Mars

Banking mode not working

Recommended Posts

Hi,

I have Online Armor Premium ver: 5.5.0.1557. Windows 7 64-bit Service pack 1. Emisoft Anit-Malware ver: 6.0.0.57. Browser IE9

Banking mode used to work for me but not now. When I put Online Armor into banking mode. It takes a few seconds to change modes (including the icon in the system tray). It was always instantaneously. When I open up IE9 it goes straight to my homepage Bing or any other non-bank website. It used to block everything and only allow my bank website. I tried putting my bank website in the domains screen and learning it from there while in advanced mode. But it still allows non-bank websites to open when in banking mode. Not sure whant changed to cause this.

Share this post


Link to post
Share on other sites

@Mars, has your original problem resolved itself now then?

Thats because those two domains are hard coded and allowed even in banking mode. I woke to this very recently. I don't know the logic (and it defeats a very big part of banking mode security, IMHO).

See this http://support.emsis...dpost__p__45029

The logic was actually explained in the post you referenced. To quote from it:

Certain domains such as Microsoft and Emsisoft's domains are always accessible. It's critical that people don't accidently block Microsoft and be unable to receive Windows Updates and Emsisoft domains are always allowed to ensure that it's not possible for customers to accidently block them and be unable to receive support due to this.

The purpose of Banking Mode is to ensure that you aren't tricked into visiting a fraudulent website designed to steal your login information. Microsoft and Emsisoft's sites are not fraudulent websites looking to steal your banking details.

Share this post


Link to post
Share on other sites

Microsoft and Emsisoft's sites are not fraudulent websites looking to steal your banking details.

I didn't mean that at all, but yes if updates are the reason, then only updates.emsisoft.com and a few more (if you gather domain names for checking etc) and windowsupdate domains should be allowed, and not the entire Emsisof and MS domain. MS has come under attack quite a few times including loss of confidential data (customer details and financial details). Hence I, as an user would love to get a choice to block all domains during my banking transactions (may be except emsisoft updates, but then why not even that for the 10 mins of my secure banking).

Share this post


Link to post
Share on other sites

cat princess I can see your point.. But I have to agree with mundail. banking mode should only allow the trusted bank domains (that I select preferably).. thats the point of it. Need to be confident when in banking mode only the bank websites are accessible surely there is a work around if emisoft is worried about people leaving their status in banking mode and not getting crucial updates. If this is not possible emisoft should be telling users of this case. I didn't see any mention of hard coded domains that are allowed in the help section.

Share this post


Link to post
Share on other sites

It's worked this way for many years now, even before Emsisoft owned OA. I doubt any product help file covers absolutely everything but it was never a secret and was well known on the old forums and spoken about by the previous owner.

Please feel free to post your comments and suggestions about how this feature works, in this section http://support.emsisoft.com/forum/50-feedback-comments-and-suggestions/ Since it works this way by design, it isn't really a customer support issue, but is quite appropriate to discuss in the Feedback section :)

Share this post


Link to post
Share on other sites

It's worked this way for many years now, even before Emsisoft owned OA.

At one time it was only possible to access the specific bank in the days of Emu. When did that change and why, with the exceptions noted above.

In banking mode I can now access email addresses at Yahoo, Hotmail and Gmail. Surely this should not be possible, especially with the dubious security reputations of these places.

Share this post


Link to post
Share on other sites

At one time it was only possible to access the specific bank in the days of Emu. When did that change and why, with the exceptions noted above.

In banking mode I can now access email addresses at Yahoo, Hotmail and Gmail. Surely this should not be possible, especially with the dubious security reputations of these places.

I'm not sure what bank you are referring to. As long as I have known OA there has always been an internal list of Trusted domains (maintained by Tall Emu and now Emsisoft) which are accessible in Banking Mode. It mentions this here http://www.emsisoft.com/en/info/oa/KF-Banking.shtml and this has also been in the help file for as long as I've known OA. You can choose "Ignore Online Armor domains list" if you don't want to use them.

None of the domains you listed are accessible here in Banking Mode. If your AV uses a proxy and you've excluded this AV in OA, this behaviour would be expected as mentioned in the known issues thread. If that isn't the case for you, please feel free to start your own thread so your particular issue can be investigated further. .

Share this post


Link to post
Share on other sites

I'm not sure what bank you are referring to.  As long as I have known OA there has always been an internal list of Trusted domains (maintained by Tall Emu and now Emsisoft) which are accessible in Banking Mode.  

Is this list publicly available?

Share this post


Link to post
Share on other sites

The one thing I don't like about it is even if you tick "Ignore Online Armor Domains List," certain domains will still be allowed. Or am I misunderstanding that function?

Share this post


Link to post
Share on other sites

Thanks CP. I understand the reason for hardcoding those sites. I wonder what that checkbox means exactly then?

Not all domains on the internal list are hardcoded. Fabian has just posted there the ones that are hardcoded and can't be ignored.

Share this post


Link to post
Share on other sites

Not all domains on the internal list are hardcoded. Fabian has just posted there the ones that are hardcoded and can't be ignored.

Ah. I misunderstood. Thanks again for your help!

Share this post


Link to post
Share on other sites

Are these hard coded "allow sites", allowed in advance mode even if "allow trusted programs to connect" is unchecked?

Share this post


Link to post
Share on other sites

Are these hard coded "allow sites", allowed in advance mode even if "allow trusted programs to connect" is unchecked?

They are allowed in all modes (please see Fabian's two posts in this thread for the hardcoded list and the reasons it's necessary http://support.emsisoft.com/topic/7576-banking-mode/). This has no relation to the setting "Automatically alllow trusted programs to access the internet" as the Domain's list has nothing to do with individual programs.

Share this post


Link to post
Share on other sites

This thread will now be closed as the OP's original enquiry has been satisified. If anyone else has further questions or problems, please feel free to start your own thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.