itman 1,659 Posted December 30, 2022 Share Posted December 30, 2022 In regards to above posted clipboard delay-rendering operational details, let's explore Win 10/11 clipboard settings. Below is a screen shot of mine: The first thing to note is I have all its settings disabled via group policy. Why? Not only is clipboard history a great place for malware to hide, but it is also used by Microsoft to hide its telemetry data. Next is Microsoft states that there is no restriction on the amount of clipboard data that can be stored and/or copied. Finally, let's assume that Eset's protocol scanning is not just scanning immediately copied clipboard data but is actually scanning everything stored in clipboard history. If a large amount of data is being copied frequently, the result is a huge amount of data being stored in clipboard history. Eset protocol scanning of this data could easily result in the clipboard delay-rendering threshold of 30 secs. being exceeded. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted December 30, 2022 Administrators Share Posted December 30, 2022 Protocol filtering works as a filter in Windows Filtering Platform and has nothing to do with clipboard history, hence it's hard to believe it would affect pasting from clipboard. Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 30, 2022 Share Posted December 30, 2022 (edited) 11 minutes ago, Marcos said: Protocol filtering works as a filter in Windows Filtering Platform and has nothing to do with clipboard history, hence it's hard to believe it would affect pasting from clipboard. The question is what happens when clipboard data is copied into a browser web page since this is the only issue the OP is having in this regard? Is it possible that data is flowing through WFP? Edited December 30, 2022 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted December 30, 2022 Administrators Share Posted December 30, 2022 WFP comes into play at the network level as data is received by the machine. It does not do anything with the data afterwards. Link to comment Share on other sites More sharing options...
Alper 0 Posted December 30, 2022 Author Share Posted December 30, 2022 20 hours ago, Marcos said: It's strange that disabling http checking make a difference because it's actually Banking and payment protection that has this feature and protocol filtering doesn't affect outbound communication. Perhaps we could start off by providing two sets of ESET Log Collector logs, one with the appropriate setting disabled and the other with the setting enabled. Create logs by enabling advanced logging under Help and support -> Technical support. After each round (enable/disable the setting), collect ESET Log Collector logs and put a remark in the file name so that it's clear which logs were collected when the issue occurred. I will try this and let you know. It is useful to pay attention to this. There is no problem with pasting outside of browsers. But this is the case in all browsers. Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 30, 2022 Share Posted December 30, 2022 (edited) I was finally able to duplicate the behavior the OP is describing by copying a 4.4 MB file; sort of that is. Before I elaborate further, I need @Alper to perform the following test. 1. Re-enable Eset protocol filtering. 2 Copy a large volume of data as you have done in the past. Ensure none of the data is of a sensitive nature. 3. Paste into the "Send to Online Clipboard" window shown on this web page: https://online-clipboard.online/online-clipboard/. Did the data copy successfully and quickly to this web page window? Edited December 30, 2022 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted December 31, 2022 Administrators Share Posted December 31, 2022 10 hours ago, itman said: I was finally able to duplicate the behavior the OP is describing by copying a 4.4 MB file; sort of that is. This involves https communication and cannot be compared to copying and pasting text via Ctrl+C and Ctrl+V locally. I assume the OP was referring to the local clipboard, not to a cloud one provided by 3rd party tools or web services. Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 31, 2022 Share Posted December 31, 2022 (edited) 7 hours ago, Marcos said: This involves https communication and cannot be compared to copying and pasting text via Ctrl+C and Ctrl+V locally. I assume the OP was referring to the local clipboard, not to a cloud one provided by 3rd party tools or web services. The OP stated he has no issues with paste activities locally. His issue is when he attempts to paste a large volume of text data previously copied locally into a web site page; Quote Hey itman. I've tried with chrome, firefox and edge. All were the same. When I copy a text, I was able to paste any place except browsers. But this only happened with long texts. There was no problem with the shorts. OS: windows 10. Your noting that HTTPS is utilized when copying text "to a cloud one provided by 3rd party tools or web services." is why I specifically chose this method to test with. When I pasted 4.4 MB of locally copied data to the web page linked above, the rendering of that copied data was almost instantaneous. Therefore, I conclude that there is no direct connection to Eset protocol filtering and the issue he is experiencing. However, when I attempted to copy that 4.4 MB of data to an Eset forum reply, no paste data rendering occurred after 5 mins.. Further, the Eset forum web page data displayed previously was partially erased and the web page locked up. I had to completely exit the Eset forum web site to get things back to normal in Firefox. I therefore conclude that the OP's issue is caused by web site server based protection mechanisms in regards to processing a large volume of injected data and the scanning of that data. Edited December 31, 2022 by itman Link to comment Share on other sites More sharing options...
