F5: Email Client / Web browser / Active mode explained

Discussion in 'ESET Smart Security' started by admsupport, Jan 20, 2009.

Thread Status:
Not open for further replies.
  1. admsupport

    admsupport Registered Member

    Joined:
    Oct 26, 2008
    Posts:
    49
    Location:
    Japan
    I read the manual, but it lacks examples and study case. I understand the nature of these functions but I am not sure how/when to apply them correctly.

    -------------------------------------------

    Q1. Email Client:
    I use Outlook. There are settings for Outlook in the sub-branch under:


    Email Protection
    Microsoft Outlook​

    What about in the branch POP3
    Email Client​
    Shall I put a cross ALSO on the Outlook icon in the windows? Why are so many application in this windows which are obviously not Email clients but simply application flagged by the FF as trying to communicate with a remote computer?

    ----------------------------------------------


    Q2. Web Access protection
    HTTP​
    Port 80, 8080, 3128. In the case I open a port on my Nat router let say 26006 to communicate with utorrent, shall I include this port number in the list (or not/why?)

    Web Browser​
    In different thread, see for reference: https://www.wilderssecurity.com/showthread.php?p=1387940#post1387940 (many thanks to funkydude & minus for their explanations :cool: )

    I had a serious problem with utorrent.exe being marked as a Web Browser. ekrn.exe was filtering all the communication from/to utorrent.exe and screwed my internet. Since a user advised to red cross utorrent.exe, it is now fine.

    What about the other application. Why WINWORD.EXE is marked as a web browser and not (?) let's say MIRANDA.EXE (instant message). I am really not clear about it. The manual says check them all for security and if you encounter a problem, de-select them (sounds to me like: shoot them all without question, if else take a good lawyer... no much of an information :thumbd: )

    Active mode​
    For what I know Web Browser filters in batch when Active mode filters constantly. Alright, but that's more than vague. Let's take WINWORD.EXE what prevail and in what circumstances? Or for another application in the list.

    It would be really nice of one of the power users around here to sort these definitions out and explain me these functions.

    Use ESET as is, and stf :gack: ? oh! no :p
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    As far as I know, an application needs to send data on a port listed as an "HTTP Port" to be ticked automatically by ESET.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Most likely that's because Winword has repeatedly communicated over http whilst Miranda doesn't communicate via http on a regular basis (maybe it only tried to connect to the update server to retrieve updates once or so and that's why it appears in the list).
     
  4. admsupport

    admsupport Registered Member

    Joined:
    Oct 26, 2008
    Posts:
    49
    Location:
    Japan
    So if I understand well,

    In the event I ad a port (as in my post Port 2006) in the field of the advance setting: HTTP, Then automatically utorrent.exe in the Web Browser window would be ticked? That would make sense.

    What about my question 1

    And is there a RELATION between a firewall rule I edit to prevent an outbound communication (let's take again WINWORD.EXE) and its presence in the Web Browser window in the GUI. Or Rules and Filtering are different actions and not related processes? What I mean by that is if/when I create a firewall rule for an application figuring in the Browser window, shall I remove it from there to make the rule effective (see the example below)?

    I am still confuse with the relations between (for "X" given applications figuring IN all these following windows) the WEB BROWSER & EMAIL CLIENT & FIREWALL RULE.

    Let's illustrate by a simple example:
    Let's say for any reason, I decide to prevent OUTLOOK to communicate both ways. I will edit a rule in the firwall. Then, I would expect OUTLOOK NOT to figure in any other windows anymore, but in the firewall. Since OUTLOOK will still be present in the WEB BROWSER window and in the EMAIL CLIENT window, I am unsure if the firewall rule is effective or if further actions must be taken o_O
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Web browser and email scanning is part of the AV, it has nothing to do with the firewall. It scans the communication for potential viral threats.

    Why wouldn't you want outlook ticked? I have my email client ticked in POP3 and so should you.

    X = No viral scanning
    nothing = only scanning of ports that you designated/default ports
    tick = all communication scanning.

    That holds true for web browsers and email clients.
     
  6. admsupport

    admsupport Registered Member

    Joined:
    Oct 26, 2008
    Posts:
    49
    Location:
    Japan
    I got it now. So that's the reason why some application appear on these windows without user interaction and without an option to remove them (but to select/unselected them). Thanks for this one.

    Because I do not understand the difference/relation between EMAIL PROTECTION (Outlook branch) and EMAIL CLIENT (POP3 branch). Aren't they both doing the same job of filtering the application (outlook)?
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Oh I see, I've never used Outlook so I never bothered to inspect Outlook protection.

    Email Protection is two things:

    1. The Main Protection - POP3 scanning: Scanning the data whilst it's still being communicated for potential threats, this allows compatibility with all clients using POP3.

    2. Outlook Email Protection: An added bonus for Outlook with extra functions such as moving mail, scanning attachments (after they are downloaded), and converting mail to text for avoid any use of exploits.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    POP3 scanning is done by a tdi driver at a network level. Plugins allow for scanning email in supported clients regardless of the protocol used.
     
  9. admsupport

    admsupport Registered Member

    Joined:
    Oct 26, 2008
    Posts:
    49
    Location:
    Japan
    Thanks to all of you for your time and clarification. It's clear now :thumb:
     
Thread Status:
Not open for further replies.