Jump to content

Banking & Payment Protection


Recommended Posts

Hello,

image.png.62866d991e88103acfd4a434cfd7a97f.png

I don't see much conversation related to the above image. The provided steps, as shown below, don't provide much clarity to my circumstances.

https://help.eset.com/essp/15/en-US/idh_config_opp_badge.html#s-in-browser-notifications

 

  • Security alert and red browser frameThe browser is not protected by the ESET Banking & Payment protection. Restart the browser to ensure the protection is active. To resolve a conflict with files loaded in the browser, contact ESET Technical Support by following the instructions in our Knowledgebase article. https://support.eset.com/en/kb3466-how-do-i-use-eset-log-collector

Granted, I've rarely gotten B&PP to consistently work/run on any of my browsers—but the red browser frame is a first.

 

Generally speaking, has anyone else experienced B&PP issues?

 

 

 

Thank for your time

Link to comment
Share on other sites

Hello, we have a lot of requests with the same issue in Russia. Is there any solution?

Eset-error.jpg

Edited by safety
Link to comment
Share on other sites

  • Administrators
3 minutes ago, safety said:

Hello, we have a lot of requests with the same issue in Russia. Is there any solution?

Please provide ELC logs too. Before launching a browser and reproducing the issue, enable advanced logging under Help and support -> Technical support. After reproducing the warning, disable logging and then collect logs with ELC.

Most likely there is an untrusted dll loaded in the browser which is allowed as of v15.1, however, the notification is displayed. With previous versions it was not possible to launch the secured browser in such case.

Link to comment
Share on other sites

3 minutes ago, Marcos said:

Please provide ESET Log Collector logs too. Before launching a browser and reproducing the issue, enable advanced logging under Help and support -> Technical support. After reproducing the warning, disable logging and then collect logs with ESET Log Collector.

Most likely there is an untrusted dll loaded in the browser which is allowed as of v15.1, however, the notification is displayed. With previous versions it was not possible to launch the secured browser in such case.

Ok, let's try to make an ESET Log Collector log in this mode. The problem actually became active after updating to 15.1.12.0

Link to comment
Share on other sites

  • Administrators
9 minutes ago, safety said:

Could it be unwanted browser extensions?

Shouldn't be since only whitelisted extensions are loaded by the secured browser.

Link to comment
Share on other sites

The work around for this issue till it is resolved is to disabled "Secure all browsers" per the below screen shot. This will prevent any browser extensions from loading in Banking &Payment Protection mode and should eliminate the error message.

Eset_BPP.thumb.png.c39ba6a55e9faafec53c1cb1bf8e7bfc.png

Link to comment
Share on other sites

1 hour ago, Marcos said:

Shouldn't be since only whitelisted extensions are loaded by the secured browser.

Dear Marcos, can I post the ESET Log Collector log via the link in private messages?

Link to comment
Share on other sites

4 hours ago, safety said:

Dear Marcos, can I post the ESET Log Collector log via the link in private messages?

Really, there is no issue with posting a Log file attachment to a forum posting. Only Eset moderators can access those attachments.

Link to comment
Share on other sites

I ran a test on my ESSP installation which is the latest version.

With B&PP Secure all browsers enabled and using the latest version of Firefox, there were no issues when B&PP was accessed via its desktop icon. I only use one Firefox extension and it's uBlock Origin.

This leads me to believe that Eset users running B&PP w/Secure all browsers option enabled :

1 Are loading a malicious extension or;

2. Eset has not whitelisted the extension, or;

3. Something else is loading code; possibly malicious, into the browser memory.

Link to comment
Share on other sites

  • Administrators
6 hours ago, safety said:

can I post the ESET Log Collector log via the link in private messages?

You have several 3rd party dlls injected in the msedge.exe process:
c:\programdata\a-volute\a-volute.28054df1f58b4\modules\scheduledmodules\x64\nahimicosd.dll (Nahimic)
c:\program files\common files\crypto pro\shared\pkivalidator.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpcspi.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpsuprt.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpui.dll (Crypto-PRO company)
c:\windows\system32\cpsspap.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpcsp.dll (Crypto-PRO company)
c:\program files\common files\crypto pro\appcompat\cpschan.dll (Crypto-PRO company)
c:\program files\common files\crypto pro\appcompat\cpmsi.dll (Crypto-PRO company)

The difference between v15.1 and v15.0 and older is that we now open a secure browser even if an untrusted dll is loaded. In such case the above notification is displayed.

Will need to check with devs as to which of the dlls is not trusted. Will keep you posted.

Link to comment
Share on other sites

all dlls from this list are known

C:\PROGRAMDATA\A-VOLUTE\A-VOLUTE.28054DF1F58B4\MODULES\SCHEDULEDMODULES\X64\NAHIMICOSD.DLL

Valid signed by A-Volute SAS

C:\PROGRAM FILES\COMMON FILES\CRYPTO PRO\APPCOMPAT\CPADVAI.DLL

Valid, signed by CRYPTO-PRO

----

C:\PROGRAM FILES\COMMON FILES\CRYPTO PRO\APPCOMPAT\DETOURED.DLL

Valid, signed by CRYPTO-PRO

msedge.jpg

Edited by safety
Link to comment
Share on other sites

Hello @Marcos

I am also having this issue since updating to 15.1.12.0

As requested I have run the log collector and attached them here.

I have tried all the other steps including reinstalling the application.

essp_logs.zip

Link to comment
Share on other sites

  • Administrators
18 minutes ago, krb said:

I am also having this issue since updating to 15.1.12.0

Please carry on as follows:
1, Enable advanced logging under Help and support -> Technical support.
2, Launch a browser and reproduce the warning.
3, Disable logging.
4, Collect fresh logs with ELC and provide the generated archive.

Link to comment
Share on other sites

Hello @Marcos

I have followed those steps and here is the new file. I was able to get the warning in both firefox and edge, however I am unable to attach the file as it is just over 100mb

 

Link to comment
Share on other sites

  • Administrators

You can upload the file to a file sharing service, such as Dropbox, OneDrive, etc. and drop me a private message with a download link.

Link to comment
Share on other sites

15 hours ago, Marcos said:

Please check now, it should work fine.

Thank you, for this user the problem is solved, I will clarify today for other users

Link to comment
Share on other sites

  • Administrators

A secure browser now behaves same as before with older versions of ESET, ie. untrusted dlls are not loaded to the browser and no red badge is displayed.

Link to comment
Share on other sites

42 minutes ago, Marcos said:

A secure browser now behaves same as before with older versions of ESET, ie. untrusted dlls are not loaded to the browser and no red badge is displayed.

Which DLLs ESET considers unreliable?

Link to comment
Share on other sites

3 minutes ago, Marcos said:

Not whitelisted ones, typically not much popular ones.

Can we send you new ESET Log Collector logs created in diagnostic mode for other users who still have the problem?

Link to comment
Share on other sites

  • Administrators
3 minutes ago, safety said:

Can we send you new ESET Log Collector logs created in diagnostic mode for other users who still have the problem?

Is the problem now that the users cannot launch a secure browser, print from a secure brower, etc.? If so, yes, you can provide advanced logs collected with ELC from other machines.

Make sure the users have the latest BPP module 1267 installed:

image.png

Link to comment
Share on other sites

For three other requests, bank payment protection worked correctly after updating the module to 1267 , in some cases I'm waiting for an answer

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...