Pug 2 Posted March 30, 2022 Share Posted March 30, 2022 Hello, I don't see much conversation related to the above image. The provided steps, as shown below, don't provide much clarity to my circumstances. https://help.eset.com/essp/15/en-US/idh_config_opp_badge.html#s-in-browser-notifications Security alert and red browser frame: The browser is not protected by the ESET Banking & Payment protection. Restart the browser to ensure the protection is active. To resolve a conflict with files loaded in the browser, contact ESET Technical Support by following the instructions in our Knowledgebase article. https://support.eset.com/en/kb3466-how-do-i-use-eset-log-collector Granted, I've rarely gotten B&PP to consistently work/run on any of my browsers—but the red browser frame is a first. Generally speaking, has anyone else experienced B&PP issues? Thank for your time krb and chen23547 2 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 30, 2022 Administrators Share Posted March 30, 2022 Please provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
safety 8 Posted March 30, 2022 Share Posted March 30, 2022 (edited) Hello, we have a lot of requests with the same issue in Russia. Is there any solution? Edited March 30, 2022 by safety Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 30, 2022 Administrators Share Posted March 30, 2022 3 minutes ago, safety said: Hello, we have a lot of requests with the same issue in Russia. Is there any solution? Please provide ELC logs too. Before launching a browser and reproducing the issue, enable advanced logging under Help and support -> Technical support. After reproducing the warning, disable logging and then collect logs with ELC. Most likely there is an untrusted dll loaded in the browser which is allowed as of v15.1, however, the notification is displayed. With previous versions it was not possible to launch the secured browser in such case. Tonyset and safety 2 Link to comment Share on other sites More sharing options...
safety 8 Posted March 30, 2022 Share Posted March 30, 2022 3 minutes ago, Marcos said: Please provide ESET Log Collector logs too. Before launching a browser and reproducing the issue, enable advanced logging under Help and support -> Technical support. After reproducing the warning, disable logging and then collect logs with ESET Log Collector. Most likely there is an untrusted dll loaded in the browser which is allowed as of v15.1, however, the notification is displayed. With previous versions it was not possible to launch the secured browser in such case. Ok, let's try to make an ESET Log Collector log in this mode. The problem actually became active after updating to 15.1.12.0 Link to comment Share on other sites More sharing options...
safety 8 Posted March 30, 2022 Share Posted March 30, 2022 Could it be unwanted browser extensions? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 30, 2022 Administrators Share Posted March 30, 2022 9 minutes ago, safety said: Could it be unwanted browser extensions? Shouldn't be since only whitelisted extensions are loaded by the secured browser. Link to comment Share on other sites More sharing options...
itman 1,786 Posted March 30, 2022 Share Posted March 30, 2022 The work around for this issue till it is resolved is to disabled "Secure all browsers" per the below screen shot. This will prevent any browser extensions from loading in Banking &Payment Protection mode and should eliminate the error message. safety 1 Link to comment Share on other sites More sharing options...
safety 8 Posted March 30, 2022 Share Posted March 30, 2022 1 hour ago, Marcos said: Shouldn't be since only whitelisted extensions are loaded by the secured browser. Dear Marcos, can I post the ESET Log Collector log via the link in private messages? Link to comment Share on other sites More sharing options...
itman 1,786 Posted March 30, 2022 Share Posted March 30, 2022 4 hours ago, safety said: Dear Marcos, can I post the ESET Log Collector log via the link in private messages? Really, there is no issue with posting a Log file attachment to a forum posting. Only Eset moderators can access those attachments. safety 1 Link to comment Share on other sites More sharing options...
itman 1,786 Posted March 30, 2022 Share Posted March 30, 2022 I ran a test on my ESSP installation which is the latest version. With B&PP Secure all browsers enabled and using the latest version of Firefox, there were no issues when B&PP was accessed via its desktop icon. I only use one Firefox extension and it's uBlock Origin. This leads me to believe that Eset users running B&PP w/Secure all browsers option enabled : 1 Are loading a malicious extension or; 2. Eset has not whitelisted the extension, or; 3. Something else is loading code; possibly malicious, into the browser memory. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 30, 2022 Administrators Share Posted March 30, 2022 6 hours ago, safety said: can I post the ESET Log Collector log via the link in private messages? You have several 3rd party dlls injected in the msedge.exe process: c:\programdata\a-volute\a-volute.28054df1f58b4\modules\scheduledmodules\x64\nahimicosd.dll (Nahimic) c:\program files\common files\crypto pro\shared\pkivalidator.dll (Crypto-PRO company) c:\program files\crypto pro\csp\cpcspi.dll (Crypto-PRO company) c:\program files\crypto pro\csp\cpsuprt.dll (Crypto-PRO company) c:\program files\crypto pro\csp\cpui.dll (Crypto-PRO company) c:\windows\system32\cpsspap.dll (Crypto-PRO company) c:\program files\crypto pro\csp\cpcsp.dll (Crypto-PRO company) c:\program files\common files\crypto pro\appcompat\cpschan.dll (Crypto-PRO company) c:\program files\common files\crypto pro\appcompat\cpmsi.dll (Crypto-PRO company) The difference between v15.1 and v15.0 and older is that we now open a secure browser even if an untrusted dll is loaded. In such case the above notification is displayed. Will need to check with devs as to which of the dlls is not trusted. Will keep you posted. safety 1 Link to comment Share on other sites More sharing options...
