Jump to content

Recommended Posts

Posted
20 hours ago, itman said:

I believe the touchpad driver is a UMDF one.

Proofpoint a few years back wrote a great POC at the height of the DoublePulsar incident showing how a standalone .dll could be accessed via reflective .dll injection method by hooking a a thread in another process using DoublePulsar running in Win user mode. POC worked great and thread hooking was virtually undetectable. I suspect something along this line is going on here.

Should someone contact Cirque about this?  They may or may not have put a keylogger into their touchpad driver, and if not, they may want to remove the contaminated driver from their website.

Posted
18 hours ago, David Lambert said:

I only started using ESET on Aug. 1 of last year.  I have never knowingly used the "B&PP feature."

To definitively identify the conflict between the Cirque touchpad software and Eset Secured browser protection, perform the following;

1. Reinstall the Cirque software.

2. Open Eset GUI. Select Setup -> Security Tools -> Banking and Payment Protection. Mouse click on the "Gear" symbol and select Configure. Disable Keyboard protection setting. Mouse Click on OK tab and any subsequent  displayed OK tab to save your setting changes.Verify that Keyboard protection setting is disabled.

3. Open Firefox or Chrome and determine if your prior issues have been resolved. If not, proceed to step 4.

4. Repeat the activity stated in step 2 but this time disable Enhanced Memory Protection setting. Verify that Enhanced Memory protection setting is disabled.

5. Open Firefox or Chrome and determine if your prior issues have been resolved.

Report back on your findings. Also, re-enable B&PP Keyboard and Enhanced Memory protection settings.

  • ESET Staff
Posted
14 minutes ago, itman said:

To definitively identify the conflict between the Cirque touchpad software and Eset Secured browser protection, perform the following;

1. Reinstall the Cirque software.

2. Open Eset GUI. Select Setup -> Security Tools -> Banking and Payment Protection. Mouse click on the "Gear" symbol and select Configure. Disable Keyboard protection setting. Mouse Click on OK tab and any subsequent  displayed OK tab to save your setting changes.Verify that Keyboard protection setting is disabled.

3. Open Firefox or Chrome and determine if your prior issues have been resolved. If not, proceed to step 4.

4. Repeat the activity stated in step 2 but this time disable Enhanced Memory Protection setting. Verify that Enhanced Memory protection setting is disabled.

5. Open Firefox or Chrome and determine if your prior issues have been resolved.

Report back on your findings. Also, re-enable B&PP Keyboard and Enhanced Memory protection settings.

Based on previous logs there is no need to follow this steps. The problem (of slow down) is not in the conflict with our keyboard protection of the Secured browser, but their invasive implementation.

Posted
11 minutes ago, constexpr said:

Based on previous logs there is no need to follow this steps. The problem (of slow down) is not in the conflict with our keyboard protection of the Secured browser, but their invasive implementation.

To clarify, the problem is the invasive implementation of Secure All Browsers?

I already did the testing requested, so I'll report it anyway.

I've reinstalled the Cirque touchpad software.  The browser performance issues come back.

Disabling Keyboard Protection and disabling Enhanced Memory Protection does not fix the browser performance issues.

Disabling Secure All Browsers does fix the browser performance issues, even when Keyboard Protection and Enhanced Memory Protection are both enabled.

Posted (edited)
17 minutes ago, David Lambert said:

Disabling Keyboard Protection and disabling Enhanced Memory Protection does not fix the browser performance issues.

This is an interesting finding.

Your only solution here is to disable the "Secure all browsers" option in B&PP settings.

When you want to perform banking and other financial activities, do so by opening B&PP secure browser via its desktop icon option. Hopefully, the performance issues will be minimal enough to allow this as feasible alternative.

Edited by itman
Posted
6 minutes ago, itman said:

This is an interesting finding.

You're only solution here is to disable the "Secure all browsers" option in B&PP settings.

When you want to perform banking and other financial activities, do so by opening B&PP secure browser via its desktop icon option. Hopefully, the performance issues will be minimal enough to allow this as feasible alternative.

I do not use B&PP.

Posted
Just now, David Lambert said:

I do not use B&PP.

Actually when the Secure all browsers option is enabled, you are indeed using Eset Banking and Payment Protection option. The only difference between the two methods is with Secured all browsers enabled, you are always running the browser in B&PP mode.

  • ESET Staff
Posted
19 minutes ago, David Lambert said:

To clarify, the problem is the invasive implementation of Secure All Browsers?

Cirque software wants to inject to Secured browser and they inproperly handle the fact that this action is blocked

12 minutes ago, itman said:

This is an interesting finding.

You're only solution here is to disable the "Secure all browsers" option in B&PP settings.

I see at least 2 possible solutions. You can have Secured browser, that (among other protection) bloks injection of unknown 3rd party code or browser with injected 3rd party code. But definitely you cannot have both of them.

3rd option is that Cirque software should not try to inject other processes thousands of times per minute, that will definitely help (and is the source of the slow down issue).

Posted
39 minutes ago, constexpr said:

Cirque software wants to inject to Secured browser and they inproperly handle the fact that this action is blocked

I see at least 2 possible solutions. You can have Secured browser, that (among other protection) bloks injection of unknown 3rd party code or browser with injected 3rd party code. But definitely you cannot have both of them.

3rd option is that Cirque software should not try to inject other processes thousands of times per minute, that will definitely help (and is the source of the slow down issue).

Like I said before, I can live without the touchpad drivers.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...