Jump to content


Most Liked Content


#46011 Automatic game/full screen mode...

Posted by Fabian Wosar on 09 March 2012 - 11:24 PM

This feature has already been implemented in the current development version and will be available in the next version :).


#108153 AV-Comparatives Real-World Protection Test March 2014

Posted by Fabian Wosar on 17 April 2014 - 05:21 PM

Great to see that FPs are decreasing.....

False positives didn't change compared to last year at all actually. We just had a lot of catching up to do. The false positive test set AVC compiled contains files, that even VT hasn't seen yet (which is quite an accomplishment) and that aren't even available online any longer. If you throw a product into that test for the very first time, it is bound to have higher false positives than other products who had the chance to scan earlier revisions of the collection before. That is a fact that AVC itself recognizes and is the reason why the false positive results for our product included a disclaimer.
 

My question is - why Emsisoft does not participate in these tests

They are simply too expensive and don't reach nearly as many people as AVC does. We may take part in those tests eventually, but in the end it comes down to either take part in this one test that most magazines don't really care about, or hire a new full time employee for a year.
 

It is no longer so good and colorful.
Whom to believe? Can do your own individual tests and see your scores?
I would recommend it just to do ....

CRDF is unreliable. The way it works is, that they query VT to see if they have seen a file before and if so, get the last scan results.

The problem with that approach is, that malware or files that have never been seen on VT, won't be included in the results, because CRDF does not submit any files to VT. One could argue that those are the most interesting ones as they are more likely to be new malware.

If files have been submitted before, no rescan is issued. That means, the scan results they use for the statistics can potentially be days or even weeks old.

Their sample set also contains a ton of PUPs. I can't talk for other companies, but we specifically asked VirusTotal not to enable the PUP detection. It just saves us a ton of hassle having to deal with PUP companies all day, as most of them just check if their crap is detected on VT. Out of curiosity I downloaded their samples for February and March a few weeks ago (12,756 files in total, 1,270 of which aren't PE EXE files) and just judging by the digital certificates and version info alone at least 6,800 of the remaining 11,486 executable files are PUPs.

We talked to CRDF in the past, to maybe provide some more details in their statistic, but in their opinion these statistics shouldn't be used by anyone, so they have no intention to fix them.


#83382 Tracefile.driverRobot

Posted by msmagootoo on 29 July 2013 - 04:08 AM

I was directed here for help. Can't delete the driver robot files.




#80951 Кнопка "Лечить"?.. Не, не слышал!

Posted by Роман on 09 July 2013 - 01:38 PM

Здравствуйте! Всем известно, что данный продукт не умеет лечить.. А ставиться на чистую систему, для того, чтобы предотвратить её заражение. И с этой задачей продукт справляется на все 100%. Очень жаль, что Вы разочаровались в данном продукте.. Однако по своей архитектуре, по качеству обнаружения новых угроз и т.д этот продукт занимает нишу одного из лучших вендоров! За все время использования Эмсика, а это уже более 3х лет, я ни разу не пожалел о его приобретении. Верьте в себя и в свой антивирусный продукт! Всего Вам хорошего!




#79603 Проблема с серверами?

Posted by Vspyshkin on 03 July 2013 - 07:34 AM

Эээ... Проблема в бетке 8.0.0.10 Убрал галочку с бетки и все базы обновились без проблем.




#67972 which types of security apps are covered ?

Posted by Fabian Wosar on 15 February 2013 - 02:34 PM

Online Armor covers all these applications except the "Behavior Blocker" part. Behavior blockers and HIPS in the same product are pretty much mutually exclusive. They essentially both refer to the same underlying technology. The only difference is the way decisions are made on whether or not to allow a certain action. A HIPS will ask the user, while a behavior blocker tries to figure everything out on its own. Given that it should be obvious why those modes are mutually exclusive and why running both at the same time makes little sense:

You can't both ask a user about everything and not asking him and figuring it out internally on your own at the same time. You can install two different products (one HIPS, one behavior blocker) at the same time, but the only thing you achieve will be that you have to allow things twice. So either go with a HIPS or with a behavior blocker. But not both.


#66836 Emsisoft Anti-Malware 7.0.0.17 released!

