itman 1,659 Posted December 26, 2022 Share Posted December 26, 2022 (edited) Per Eset on-line product help in regards to the Essential add-on/extension setting: Quote Extension installation mode—From the drop-down menu, you can select which extensions will be allowed to be installed on a browser secured by ESET. Changing the Extension installation mode doesn't affect previously installed browser extensions: •Essential extensions—Only the most essential extensions, developed by a specific browser manufacturer. I have been running to date with the Essential extensions option. Based on the above posted excerpt, I assumed that since I had uBlock Origin extension previously installed in Firefox, any updates to it would not be affected by the Essential extension option. Recently, I noticed .xpi files present in my %LocalAppData%\Temp folder. I knew from previous Eset testing of the Essential extensions option when it blocks an extension from installing in Firefox, it leaves the the blocked .xpi file in the aforementioned folder. Could that extension be an update for uBlock Origin? Sure enough it was per B&PP log file entry; Time;Action;File;Hash;Information;User 12/24/2022 7:02:58 PM;Blocked;C:\Users\xxxxxx\AppData\Local\Temp\tmp-pmo.xpi;012228E84418899A80EEC49F72BDBE5D23AFF109;Extension ID: ublock0@raymondhill.net;xxxxxxxxx Therefore, this statement by Eset, Changing the Extension installation mode doesn't affect previously installed browser extensions, is clearly not the case. Edited December 26, 2022 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted December 27, 2022 Administrators Share Posted December 27, 2022 Thanks for the heads-up, I've created a ticket for developers to consider changing the behavior of extension loading in essential extensions mode. P_ESSW-15961 Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 27, 2022 Author Share Posted December 27, 2022 (edited) 6 hours ago, Marcos said: I've created a ticket for developers to consider changing the behavior of extension loading in essential extensions mode I would also like to see this prioritized since I currently switched Extension installation mode to All Extensions. Here's why. Also in my Banking & Payment Protection log was this interesting entry: Quote Time;Action;File;Hash;Information;User 12/18/2022 10:57:52 AM;Blocked;C:\Users\xxxxxxx\AppData\Local\Temp\83eed406-c6e7-4758-a26d-50f71963996d.tmp;3870ED4AEF4420B1993718B0254C64EEB13D7CFC;Extension ID: odfafepnkmbhccpbejgmiehpchacaeak;xxxxxxx This definitely looks like a malicious extension to me. I checked the hash at VT and nothing was found. -Edit- See next posting. I am also skeptical that FireFox would have alerted me about attempted add-on/extension installation as I have it set to do. I assume that would have occurred prior to Eset in Essential extension installation mode blocked the installation. Also, this is case in point of my contention that no extensions should be allowed on access to critical financial web sites. Edited December 27, 2022 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 27, 2022 Author Share Posted December 27, 2022 (edited) As far as the above odfafepnkmbhccpbejgmiehpchacaeak extension installation block, I must have opened Edge around that time and Eset blocked the uBlock Origin extension update there; Quote Edge: Install from Microsoft Store: https://microsoftedge.microsoft.com/addons/detail/odfafepnkmbhccpbejgmiehpchacaeak https://github.com/gorhill/uBlock/releases Edited December 27, 2022 by itman Link to comment Share on other sites More sharing options...
VW00 3 Posted December 29, 2022 Share Posted December 29, 2022 Does this work for other browsers? Blocking extensions installation or updating? Never used this feature, asking for Edge or Vivaldi. Link to comment Share on other sites More sharing options...
Recommended Posts