Eset blocks pasting

[itman 1,659]

In regards to above posted clipboard delay-rendering operational details, let's explore Win 10/11 clipboard settings. Below is a screen shot of mine:

The first thing to note is I have all its settings disabled via group policy. Why? Not only is clipboard history a great place for malware to hide, but it is also used by Microsoft to hide its telemetry data.

Next is Microsoft states that there is no restriction on the amount of clipboard data that can be stored and/or copied.

Finally, let's assume that Eset's protocol scanning is not just scanning immediately copied clipboard data but is actually scanning everything stored in clipboard history. If a large amount of data is being copied frequently, the result is a huge amount of data being stored in clipboard history. Eset protocol scanning of this data could easily result in the clipboard delay-rendering threshold of 30 secs. being exceeded.

[Marcos 5,070]

Protocol filtering works as a filter in Windows Filtering Platform and has nothing to do with clipboard history, hence it's hard to believe it would affect pasting from clipboard.

[itman 1,659]

11 minutes ago, Marcos said:

Protocol filtering works as a filter in Windows Filtering Platform and has nothing to do with clipboard history, hence it's hard to believe it would affect pasting from clipboard.

The question is what happens when clipboard data is copied into a browser web page since this is the only issue the OP is having in this regard?

Is it possible that data is flowing through WFP?

Edited December 30, 2022 by itman

[Marcos 5,070]

WFP comes into play at the network level as data is received by the machine. It does not do anything with the data afterwards.

[Alper 0]

20 hours ago, Marcos said:

It's strange that disabling http checking make a difference because it's actually Banking and payment protection that has this feature and protocol filtering doesn't affect outbound communication. Perhaps we could start off by providing two sets of ESET Log Collector logs, one with the appropriate setting disabled and the other with the setting enabled. Create logs by enabling advanced logging under Help and support -> Technical support. After each round (enable/disable the setting), collect ESET Log Collector logs and put a remark in the file name so that it's clear which logs were collected when the issue occurred.

I will try this and let you know. It is useful to pay attention to this. There is no problem with pasting outside of browsers. But this is the case in all browsers.

[itman 1,659]

I was finally able to duplicate the behavior the OP is describing by copying a 4.4 MB file; sort of that is. Before I elaborate further, I need @Alper to perform the following test.

1. Re-enable Eset protocol filtering.

2 Copy a large volume of data as you have done in the past. Ensure none of the data is of a sensitive nature.

3. Paste into the "Send to Online Clipboard" window shown on this web page: https://online-clipboard.online/online-clipboard/.

Did the data copy successfully and quickly to this web page window?

Edited December 30, 2022 by itman

[Marcos 5,070]

10 hours ago, itman said:

I was finally able to duplicate the behavior the OP is describing by copying a 4.4 MB file; sort of that is.

This involves https communication and cannot be compared to copying and pasting text via Ctrl+C and Ctrl+V locally. I assume the OP was referring to the local clipboard, not to a cloud one provided by 3rd party tools or web services.

[itman 1,659]

7 hours ago, Marcos said:

This involves https communication and cannot be compared to copying and pasting text via Ctrl+C and Ctrl+V locally. I assume the OP was referring to the local clipboard, not to a cloud one provided by 3rd party tools or web services.

The OP stated he has no issues with paste activities locally. His issue is when he attempts to paste a large volume of text data previously copied locally into a web site page;

Quote

Hey itman. I've tried with chrome, firefox and edge. All were the same. When I copy a text, I was able to paste any place except browsers. But this only happened with long texts. There was no problem with the shorts. OS: windows 10.

Your noting that HTTPS is utilized when copying text "to a cloud one provided by 3rd party tools or web services." is why I specifically chose this method to test with. When I pasted 4.4 MB of locally copied data to the web page linked above, the rendering of that copied data was almost instantaneous. Therefore, I conclude that there is no direct connection to Eset protocol filtering and the issue he is experiencing.

However, when I attempted to copy that 4.4 MB of data to an Eset forum reply, no paste data rendering occurred after 5 mins.. Further, the Eset forum web page data displayed previously was partially erased and the web page locked up. I had to completely exit the Eset forum web site to get things back to normal in Firefox. I therefore conclude that the OP's issue is caused by web site server based protection mechanisms in regards to processing a large volume of injected data and the scanning of that data.