Posted by Christian Mairoll on 30 January 2013 - 08:10 AM

Emsisoft Anti-Malware 7.0.0.17 is a maintenance update for improved overall stability and performance:
  • Decreased the required init time for online updates.
  • Improved license key handling and added support for Windows 2012 Server.
  • Internal modifications of update system (closing GUI doesn’t break updates anymore).
  • Problems in scheduler calculations used to evaluate the start time of auto-update and scheduled scans – fixed.
  • Crash during scans in Security Setup Wizard – fixed.
  • Several GUI fixes in freeware mode.
  • Software/server communication issue – fixed.
  • Improved restoration of modified registry values during cleaning.
  • Problem with multiple reloading of signatures after online update – fixed.
  • Crash when database location is changed – fixed.
  • Scanned objects counter shows wrong number in Commandline Scanner – fixed.
  • Added security measures to prevent a settings reset in case of a crash.
  • Several minor bugfixes in Outlook plugins.
  • Fixed a compatibility issue with the Surf Protection and Internet Explorer 10.
  • Improved integrity check for settings file to avoid losing settings.
  • Minor bugfixes.
  • Bug in settings store system fixed.
  • Changes to the help output of the Commandline Scanner.
  • Changes to the quarantine submit system.
  • Quarantine rescan on updates problem fixed.
  • Bug when exporting custom host rules fixed.
  • Wrong behavior of alert window when retrieving data from the anti-malware network fixed.
All customers who own a valid Emsisoft Anti-Malware licence will receive the new version at no cost through online updates as usual. You can also download the installation file from our Emsisoft Anti-Malware product page and test it for 30 days at no cost and without any obligations. When the trial period ends, you still can use the software in freeware mode to scan and clean infections.
Emsisoft Anti-Malware includes 27 language-packs: English, German, French, Russian, Italian, Dutch, Arabic, Bulgarian, Catalan, Chinese Traditional, Chinese Simplified, Croatian, Czech, Finnish, Greek, Hungarian, Japanese, Persian, Polish, Portuguese, Serbian, Slovenian, Spanish, Swedish, Turkish, Ukrainian, Vietnamese.
 


Related Posts:View the full article


#64934 OA and virtualbox bridged connection

Posted by Christian Peters on 31 December 2012 - 02:53 PM

Hello,

 

please take a look in the Registryeditor for the key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt and remove it.

 

If you have any more questions or problems, just let me know.
 




#56853 EAM v7 Beta new engine

Posted by Fabian Wosar on 29 August 2012 - 10:46 AM

I am not happy to see yet another company using Bitdefender, get´s easier for virus writer out there to bypass more and more products as so many are using Bitdefender.

This isn't really an issue in our case as we only use the Bitdefender scan engine and signatures and added all our improvements like anti-rootkit technology, behavior blocking, the Emsisoft scan engine etc. on top of it. So even if malware authors patch Bitdefender detections, it doesn't mean one of our other detection layers won't catch it.

To get an idea on how efficient our added technology actually is just take a look here:
Posted Image


#53996 Тесты и обзоры

Posted by santamoroz on 22 July 2012 - 06:49 AM

II On-Demand тест от Santamoroza 2012 г.

Posted Image
Posted Image


#52543 Braki w tłumaczeniu

Posted by Adam R. on 30 June 2012 - 12:27 PM

Cześć,
Teoretycznie, tłumaczenie EAM należy do zupełnie innej osoby (w pliku językowym na końcu powinna znaleźć się nota zawierająca imię, nazwisko i email) i to ona za to odpowiada.
Kilka razy poprawiałem już ten plik językowy (np. do wersji 6 i 6.5), ale wygląda na to że EAM potrzebuje pełnej rekonstrukcji polskiego pliku językowego.

Jest wyraźnie zalecenie Emsisoftu by sprawdzać plik językowy raz w miesiącu w poszukiwaniu brakujących wpisów. Skoro poprzedni tłumacz nie wyraża chęci aktualizacji pliku (kilka razy zwracałem mu uwagę), trzeba będzie wziąć sprawy w swoje ręce.
Dzięki za zwrócenie uwagi :).

BTW: i tak Online Armor ma priorytet, więc poprawki do EAM mogą być wydane dość późno.


//Dodane: nowy plik językowy pojawi się w kanale aktualizacji w ciągu kilku następnych dni. Zmienione zostaną takie elementy jak: kreator konfiguracji, okno główne, sekcja konfiguracji oraz okno o programie. Plik językowy zostanie oczyszczony i "przemodelowany".


#49001 не работает Reidcall

Posted by Vspyshkin on 01 May 2012 - 08:31 AM

antidarckxxl, проблема может быть и не только в фаэрволе... Решение. Пропишите в файл hosts по пути C:\Windows\System32\drivers\etc вот эти строчки:

173.193.157.100 gateway.raidtalk.com
173.192.186.8 api.raidtalk.com
173.192.186.8 jabber.raidtalk.com
174.120.95.186 api2.raidtalk.com
174.120.95.186 upload.raidtalk.com
174.120.95.186 upload2.raidtalk.com


#48656 email scanning support

Posted by rc91 on 25 April 2012 - 10:43 PM

How about adding support for an email program other than Outlook (i.e. Windows Live Mail)?


#44353 Rootkit Trojan Can't be Automatically Removed

Posted by tckqbq on 14 February 2012 - 08:15 PM

Here are the reports.

Also, received error report that C:\$mft is corrupt


#44207 cloud av 2012

Posted by Joey on 12 February 2012 - 07:56 PM

I have the cloud 2012 virus, after a scan i found out that i have rootkits too. I have scanned with OTL but didnt get the extras.txt log.