Alper 0 Posted January 2, 2023 Author Share Posted January 2, 2023 On 12/31/2022 at 10:32 AM, Marcos said: This involves https communication and cannot be compared to copying and pasting text via Ctrl+C and Ctrl+V locally. I assume the OP was referring to the local clipboard, not to a cloud one provided by 3rd party tools or web services. I've logged issue while can't pasting. How can I send the files? On 12/31/2022 at 12:30 AM, itman said: I was finally able to duplicate the behavior the OP is describing by copying a 4.4 MB file; sort of that is. Before I elaborate further, I need @Alper to perform the following test. 1. Re-enable Eset protocol filtering. 2 Copy a large volume of data as you have done in the past. Ensure none of the data is of a sensitive nature. 3. Paste into the "Send to Online Clipboard" window shown on this web page: https://online-clipboard.online/online-clipboard/. Did the data copy successfully and quickly to this web page window? I couldn't paste to the website. I able to still paste anywhere except browsers after activate the "HTTP protocol checking" option. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 2, 2023 Share Posted January 2, 2023 28 minutes ago, Alper said: I've logged issue while can't pasting. How can I send the files? You can attach the logs to your next forum reply. Only forum moderators can access posted attachments. If the log size exceeds the maximum allowed by the forum, you will have to upload the logs to a file sharing web site. Then provide the access link generated by site to @Marcos via forum private message Link to comment Share on other sites More sharing options...
Alper 0 Posted January 3, 2023 Author Share Posted January 3, 2023 11 hours ago, itman said: You can attach the logs to your next forum reply. Only forum moderators can access posted attachments. If the log size exceeds the maximum allowed by the forum, you will have to upload the logs to a file sharing web site. Then provide the access link generated by site to @Marcos via forum private message Apparently it also includes my sniffed network traffic. When I check the pcap file, I see that there are my google requests in the file. Although the cookies are encrypted, I will not share them for security reasons. For the solution, I think the information I have given is sufficient. Please let me know if you want specific files from in it. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 3, 2023 Administrators Share Posted January 3, 2023 The pcap logs are the most important ones if disabling protocol filtering helps. Unless you provide step-by-step instructions how to reproduce the issue, we'll try to reproduce it per itman's instructions via online-clipboard.online. You can avoid browsing sensitive websites while pcap logs are being created and then provide them (all ELC logs) for perusal. Link to comment Share on other sites More sharing options...
ESET Staff constexpr 46 Posted January 11, 2023 ESET Staff Share Posted January 11, 2023 I expect that @Alperhas Secure all browsers feature On. In this case disable HTTP protocol filtering indeed fix the issue with clipboard paste. But I believe that when you disable HTTP filtering, you also see yet another warn - Banking & Payment protection is non-functional. This is not a bug, but a side effect of protecting against one family of banking trojans. We will modify this protection so that it doesn't interfere with normal copy-paste actions. I'll keep you informed micasayyo 1 Link to comment Share on other sites More sharing options...
EdK 0 Posted January 30, 2023 Share Posted January 30, 2023 I have same problem, but only when I am pasting html/javascript/php codes to textareas on websites. I can't copy items on pages like https://flutterflow.io/ when I am copying objects. It can be 100 chars long code. But normal text is ok. Ed Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 31, 2023 Administrators Share Posted January 31, 2023 9 hours ago, EdK said: I have same problem, but only when I am pasting html/javascript/php codes to textareas on websites. You can test it with a new BPP module 1295 which will be put on the pre-release update channel probably today or later this week. The new module will have this security limitation removed. Link to comment Share on other sites More sharing options...
Alper 0 Posted February 11, 2023 Author Share Posted February 11, 2023 On 1/11/2023 at 1:56 PM, constexpr said: I expect that @Alperhas Secure all browsers feature On. In this case disable HTTP protocol filtering indeed fix the issue with clipboard paste. But I believe that when you disable HTTP filtering, you also see yet another warn - Banking & Payment protection is non-functional. This is not a bug, but a side effect of protecting against one family of banking trojans. We will modify this protection so that it doesn't interfere with normal copy-paste actions. I'll keep you informed Has there been an update on this yet? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted February 11, 2023 Administrators Share Posted February 11, 2023 The BPP module 1295 is currently available on the pre-release update channel. micasayyo 1 Link to comment Share on other sites More sharing options...
EdK 0 Posted February 15, 2023 Share Posted February 15, 2023 When it will be on common channel? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted February 16, 2023 Administrators Share Posted February 16, 2023 10 hours ago, EdK said: When it will be on common channel? This or next week. The BPP module 1295 or 1296 has already been distributed to a few million of users already. Link to comment Share on other sites More sharing options...
ESET Staff constexpr 46 Posted February 22, 2023 ESET Staff Share Posted February 22, 2023 (edited) On 2/11/2023 at 8:01 PM, Alper said: Has there been an update on this yet? On 2/15/2023 at 9:46 PM, EdK said: When it will be on common channel? BPP module 1296 is fully released. Please check if it helps to your scenarios and let us know if the issue is resolved. Thanks Edited February 22, 2023 by constexpr Link to comment Share on other sites More sharing options...
Recommended Posts