Edited December 31, 2022 by itman

[Alper 0]

On 12/31/2022 at 10:32 AM, Marcos said:

This involves https communication and cannot be compared to copying and pasting text via Ctrl+C and Ctrl+V locally. I assume the OP was referring to the local clipboard, not to a cloud one provided by 3rd party tools or web services.

I've logged issue while can't pasting. How can I send the files?

 

On 12/31/2022 at 12:30 AM, itman said:

I was finally able to duplicate the behavior the OP is describing by copying a 4.4 MB file; sort of that is. Before I elaborate further, I need @Alper to perform the following test.

1. Re-enable Eset protocol filtering.

2 Copy a large volume of data as you have done in the past. Ensure none of the data is of a sensitive nature.

3. Paste into the "Send to Online Clipboard" window shown on this web page: https://online-clipboard.online/online-clipboard/.

Did the data copy successfully and quickly to this web page window?

I couldn't paste to the website. I able to still paste anywhere except browsers after activate the "HTTP protocol checking" option.

[itman 1,659]

28 minutes ago, Alper said:

I've logged issue while can't pasting. How can I send the files?

You can attach the logs to your next forum reply. Only forum moderators can access posted attachments.

If the log size exceeds the maximum allowed by the forum, you will have to upload the logs to a file sharing web site. Then provide the access link generated by site to @Marcos via forum private message

[Alper 0]

11 hours ago, itman said:

You can attach the logs to your next forum reply. Only forum moderators can access posted attachments.

If the log size exceeds the maximum allowed by the forum, you will have to upload the logs to a file sharing web site. Then provide the access link generated by site to @Marcos via forum private message

Apparently it also includes my sniffed network traffic. When I check the pcap file, I see that there are my google requests in the file. Although the cookies are encrypted, I will not  share them for security reasons. For the solution, I think the information I have given is sufficient. Please let me know if you want specific files from in it.

[Marcos 5,070]

The pcap logs are the most important ones if disabling protocol filtering helps. Unless you provide step-by-step instructions how to reproduce the issue, we'll try to reproduce it per itman's instructions via online-clipboard.online. 

You can avoid browsing sensitive websites while pcap logs are being created and then provide them (all ELC logs) for perusal.

[constexpr 46]

I expect that @Alperhas Secure all browsers feature On. In this case disable HTTP protocol filtering indeed fix the issue with clipboard paste. But I believe that when you disable HTTP filtering, you also see yet another warn - Banking & Payment protection is non-functional.

This is not a bug, but a side effect of protecting against one family of banking trojans. We will modify this protection so that it doesn't interfere with normal copy-paste actions.

I'll keep you informed

[EdK 0]

I have same problem, but only when I am pasting html/javascript/php codes to textareas on websites. I can't copy items on pages like https://flutterflow.io/ when I am copying objects. It can be 100 chars long code. But normal text is ok.

Ed

[Marcos 5,070]

9 hours ago, EdK said:

I have same problem, but only when I am pasting html/javascript/php codes to textareas on websites.

You can test it with a new BPP module 1295 which will be put on the pre-release update channel probably today or later this week. The new module will have this security limitation removed.

[Alper 0]

On 1/11/2023 at 1:56 PM, constexpr said:

I expect that @Alperhas Secure all browsers feature On. In this case disable HTTP protocol filtering indeed fix the issue with clipboard paste. But I believe that when you disable HTTP filtering, you also see yet another warn - Banking & Payment protection is non-functional.

This is not a bug, but a side effect of protecting against one family of banking trojans. We will modify this protection so that it doesn't interfere with normal copy-paste actions.

I'll keep you informed

Has there been an update on this yet?

[Marcos 5,070]

The BPP module 1295 is currently available on the pre-release update channel.

[EdK 0]

When it will be on common channel?

[Marcos 5,070]

10 hours ago, EdK said:

When it will be on common channel?

This or next week. The BPP module 1295 or 1296 has already been distributed to a few million of users already.

[constexpr 46]

On 2/11/2023 at 8:01 PM, Alper said:

Has there been an update on this yet?

On 2/15/2023 at 9:46 PM, EdK said:

When it will be on common channel?

BPP module 1296 is fully released. Please check if it helps to your scenarios and let us know if the issue is resolved.

Thanks

Edited February 22, 2023 by constexpr