Any help would be appreciated. Thanks


#40297 Your trade name is holding you back

Posted by AaLF on 22 December 2011 - 06:07 AM

To me the Anti-malware title puts the product on the same level as MalwareBytes and has in the past stopped me from considering it.


Or even SuperAntiSpyware or Ad Aware. It's not about 'what is the correct term'. Its about connecting with the buying public. Their ears and eyes are tuned to the words 'Anti-virus' and their reasoning is 'anti-malware' is a side-issue.


#35964 Тесты и обзоры

Posted by Illuminati on 19 October 2011 - 03:42 AM

MRG Effitas - авторитетная независимая организация ,занимающаяся исследованиями безопасности в интернете, которая сосредоточена на обеспечении эффективного сравнения, анализа образцов вредоносных программ, новых угроз и другой информации в этой сфере.Ниже приведены суммарные результаты вендоров по всем группам исследований с начала 2011 года.


#3093 a-squared Anti-Malware + txt file behaviour

Posted by Lynx on 15 November 2009 - 03:21 AM

Good morning, korben

First, instead of just shutting down whole Guard try separately disabling “onExecution Scan” scan only and then “Malware-IDS” only.

The reason for testing “onExecution” being disabled, despite that is a long shot:
In the past there were reports that opening large media files of certain type by double-clicking will cause scanning the media too with substantial delay.
But when I asked the user to test invoking the the Player 1st and after that opening the media file - that worked perfectly fast.
You answered already that “opening from inside” doesn't help. Still please test disabling “onExecution”.

=======

Nobody insisting on deeper investigation, that's your choice but “cutting off net connection” is not all. That may not be the case, but if you are testing that - there are ways to check whether there still are attempts to “connect” if suspected...

Just out curiosity for testing you may try different free notepad.
Set association with .TXT and observe its behaviour

Here is one of the lists of Notepad Alternatives
Those have many additional features, most of them, if not all are multi-document.
You may not need all that, but that's just for testing or use it if that's working fine & fast.
You always can go back when & if the cause of the main problem was found.
Notepad ++ can be installed as Portable Application, so you don't mess with the Registry (just delete the folder later and that's all)

That's interesting and innovative method to solve “small problem” by getting new laptop and OS (we all should try that :) )

Just a reminder.
Since I mentioned temporary shutting down ThreadFire (TF) in order to test – if you will uninstall A-M from old PC in order to reinstall on a new system, you can save/leave TF, otherwise I would suggest not using it alongside with A-M.

Cheers!

P.S. 1) after having the morning coffee I looked back to the image you provided.
It is not the best quality, but most importantly that is the overall view
What was asked to look at is – drill deeper into Applications, etc. and see whether there are events at the time of running Notepad.

2) I had no time yet to find your uncle :D


#3065 a-squared Anti-Malware + txt file behaviour

Posted by Lynx on 14 November 2009 - 05:10 PM

Show hidden icons revealed ThredFire
my bad, I clean forgot its existence...

Wow! :o That would be small thing to forget :rolleyes: "ThreatFire"... you mean (?)

And?... Please tell if you found the cause related to that.


====== most likely redundant info below :)
Anyway since I prepared some after reading your previous reply I will post it ... even if nothing applies it may help in other situations

=======
I am not sure I can see how that related to A-M at the moment from the description, except you are saying that disabling the guard helps.

I am not using Vista but I hope that H_D may help to provide Properties info for the standard Notepad and you can do the same.

a side note:
that may not relate but still … If you search out there there are reports for Vista slow file opening (notepad included) but as I briefly noticed that was in time of SP1
Any reasons that you are still using SP1 but not SP2?

You didn't answer the question about the size of files you are opening and whether that matters?

Can you try to open any other file with Notepad like .log/ .ini. Will you experience the same effect?

Are you using any add-ons / typing enhancements for Notepad?

Well, again not really A-M related but there are several things that improve file opening and in Notepad in particular:

- try to uncheck Word Wrapping – that really reduces opening time, but for big files.
- In Explorer / File Options / View Tab find and uncheck "automaticaly search for network folders and printers "

Have you ever connected this PC to the LAN?

There is a weird thing: when you do the above some associations for opening files can be changed for network names “\\” in the Registry and another interesting article comes to mind (but I cannot find it right now) programs' network rules could be set that they are accessing particular IP addresses
and when PC is disconnected that is still happening until that times out. Therefore, there is a delay that could be around 30 seconds before the file opens normally.
You may check if there are network activities when you are opening files with Notepad.

Any logged events in the System/Application Event viewer at the moments when you are using Notepad?
You can clean IDS Log and check what is logged there as well at that time.

Not much help and no more ideas at this point.

My regards


#106955 Proactive protection vs script(vbs+vbe)

Posted by Fabian Wosar on 07 April 2014 - 01:17 PM

In general the behavior blocker ignores most scripting hosts, as it is not possible to distinguish which actions are triggered by the script and which are triggered by the scripting host. The File Guard however does trigger when trying to execute the scripts you uploaded.