Jump to content

Another Secure All Browsers Issue


Recommended Posts

Per Eset on-line product help in regards to the Essential add-on/extension setting:

Quote

Extension installation mode—From the drop-down menu, you can select which extensions will be allowed to be installed on a browser secured by ESET. Changing the Extension installation mode doesn't affect previously installed browser extensions:

•Essential extensions—Only the most essential extensions, developed by a specific browser manufacturer.

I have been running to date with the Essential extensions option. Based on the above posted excerpt, I assumed that since I had uBlock Origin extension previously installed in Firefox, any updates to it would not be affected by the Essential extension option.

Recently, I noticed .xpi files present in my %LocalAppData%\Temp folder. I knew from previous Eset testing of the Essential extensions option when it blocks an extension from installing in Firefox, it leaves the the blocked .xpi file in the aforementioned folder. Could that extension be an update for uBlock Origin? Sure enough it was per B&PP log file entry;

Time;Action;File;Hash;Information;User
12/24/2022 7:02:58 PM;Blocked;C:\Users\xxxxxx\AppData\Local\Temp\tmp-pmo.xpi;012228E84418899A80EEC49F72BDBE5D23AFF109;Extension ID: ublock0@raymondhill.net;xxxxxxxxx

Therefore, this statement by Eset, Changing the Extension installation mode doesn't affect previously installed browser extensions, is clearly not the case.

Edited by itman
Link to comment
Share on other sites

  • Administrators

Thanks for the heads-up, I've created a ticket for developers to consider changing the behavior of extension loading in essential extensions mode.

P_ESSW-15961

Link to comment
Share on other sites

6 hours ago, Marcos said:

I've created a ticket for developers to consider changing the behavior of extension loading in essential extensions mode

I would also like to see this prioritized since I currently switched Extension installation mode to All Extensions. Here's why.

Also in my Banking & Payment Protection log was this interesting entry:

Quote

Time;Action;File;Hash;Information;User
12/18/2022 10:57:52 AM;Blocked;C:\Users\xxxxxxx\AppData\Local\Temp\83eed406-c6e7-4758-a26d-50f71963996d.tmp;3870ED4AEF4420B1993718B0254C64EEB13D7CFC;Extension ID: odfafepnkmbhccpbejgmiehpchacaeak;xxxxxxx

This definitely looks like a malicious extension to me. I checked the hash at VT and nothing was found. -Edit- See next posting.

I am also skeptical that FireFox would have alerted me about attempted add-on/extension installation as I have it set to do. I assume that would have occurred prior to Eset in Essential extension installation mode blocked the installation. Also, this is case in point of my contention that no extensions should be allowed on access to critical financial web sites.  

Edited by itman
Link to comment
Share on other sites

As far as the above odfafepnkmbhccpbejgmiehpchacaeak extension installation block, I must have opened Edge around that time and Eset blocked the uBlock Origin extension update there;

Quote

https://github.com/gorhill/uBlock/releases

Edited by itman
Link to comment
Share on other sites

Does this work for other browsers? Blocking extensions installation or updating? Never used this feature, asking for Edge or Vivaldi.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...