safety 8 Posted March 31, 2022 Share Posted March 31, 2022 (edited) all dlls from this list are known C:\PROGRAMDATA\A-VOLUTE\A-VOLUTE.28054DF1F58B4\MODULES\SCHEDULEDMODULES\X64\NAHIMICOSD.DLL Valid signed by A-Volute SAS C:\PROGRAM FILES\COMMON FILES\CRYPTO PRO\APPCOMPAT\CPADVAI.DLL Valid, signed by CRYPTO-PRO ---- C:\PROGRAM FILES\COMMON FILES\CRYPTO PRO\APPCOMPAT\DETOURED.DLL Valid, signed by CRYPTO-PRO Edited March 31, 2022 by safety Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 31, 2022 Administrators Share Posted March 31, 2022 Please check now, it should work fine. Link to comment Share on other sites More sharing options...
krb 1 Posted March 31, 2022 Share Posted March 31, 2022 Hello @Marcos I am also having this issue since updating to 15.1.12.0 As requested I have run the log collector and attached them here. I have tried all the other steps including reinstalling the application. essp_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 31, 2022 Administrators Share Posted March 31, 2022 18 minutes ago, krb said: I am also having this issue since updating to 15.1.12.0 Please carry on as follows: 1, Enable advanced logging under Help and support -> Technical support. 2, Launch a browser and reproduce the warning. 3, Disable logging. 4, Collect fresh logs with ELC and provide the generated archive. Link to comment Share on other sites More sharing options...
krb 1 Posted March 31, 2022 Share Posted March 31, 2022 Hello @Marcos I have followed those steps and here is the new file. I was able to get the warning in both firefox and edge, however I am unable to attach the file as it is just over 100mb Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 31, 2022 Administrators Share Posted March 31, 2022 You can upload the file to a file sharing service, such as Dropbox, OneDrive, etc. and drop me a private message with a download link. Link to comment Share on other sites More sharing options...
safety 8 Posted April 1, 2022 Share Posted April 1, 2022 15 hours ago, Marcos said: Please check now, it should work fine. Thank you, for this user the problem is solved, I will clarify today for other users Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted April 1, 2022 Administrators Share Posted April 1, 2022 A secure browser now behaves same as before with older versions of ESET, ie. untrusted dlls are not loaded to the browser and no red badge is displayed. Link to comment Share on other sites More sharing options...
safety 8 Posted April 1, 2022 Share Posted April 1, 2022 42 minutes ago, Marcos said: A secure browser now behaves same as before with older versions of ESET, ie. untrusted dlls are not loaded to the browser and no red badge is displayed. Which DLLs ESET considers unreliable? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted April 1, 2022 Administrators Share Posted April 1, 2022 Not whitelisted ones, typically not much popular ones. Link to comment Share on other sites More sharing options...
safety 8 Posted April 1, 2022 Share Posted April 1, 2022 3 minutes ago, Marcos said: Not whitelisted ones, typically not much popular ones. Can we send you new ESET Log Collector logs created in diagnostic mode for other users who still have the problem? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted April 1, 2022 Administrators Share Posted April 1, 2022 3 minutes ago, safety said: Can we send you new ESET Log Collector logs created in diagnostic mode for other users who still have the problem? Is the problem now that the users cannot launch a secure browser, print from a secure brower, etc.? If so, yes, you can provide advanced logs collected with ELC from other machines. Make sure the users have the latest BPP module 1267 installed: Link to comment Share on other sites More sharing options...
safety 8 Posted April 4, 2022 Share Posted April 4, 2022 For three other requests, bank payment protection worked correctly after updating the module to 1267 , in some cases I'm waiting for an answer Link to comment Share on other sites More sharing options...
Recommended Posts