr Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 22, 2021 Author Share Posted November 22, 2021 Unfortunately, your recommendations did not help at all. The NetLimiter and XFast LAN programs were removed and the computer rebooted. Before starting Protected Browser, the AdGuard service was stopped, that is, in fact, it did not work. However, an attempt to launch a protected browser caused the same errors that are described in my first message. If you need to collect logs - ask.Thanks for the help Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 22, 2021 Author Share Posted November 22, 2021 Another thing to add.The previous version of the protected browser 1242 (20211104), from which the troubles began... Link to comment Share on other sites More sharing options...
ESET Staff constexpr 19 Posted November 23, 2021 ESET Staff Share Posted November 23, 2021 (edited) Interesting. I'm not sure, if you can upgrade to Endpoint v9. If yes, in product advanced setup (F5 > Tools > Diagnostics > Advanced logging) was added logging for Secure Browser. Enable switch, replicate an issue and run Log collector again to get this logs. If upgrade to the newest version of EES is not possible, you can still try, if Secure Browser works from IE/Edge or Chrome: when you change default browser to other supported and run Secure Browser from shortcut, or when you open IB link of any bank page in this browser, you should be redirected to Secure Browser. At least we can identify, if problem is with all browsers, or it's FF specifics. Also, you use 32bit Firefox on 64bit system. Try to install 64bit Firefox and check, if problem is the same. In procmon log is visible, that between Firefox success load and unexpected terminate, there was active several processes: NetLimiter, AdGuard and XFast Lan - but as you mentioned, disable service or uninstall doesn't help Atomic Alarm Clock, EveryLang - I don't believe that this may be problematic, but nothing is normal there, so who know ... Edited November 23, 2021 by constexpr another hint added Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 23, 2021 Author Share Posted November 23, 2021 2 hours ago, constexpr said: I'm not sure, if you can upgrade to Endpoint v9. No, I definitely will not do this - sorry, but I try not to deal with beta-versions of programs unnecessarily 2 hours ago, constexpr said: you can still try, if Secure Browser works from IE/Edge or Chrome: when you change default browser to other supported and run Secure Browser from shortcut, or when you open IB link of any bank page in this browser, you should be redirected to Secure Browser. Using Internet Explorer as the default browser does nothing. The only difference is that launching a protected browser in this case does not cause an error message to appear, only an entry appears in the EES event log. In both cases - when starting from a shortcut ("C:\Program Files\ESET\ESET Security\ecmd.exe" /startprotectedbrowser) or from the Program Service window - the error is the same 2 hours ago, constexpr said: At least we can identify, if problem is with all browsers, or it's FF specifics. Also, you use 32bit Firefox on 64bit system. Try to install 64bit Firefox and check, if problem is the same I don't even want to comment on this... 2 hours ago, constexpr said: In procmon log is visible, that between Firefox success load and unexpected terminate, there was active several processes: Atomic Alarm Clock, EveryLang - I don't believe that this may be problematic, but nothing is normal there, so who know ... These programs have been installed and work without changing versions for a very long time. Do you want to check the launch of the protected browser when they are stopped? I'm pretty sure it won't have any effect... Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 23, 2021 Author Share Posted November 23, 2021 17 hours ago, constexpr said: Atomic Alarm Clock, EveryLang - I don't believe that this may be problematic, but nothing is normal there, so who know ... Stopped the work of these programs - the protected browser does not start. Gentlemen, developers, look for a problem on your side. I'll try to reinstall EES cleanly Link to comment Share on other sites More sharing options...
Administrators Marcos 4,713 Posted November 23, 2021 Administrators Share Posted November 23, 2021 Would it be possible to temporarily install EES v9 beta or EIS/ESSP v15 to enable advanced Banking and payment protection logging when launching a secure browser? Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 23, 2021 Author Share Posted November 23, 2021 33 minutes ago, Marcos said: Would it be possible to temporarily install EES v9 beta or EIS/ESSP v15 Both options are unacceptable. The first - I try not to use test versions of programs, the second - as you can see, the 15th version also has problems: ESET Security page no longer shows when logging into banking Link to comment Share on other sites More sharing options...
ESET Staff constexpr 19 Posted November 25, 2021 ESET Staff Share Posted November 25, 2021 (edited) I assume that the reinstallation of product doesn't help. We don't need your permanent change of product version, just change it for a moment of replication an issue as this newer version is able to log some advanced scenarios like you have. EIS15 is stable version and it's expected, that the same problem will occur also there, but you are able to log this issue such way, that can provide better answer, where is the problem. If you reconsider to do it, please: Switch on Advanced settings (F5) > Tools > Diagnostics > Enable [Baning and Payment protection|Secure browser] advanced logging Switch on Advanced settings > Detection engine > HIPS > Advanced setup > Log all blocked operations replicate an issue Switch off both advanced logging collect ELC log and upload it here Issue you linked is not the same as you have. Edited November 25, 2021 by constexpr Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 25, 2021 Author Share Posted November 25, 2021 Okay, if you are willing to wait until the end of the week, I will try to do what you ask Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 25, 2021 Author Share Posted November 25, 2021 4 hours ago, constexpr said: I assume that the reinstallation of product doesn't help. Sorry, you were right ... Please wait until the end of the week Link to comment Share on other sites More sharing options...
ESET Staff constexpr 19 Posted November 26, 2021 ESET Staff Share Posted November 26, 2021 No problem, we really want to fix your issue, so we will wait. Thank you for your cooperation. Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 27, 2021 Author Share Posted November 27, 2021 I don't even know if this is unfortunately or fortunately, but after installing EIS 15.0.18, the problem could not be perceived, no matter how hard I tried. The protected browser is launched both from the shortcut and from the program window. Also, redirection works correctly when you open a page with payments. The "Protect all browsers" setting is working. It is important to note that the setup process successfully imported settings from the previous EES version 8.1.2037. Therefore, to be honest, I don’t know what to do next. But using the home version on a work computer is wrong. Log archive in attachment eis_logs.zip Link to comment Share on other sites More sharing options...
ESET Staff constexpr 19 Posted November 29, 2021 ESET Staff Share Posted November 29, 2021 On 11/27/2021 at 3:58 AM, Viatcheclav Bukas said: Therefore, to be honest, I don’t know what to do next. But using the home version on a work computer is wrong. There is no need to use home version. Technology and components of endpoint Secure Browser and home Banking and Payment Protection are the same, only configuration is different. Also all key components are fully updatable via module updates, so using "older" EES 8.1 should run Secure Browser the same way as using the newest EES 9 or EIS 15. Probably reinstall helped more that change to home version, so now go back to your EES 8.1 and let me know, if it works, or fail again. Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted November 29, 2021 Author Share Posted November 29, 2021 As a result of removing EIS 15.0.18 and installing EES 8.1.2037, we ended up where we started. Protected browser does not start with the same errors as in the first message. I hope you will not send me to the second round of experiments ... But I would like to solve the problem... Link to comment Share on other sites More sharing options...
Viatcheclav Bukas 3 Posted December 1, 2021 Author Share Posted December 1, 2021 Installed EES 9.0.2032. The problem still exists... Link to comment Share on other sites More sharing options...
Recommended Posts