Jump to content

Another Secure All Browsers Issue


Recommended Posts

Per Eset on-line product help in regards to the Essential add-on/extension setting:

Quote

Extension installation mode—From the drop-down menu, you can select which extensions will be allowed to be installed on a browser secured by ESET. Changing the Extension installation mode doesn't affect previously installed browser extensions:

•Essential extensions—Only the most essential extensions, developed by a specific browser manufacturer.

I have been running to date with the Essential extensions option. Based on the above posted excerpt, I assumed that since I had uBlock Origin extension previously installed in Firefox, any updates to it would not be affected by the Essential extension option.

Recently, I noticed .xpi files present in my %LocalAppData%\Temp folder. I knew from previous Eset testing of the Essential extensions option when it blocks an extension from installing in Firefox, it leaves the the blocked .xpi file in the aforementioned folder. Could that extension be an update for uBlock Origin? Sure enough it was per B&PP log file entry;

Time;Action;File;Hash;Information;User
12/24/2022 7:02:58 PM;Blocked;C:\Users\xxxxxx\AppData\Local\Temp\tmp-pmo.xpi;012228E84418899A80EEC49F72BDBE5D23AFF109;Extension ID: ublock0@raymondhill.net;xxxxxxxxx

Therefore, this statement by Eset, Changing the Extension installation mode doesn't affect previously installed browser extensions, is clearly not the case.

Edited by itman
Link to comment
Share on other sites

  • Administrators

Thanks for the heads-up, I've created a ticket for developers to consider changing the behavior of extension loading in essential extensions mode.

P_ESSW-15961

Link to comment
Share on other sites

6 hours ago, Marcos said:

I've created a ticket for developers to consider changing the behavior of extension loading in essential extensions mode

I would also like to see this prioritized since I currently switched Extension installation mode to All Extensions. Here's why.

Also in my Banking & Payment Protection log was this interesting entry:

Quote

Time;Action;File;Hash;Information;User
12/18/2022 10:57:52 AM;Blocked;C:\Users\xxxxxxx\AppData\Local\Temp\83eed406-c6e7-4758-a26d-50f71963996d.tmp;3870ED4AEF4420B1993718B0254C64EEB13D7CFC;Extension ID: odfafepnkmbhccpbejgmiehpchacaeak;xxxxxxx

This definitely looks like a malicious extension to me. I checked the hash at VT and nothing was found. -Edit- See next posting.

I am also skeptical that FireFox would have alerted me about attempted add-on/extension installation as I have it set to do. I assume that would have occurred prior to Eset in Essential extension installation mode blocked the installation. Also, this is case in point of my contention that no extensions should be allowed on access to critical financial web sites.  

Edited by itman
Link to comment
Share on other sites

As far as the above odfafepnkmbhccpbejgmiehpchacaeak extension installation block, I must have opened Edge around that time and Eset blocked the uBlock Origin extension update there;

Quote

https://github.com/gorhill/uBlock/releases

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...