Secured browser keyboard protection & FireFox - mistyped characters

[zoltanthegypsy 1]

Apologies if this has already been reported.  Didn't find it in a quick search.

FF 119.0 (also with earlier versions IIRC) ESET IS 16.2.15.0.

Typing in FF - address bar, Lenovo forum site's search box, other entry fields - intermittently characters are mistyped.  "qwertyuiop" becomes "ilnasldnpo" for example.

Restarting FF sorts it for a while.  The reason I suspect keyboard protection: w/out restarting FF I can toggle that off and the problem is fixed.  What I haven't tested is to leave keyboard protection OFF permanently to see if the issue occurs.  Would rather leave protection ON.

thanks,

Zoltan

[Marcos 4,935]

Please generate logs with ESET Log Collector when the issue is manifesting and upload the generated archive here.

Temporarily disabling keyboard protection in the Banking and payment protection advanced setup should work around the issue.

[peteyt 388]

I've randomly encountered something like this occasionally but normally it fixes itself after a few minutes and it's rare so hard to pinpoint the cause or reproduce 

[itman 1,630]

Are you using any anti-keylogger software? Most notably, KeyScrambler which performs the same activities as Eset B&PP keyboard protection. 

[zoltanthegypsy 1]

3 minutes ago, itman said:

Are you using any anti-keylogger software? Most notably, KeyScrambler which performs the same activities as Eset B&PP keyboard protection. 

Nothing else like that running that I'm aware of. The FF privacy add-ons I'm using are Ublock Origin, Adblocker Ultimate, and Privacy badger.  A quick look at their settings doesn't turn up an anti-keylogger option, but perhaps I'm missing something.

ESET IS is the only security software installed other than an inactive free version of MalwareBytes.

Thanks!

[zoltanthegypsy 1]

Caught it messing up again and launched the log collector. I have some general privacy concerns about some of the logs - without really digging in to see what they include.  Can you suggest what's necessary in the report and what can be omitted?

thanks,

Zoltan

[itman 1,630]

1 hour ago, zoltanthegypsy said:

I have some general privacy concerns about some of the logs - without really digging in to see what they include. 

Eset Log Collector only collects existing Eset logs plus select system OS related data. You can post the archived output here in the forum. Only Eset moderators have access to forum attachments

Edited October 28 by itman

[zoltanthegypsy 1]

I can confirm that the PC where I've turned off keyboard protection does not exhibit the problem, but others where it is still enabled do mistype.

When it happens it is sufficient to shift focus away from the browser - by clicking elsewhere - to bring the keyboard back to normal behavior.  For while...

[SeriousHoax 83]

Since keyboard protection became default, I think ESET should have a support/help page where all the software that is known to be incompatible with default ESET settings should be listed. 

[Marcos 4,935]

I'd say it's impossible to compile a complete list of key scramblers that exist in the world.

[constexpr 41]

On 11/6/2023 at 6:27 PM, SeriousHoax said:

Since keyboard protection became default, I think ESET should have a support/help page where all the software that is known to be incompatible with default ESET settings should be listed. 

So far we have evidence of these imcompatibilities https://support.eset.com/en/kb6063-eset-banking-payment-protectioncommon-errors

On 11/6/2023 at 5:34 PM, zoltanthegypsy said:

I can confirm that the PC where I've turned off keyboard protection does not exhibit the problem, but others where it is still enabled do mistype.

When it happens it is sufficient to shift focus away from the browser - by clicking elsewhere - to bring the keyboard back to normal behavior.  For while...

It can be very helpful, if you can share log from ESET Log Collector. You can upload it here without any worry, only ESET staff can see it. Otherwise it's complicated to guess the root of cause.

Edited November 9 by constexpr

[itman 1,630]

On 10/28/2023 at 4:06 PM, zoltanthegypsy said:

The FF privacy add-ons I'm using are Ublock Origin, Adblocker Ultimate, and Privacy badger. 

I suggest you temporarily uninstall AdBlocker Ultimate and see if the scrambled keyboard character issue when using Eset keylogger protection disappers.

Also, using two adblockers could have adverse impacts on browser performance.

[itman 1,630]

Also, after the AdBlocker Ultimate uninstall/reinstall test, do the same for Privacy Badger.

My take is the conflict has to be related to one of these add-ons. I use Ublock Origin with Firefox and it is the only add-on I have installed. I have zero issues with B&PP anti-keylogger protection.

[zoltanthegypsy 1]

12 minutes ago, itman said:

Also, after the AdBlocker Ultimate uninstall/reinstall test, do the same for Privacy Badger.

My take is the conflict has to be related to one of these add-ons. I use Ublock Origin with Firefox and it is the only add-on I have installed. I have zero issues with B&PP anti-keylogger protection.

Thanks.  I'll give those a try.  Not quite sure when Adblocker Plus was dropped and I installed Adblocker Ultimate - but it may coincide with when this problem first showed up.

[itman 1,630]

Another solution here is if this issue is not add-on related is to disable the Secure all browsers option in B&PP settings. When you wish to conduct a web based financial transaction, open B&PP secured browser via Eset desktop icon option.

[itman 1,630]

On 10/28/2023 at 11:47 AM, zoltanthegypsy said:

Typing in FF - address bar, Lenovo forum site's search box, other entry fields - intermittently characters are mistyped.  "qwertyuiop" becomes "ilnasldnpo" for example.

