Banking & Payment Protection

[Pug 2]

Hello,

I don't see much conversation related to the above image. The provided steps, as shown below, don't provide much clarity to my circumstances.

https://help.eset.com/essp/15/en-US/idh_config_opp_badge.html#s-in-browser-notifications

 

• Security alert and red browser frame: The browser is not protected by the ESET Banking & Payment protection. Restart the browser to ensure the protection is active. To resolve a conflict with files loaded in the browser, contact ESET Technical Support by following the instructions in our Knowledgebase article. https://support.eset.com/en/kb3466-how-do-i-use-eset-log-collector

Granted, I've rarely gotten B&PP to consistently work/run on any of my browsers—but the red browser frame is a first.

 

Generally speaking, has anyone else experienced B&PP issues?

 

 

 

Thank for your time

[Marcos 5,306]

Please provide logs collected with ESET Log Collector.

[safety 8]

Hello, we have a lot of requests with the same issue in Russia. Is there any solution?

Edited March 30, 2022 by safety

[Marcos 5,306]

3 minutes ago, safety said:

Hello, we have a lot of requests with the same issue in Russia. Is there any solution?

Please provide ELC logs too. Before launching a browser and reproducing the issue, enable advanced logging under Help and support -> Technical support. After reproducing the warning, disable logging and then collect logs with ELC.

Most likely there is an untrusted dll loaded in the browser which is allowed as of v15.1, however, the notification is displayed. With previous versions it was not possible to launch the secured browser in such case.

[safety 8]

3 minutes ago, Marcos said:

Please provide ESET Log Collector logs too. Before launching a browser and reproducing the issue, enable advanced logging under Help and support -> Technical support. After reproducing the warning, disable logging and then collect logs with ESET Log Collector.

Most likely there is an untrusted dll loaded in the browser which is allowed as of v15.1, however, the notification is displayed. With previous versions it was not possible to launch the secured browser in such case.

Ok, let's try to make an ESET Log Collector log in this mode. The problem actually became active after updating to 15.1.12.0

[safety 8]

Could it be unwanted browser extensions?

[Marcos 5,306]

9 minutes ago, safety said:

Could it be unwanted browser extensions?

Shouldn't be since only whitelisted extensions are loaded by the secured browser.

[itman 1,760]

The work around for this issue till it is resolved is to disabled "Secure all browsers" per the below screen shot. This will prevent any browser extensions from loading in Banking &Payment Protection mode and should eliminate the error message.

[safety 8]

1 hour ago, Marcos said:

Shouldn't be since only whitelisted extensions are loaded by the secured browser.

Dear Marcos, can I post the ESET Log Collector log via the link in private messages?

[itman 1,760]

4 hours ago, safety said:

Dear Marcos, can I post the ESET Log Collector log via the link in private messages?

Really, there is no issue with posting a Log file attachment to a forum posting. Only Eset moderators can access those attachments.

[itman 1,760]

I ran a test on my ESSP installation which is the latest version.

With B&PP Secure all browsers enabled and using the latest version of Firefox, there were no issues when B&PP was accessed via its desktop icon. I only use one Firefox extension and it's uBlock Origin.

This leads me to believe that Eset users running B&PP w/Secure all browsers option enabled :

1 Are loading a malicious extension or;

2. Eset has not whitelisted the extension, or;

3. Something else is loading code; possibly malicious, into the browser memory.

[Marcos 5,306]

6 hours ago, safety said:

can I post the ESET Log Collector log via the link in private messages?

You have several 3rd party dlls injected in the msedge.exe process:
c:\programdata\a-volute\a-volute.28054df1f58b4\modules\scheduledmodules\x64\nahimicosd.dll (Nahimic)
c:\program files\common files\crypto pro\shared\pkivalidator.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpcspi.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpsuprt.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpui.dll (Crypto-PRO company)
c:\windows\system32\cpsspap.dll (Crypto-PRO company)
c:\program files\crypto pro\csp\cpcsp.dll (Crypto-PRO company)
c:\program files\common files\crypto pro\appcompat\cpschan.dll (Crypto-PRO company)
c:\program files\common files\crypto pro\appcompat\cpmsi.dll (Crypto-PRO company)

The difference between v15.1 and v15.0 and older is that we now open a secure browser even if an untrusted dll is loaded. In such case the above notification is displayed.

Will need to check with devs as to which of the dlls is not trusted. Will keep you posted.

[safety 8]

all dlls from this list are known

C:\PROGRAMDATA\A-VOLUTE\A-VOLUTE.28054DF1F58B4\MODULES\SCHEDULEDMODULES\X64\NAHIMICOSD.DLL

Valid signed by A-Volute SAS

C:\PROGRAM FILES\COMMON FILES\CRYPTO PRO\APPCOMPAT\CPADVAI.DLL

Valid, signed by CRYPTO-PRO

----

C:\PROGRAM FILES\COMMON FILES\CRYPTO PRO\APPCOMPAT\DETOURED.DLL

Valid, signed by CRYPTO-PRO

Edited March 31, 2022 by safety

[Marcos 5,306]

Please check now, it should work fine.

[krb 1]

Hello @Marcos

I am also having this issue since updating to 15.1.12.0

As requested I have run the log collector and attached them here.

I have tried all the other steps including reinstalling the application.

essp_logs.zip

[Marcos 5,306]

18 minutes ago, krb said:

I am also having this issue since updating to 15.1.12.0

Please carry on as follows:
1, Enable advanced logging under Help and support -> Technical support.
2, Launch a browser and reproduce the warning.
3, Disable logging.
4, Collect fresh logs with ELC and provide the generated archive.

[krb 1]

Hello @Marcos

I have followed those steps and here is the new file. I was able to get the warning in both firefox and edge, however I am unable to attach the file as it is just over 100mb

 

[Marcos 5,306]

You can upload the file to a file sharing service, such as Dropbox, OneDrive, etc. and drop me a private message with a download link.

[safety 8]

15 hours ago, Marcos said:

Please check now, it should work fine.

Thank you, for this user the problem is solved, I will clarify today for other users

[Marcos 5,306]

A secure browser now behaves same as before with older versions of ESET, ie. untrusted dlls are not loaded to the browser and no red badge is displayed.

[safety 8]

42 minutes ago, Marcos said:

A secure browser now behaves same as before with older versions of ESET, ie. untrusted dlls are not loaded to the browser and no red badge is displayed.

Which DLLs ESET considers unreliable?

[Marcos 5,306]

Not whitelisted ones, typically not much popular ones.

[safety 8]

3 minutes ago, Marcos said:

Not whitelisted ones, typically not much popular ones.

Can we send you new ESET Log Collector logs created in diagnostic mode for other users who still have the problem?

[Marcos 5,306]

3 minutes ago, safety said:

Can we send you new ESET Log Collector logs created in diagnostic mode for other users who still have the problem?

Is the problem now that the users cannot launch a secure browser, print from a secure brower, etc.? If so, yes, you can provide advanced logs collected with ELC from other machines.

Make sure the users have the latest BPP module 1267 installed:

[safety 8]

For three other requests, bank payment protection worked correctly after updating the module to 1267 , in some cases I'm waiting for an answer