Web Proxy & Email Proxy in Cybersecurity for Mac 5.0.108.0

Discussion in 'Other ESET Home Products' started by Alec, Feb 27, 2013.

Thread Status:
Not open for further replies.
  1. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Today I upgraded my installation of ESET Cybersecurity for Mac to 5.0.108.0, and it appears that, in going from version 4 to version 5, ESET has added web and email proxy functionality. I actually do not like to have those proxies enabled, and I simply want to revert to the original antivirus-only functionality. I was, therefore, glad to see that ESET provided simple slider switches in the UI to disable "Web access and phishing protection" and "Email client protection". Unfortunately, if you do so, Cybersecurity will thereafter maintain an orange/red exclamation mark on the menubar icon and will prominently display warnings throughout the UI.

    Now, I appreciate ESET's interest in letting you know that in their view "Maximum protection is not ensured"; but if you are going to let users selectively disable the protections they feel are unnecessary, or which add unacceptable overhead or compatibility issues with their other installed software, then you need to also let them disable or minimize the alerts. I looked throughout the "Alerts and notifications" item and the "Interface" item (as well as nearly every other item) under Preferences, and none of them appear to allow you to override the messaging and menubar exclamation icon. And while a small red exclamation mark in the menubar might seem a small quibble, it is nevertheless highly distracting and verging on "false notification" when the user is expecting such an alert to only be prominent when the antivirus product detects an actual virus or malware item.

    Can you provide instructions to override the constant menubar alerting if the user consciously chose to disable web and email proxy functionality?

    Also, the following concern of mine arose after upgrading to version 5, although it may simply be a case of "ignorance is bliss" (while running version 4.x). The thing I have always valued about ESET's antivirus products -- in addition to malware detection rates, of course -- was their minimal resource impact on a PC/Mac in terms of number of processes, memory consumption, CPU utilization, etc. The alternative vendors were always known for a bloated footprint. I was somewhat surprised, then, when I ran the ESET "Running processes" tool and found all of the following:
    • esets_ctk
    • esets_daemon
    • esets_kac
    • esets_mac
    • esets_proxy
    • esets_gui
    • esets_esi

    I am presently thinking about uninstalling version 5, and returning to version 4 of Cybersecurity.
     
  2. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    This does indeed seem to be the case, as my "number of processes" concern seems somewhat unfounded. I did downgrade back to 4.1.86.4 due to the disabled-proxy / annoying UI issue; and I do indeed see many of the same processes under version 4 now that I am purposely looking for them:
    Code:
    Alecs-iMac:~ Alec$ ps -ax | grep eset
       87 ??         0:00.20 /Applications/.esets/Contents/MacOS/esets_ctl
      117 ??         0:01.38 /Applications/.esets/Contents/MacOS/esets_daemon
      153 ??         0:36.48 /Applications/.esets/Contents/MacOS/esets_daemon
      154 ??         0:00.09 /Applications/.esets/Contents/MacOS/esets_kac
      155 ??         0:00.10 /Applications/.esets/Contents/MacOS/esets_mac
      308 ??         0:00.56 /Applications/ESET Cybersecurity.app/Contents/MacOS/esets_gui 
      445 ttys000    0:00.00 grep eset
    Alecs-iMac:~ Alec$
    Although, there is no esets_proxy (as expected) nor esets_esi process in the prior version, so there is a little process bloat. :(
     
  3. polocanada

    polocanada Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    60
    I am surprised nobody else has responded. The reason we need selectively disable Web Access Scanner is because many non-browser applications connect through the common HTTP(s) ports 80 and 8080 not only browser.

    I have Little Snitch installed. When I get the ESETS_PROXY alert (Little Snitch) it doesn't tell me what application has triggered the connection attempt.

    Although it seems like Little Snitch (LS) doesn't provide enough information, it's not a problem with LS because it's ESETS_PROXY which is sitting on top and intercepting connection and then acting as the app requesting connection.

    So I am getting dozens of these connections every time I am restarting the system because many apps I have installed (e.g. DropBox, Startupizer etc..) are all connecting home, either checking for updates or simply doing it's job as they are supposed to (such as in case of DropBox).

    Because I don't want some of these applications to connect home, I am blocking them thorough LS. This worked perfectly fine until Eset 5 released which includes the proxy.

    With the proxy running, I don't know which of the connections are because of the running apps are connecting home and which of them are connections because of the browser.

    Browser needs LS to enable ESETS_PROXY to connect to all connections. If I enable that, all my other apps calling home will be doing just that and I have no way to weed things out.

    Alternative way than disabling the web access scanning would be adding EXCEPTIONS in the Web Protection to EXCLUDE certain applications from being redirected through ESETS_PROXY. This reduces security somewhat, but to a lesser extend than simply disabling the Web Protection feature altogether.

    Till this is fixed I am going probably back to Eset Cybersecurity version 4.
     
  4. polocanada

    polocanada Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    60
    I was playing with the settings little bit more and it seems I found a "work around";

    In the Web Protection settings you have following ports listed for HTTP:

    80, 8080, 3128

    Just delete the 2 most common ports 80 ad 8080 and leave the 3128.

    That should help. Now no longer LS popups, connections are allowed and no exclamation sign in menu warning you that your security has been compromised.

    Disclaimer:
    I haven't tested whether connections from Apps using 80 and 8080 which have a blocking rule in LS are now detected by LS but I would assume so. So it should be all fine as it was in Eset version 4.
     
  5. polocanada

    polocanada Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    60
    Going back to version 4.

    Well, well.. I decided to uninstall Eset Cyber security 5 and go back to previous version 4.

    The new v5 seems has a lot of unnecessary hulk and junk. While not bad - it's no longer sleek by my standards (10.6.8 Snow Leopard/ 2011 macbook).

    The worst thing is the virus definition updates don't work. I tried on 2 machines with different configurations and no success. The Eset beachball (how similar to the Mac version) is just swirling with no end.

    I did a clean uninstall and reinstall of Eset but didn't work either.

    Version 4 works perfect so I am just going to stick with that.
    I don't need to whole web security, parental controls
    Mail security would be great.
    Firewall - just leave what comes with Mac or if you want play with Wateroof.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Going back to version 4.

    It would be great if we could troubleshoot it further. If you contact customer care, they should provide you with a script collecting all information necessary for determining the cause of the issue.

    Only ESET CyberSecurity Pro includes Parental control and firewall. As for web protection, it's an additional protection layer as it can block access to scam or otherwise dangerous websites.
     
Thread Status:
Not open for further replies.