Let's revisit this.

If this activity only occurs on this web site, there is the possibility Lenovo is using a web-site based keylogger;

Quote

There are many different varieties of software keyloggers, including the following types:

• Form-grabbing keyloggers record data entered into a field. This type of keylogging software is typically deployed on a website rather than downloaded on a victim’s computer. A hacker might use form grabbing keyloggers on a malicious website that prompts victims to enter their credentials.
• JavaScript keyloggers are written in JavaScript code and injected into websites. This type of keylogging software can run scripts to record every keystroke entered by website visitors.
• API keyloggers use application programming interfaces running inside of applications to record every keystroke. This type of keylogging software can record an event whenever you press a key within the application.

 

https://www.crowdstrike.com/cybersecurity-101/attack-types/keylogger/

It is logical to assume that if keystroke interception was occurring, it would interfere with B&PP key scrambling activities. Namely, the re-translation of scrambled key characters to their original form. 

Edited November 9 by itman

[zoltanthegypsy 1]

24 minutes ago, itman said:

Let's revisit this.

If this activity only occurs on this web site, there is the possibility Lenovo is using a web-site based keylogger;

https://www.crowdstrike.com/cybersecurity-101/attack-types/keylogger/

It is logical to assume that if keystroke interception was occurring, it would interfere with B&PP key scrambling activities. Namely, the re-translation of scrambled key characters to their original form. 

It isn't specific to Lenovo's site.  It can happen there in their search box.  It can happen in the URL/address bar in FireFox.  It can happen on Google's page when typing a search entry.

[itman 1,630]

1 hour ago, zoltanthegypsy said:

It isn't specific to Lenovo's site.  It can happen there in their search box.  It can happen in the URL/address bar in FireFox.  It can happen on Google's page when typing a search entry.

I enabled Secure all browsers option and could not duplicate the issue in Firefox. Also if this issue was widespread, there would be many forum postings about it.

It is possible that you have a keylogger installed on your device. I would post Eset logs as previously requested so an Eset moderator can review them.

[itman 1,630]

Another possible conflict source with Eset B&PP keylogger protection.

Someone posted recently a screenshot of Lenovo software performing outbound Internet activity and Eset issues with blocking that activity: https://forum.eset.com/topic/37371-interactive-firewall-cannot-block-lenovo-vantage/?do=findComment&comment=175158 .

What caught my attention on the screenshot was something called Lenovo keyboard utility. Checking that out further yields this: https://support.lenovo.com/us/en/downloads/ds500481-lenovo-utility-for-windows-10-64-bit-notebook . If like software from Lenevo is installed on your device, it could be conflicting with B&PP anti-keylogger protection. You can temporarily uninstall that software and see if that resolves your issue with B&PP keylogger protection.

Edited November 10 by itman

[zoltanthegypsy 1]

I only mentioned Lenovo as one of the examples of where the issue might occur.  The daily-driver where I see this happen is a white-box desktop with no Lenovo software.

[zoltanthegypsy 1]

Correction: There's wireless keyboard/trackpoint driver from Lenovo that's been there for years.  I can remove that and see...

[zoltanthegypsy 1]

1 hour ago, itman said:

Another possible conflict source with Eset B&PP keylogger protection.

Someone posted recently a screenshot of Lenovo software performing outbound Internet activity and Eset issues with blocking that activity: https://forum.eset.com/topic/37371-interactive-firewall-cannot-block-lenovo-vantage/?do=findComment&comment=175158 .

What caught my attention on the screenshot was something called Lenovo keyboard utility. Checking that out further yields this: https://support.lenovo.com/us/en/downloads/ds500481-lenovo-utility-for-windows-10-64-bit-notebook . If like software from Lenevo is installed on your device, it could be conflicting with B&PP anti-keylogger protection. You can temporarily uninstall that software and see if that resolves your issue with B&PP keylogger protection.

Made no difference w/the ThinkPad wireless kbd driver removed.  Still see the error randomly.

Today it happened in the CTRL-F search box at the bottom of FF.  Will try to gather those logs at some point.

[GreyGhost 9]

I have encountered this problem recently.  It occurred again today. The only extension I have is uBlock Origin.

I have uploaded the Log Collector log files. 

I do not run a key scrambler/key logger.  Windows 11, Internet Security 16.2.15.0.  Secure all Browsers is set to ON.

I am running the most recent version of Chrome.

Thank you.

eis_logs.zip

[Jonay 0]

Hello

Same problem, but on the gmail.com website. Composing emails works correctly, but when I download a PDF file and save it as in another location on the network, I have the problem with the keyboard. The only solution is to disable the Eset keyboard protection. In Firefox, even if I have the keyboard protect option activated, everything works fine, it only happens to me in Chrome (latest version as of today). I only have the uBlock Origin extension.

Thank you

[SeriousHoax 83]

On 11/9/2023 at 8:37 PM, constexpr said:

So far we have evidence of these imcompatibilities https://support.eset.com/en/kb6063-eset-banking-payment-protectioncommon-errors

Thanks for this link, but I see that it only mentions some security software that have keylogger protection.

I'm talking about incompatibility with apps like this one: https://www.omicronlab.com/avro-keyboard.html which is used by a lot of people in my region. ESET is not compatible with this app. An ESET staff on this forum told me that ESET will work to make it compatible but that was a while ago. Nothing has changed so far. I think ESET should add apps like this to the incompatible list.