ESET Secure Browser

[Microbe 6]

Hi ESET Team, 

See the below question of our client:

I am really hoping to understand how these features work in a production environment.

 

How does ESET detect malicious java scripts/downloads and redirect websites during a phishing practice ? Also, does ESET maintain a list of supported & malicious extensions that can be triggered as per the policy settings when a browser extension is installed ?

 

Is the secure browser feature continuously looking to connect to a threat defence database for monitoring purposes ? We also noticed below warning when a user was working on his laptop which is not new to ESET Cloud and was rebooted after enabling secure browser.

 

It seems that this feature auto updates itself even when the user is working and then the yellow banner appears with the warning message. Please clarify with details.

 

 

 

 

 

 

 

 

[Microbe 6]

Hi ESET Team, 

 

Kindly you help us with the above question?

[Marcos 5,143]

1, Malicious extensions should be detected like any other malware. The user can choose if all or only essential extensions be enabled in a secured browser. The isolated browser run through the desktop shortcut "ESET Safe banking and browsing" uses a separate profile and loads only specific extensions whitelisted by ESET.

2, As for the warning, I recall it may occur if you upgrade ESET to a newer version. If the warning persists after a reboot, collect ELC logs after the browser was launched and provide also a Procmon log from the time of launching the browser.

[Microbe 6]

Hi Marcos, 

 

Thank you for your response, we will provide the above information for our client, Thanks

 

 

Cheers, 

Gil

[Microbe 6]

Hi Marcos, 

Our client is currently using ESET Endpoint security, I believe the information above is intended for our home user  "ESET Safe banking and browsing, can you provide us a response related with EES Secure browser and they have other concern that i need we need to provide a response:

 

Question :

Does ESET maintain a list of supported & malicious extensions that can be triggered as per the policy settings when a browser extension is installed ?

 

Is the secure browser feature continuously looking to connect to a threat defence database for monitoring purposes ? 

If you need any require information just let us know.

 

Cheers, 

Gil

[Marcos 5,143]

1, Malicious extensions should be detected like any other malware. The user can choose if all or only essential extensions be enabled in the secure browser.

2, There is no difference between home user products and Endpoint except that there's no desktop shortcut to the secure browser.

3, Continual protection is maintained by real-time protection that detects malicious extensions and on top of that the Secure browser feature blocks loading of any untrusted dlls into the secure browser.

[itman 1,707]

34 minutes ago, Marcos said:

Continual protection is maintained by real-time protection that detects malicious extensions and on top of that the Secure browser feature blocks loading of any untrusted dlls into the secure browser.

Elaborating, there is no difference between Secure Browser and normal browser mode in regards to Eset real-time protection. Both browser modes use Web Access ThreatSense settings for monitoring purposes.

[Marcos 5,143]

In a normal browser we don't block untrusted dlls so any undetected dll can be injected into browser's process.

[Microbe 6]

Hi ESET Team, 

 

Thank you for providing above information, However 2 devices were affected, after rebooting the device, problem still exist.

 

See the attached file for your reference (the file included the ESET Log Collector logs and Procmon logs)

ESET Secure Browser - Collected logs from client.zip

[Microbe 6]

Hi ESET Team, 

 

Thank you for providing above information ( i will provide the above information to our client), However 2 devices were affected, after rebooting the device, problem still exist.

 

See the attached file for your reference (the file included the ESET Log Collector logs and Procmon logs)

[Marcos 5,143]

Please try running Tools - > System cleaner and reset settings that are reported. If it doesn't help, please raise a support ticket and provide complete logs collected with ESET Log Collector that would also include a registry dump.

[Microbe 6]

Hi Marcos, 

Can you send us the file for  System cleaner? Thank you - i asked ESET Australia if they have the copy, but as per ESET AU- they don't have the copy.

 

[Marcos 5,143]

Please temporarily install ESET Internet Security or ESET Smart Security Premium which contains the System cleaner which you can use if the notification to restart the machine continues to show up. If you don't get it any more, uninstall EIS/ESSP and install ESET Endpoint again.

[Microbe 6]

Thank you for your response marcos, i will let our client and will providing your instruction

 

Cheers, 

Gil

[Microbe 6]

Hi Marcos, 

Can you please confirm this behaviour after migrating to ESET Protect Cloud? (i believed he is pertaining from using ESET Endpoint security old version to migrate to newer version)

I have already provided logs last week. (i already submitted last week)

 

It seems the ESET client on laptop auto updates itself and we don’t know what it is trying to install. Not sure what sort of features it is trying to install automatically ?

I believed once you migrated from newer version - the 'Installation of features in progress' 

will initiate all the set up of ESET features - is that correct ?

 

Can you check the below screenshot?

 

[Microbe 6]

Hi ESET Team, 

Can you check the below question of our client:

 

The logs that I provided you earlier was for my own machine, which was migrated from ESET Protect ( On prem) to ESET Protect ( Cloud) using migration policy. Since migration, we are seeing this behaviour on laptops, where the ESET protect client starts auto-updates itself and at the same it gives warning on the browser to restart your computer ( although Secure browser notifications have been disabled in the policy and enforced using ‘lightning’ icon) as per your previous emails.

 

 

Just to be clear, we are not manually running any updates on the ESET Protect client on machines.

 

Question -1 : Why we are still seeing these notifications on browsers when they are already disabled by policy ?

 

Question-2:  What’s the co-relation between functionality of secure browser and any feature update ? What is being installed without any user prompt during that time ?

 

 

Please let me know if you require additional information.

[Marcos 5,143]

The "Installation features in progress" message typically appears after installation and activation or when enabling a new feature, Since virtually all protection modules and features are installed by default, I assume it must be an extra feature such as Full disk encryption that was enabled in ESET PROTECT and installed which triggered the message.

Anyways, since the user is using ESET PROTECT (cloud), I'd recommend raising a support ticket so that a support agent can check the ESET PROTECT instance to find out what's going on. From what you have written I infer that installation of Endpoint could be continually pushed to the client which would likely also account for the message about restart seen in the secure browser.