- Emsisoft Support Forums
- → Most Liked Content
Most Liked Content
Posted by Fabian Wosar on 17 April 2014 - 05:21 PM
False positives didn't change compared to last year at all actually. We just had a lot of catching up to do. The false positive test set AVC compiled contains files, that even VT hasn't seen yet (which is quite an accomplishment) and that aren't even available online any longer. If you throw a product into that test for the very first time, it is bound to have higher false positives than other products who had the chance to scan earlier revisions of the collection before. That is a fact that AVC itself recognizes and is the reason why the false positive results for our product included a disclaimer.
Great to see that FPs are decreasing.....
They are simply too expensive and don't reach nearly as many people as AVC does. We may take part in those tests eventually, but in the end it comes down to either take part in this one test that most magazines don't really care about, or hire a new full time employee for a year.
My question is - why Emsisoft does not participate in these tests
CRDF is unreliable. The way it works is, that they query VT to see if they have seen a file before and if so, get the last scan results.
It is no longer so good and colorful.
Whom to believe? Can do your own individual tests and see your scores?
I would recommend it just to do ....
The problem with that approach is, that malware or files that have never been seen on VT, won't be included in the results, because CRDF does not submit any files to VT. One could argue that those are the most interesting ones as they are more likely to be new malware.
If files have been submitted before, no rescan is issued. That means, the scan results they use for the statistics can potentially be days or even weeks old.
Their sample set also contains a ton of PUPs. I can't talk for other companies, but we specifically asked VirusTotal not to enable the PUP detection. It just saves us a ton of hassle having to deal with PUP companies all day, as most of them just check if their crap is detected on VT. Out of curiosity I downloaded their samples for February and March a few weeks ago (12,756 files in total, 1,270 of which aren't PE EXE files) and just judging by the digital certificates and version info alone at least 6,800 of the remaining 11,486 executable files are PUPs.
We talked to CRDF in the past, to maybe provide some more details in their statistic, but in their opinion these statistics shouldn't be used by anyone, so they have no intention to fix them.
Posted by Роман on 09 July 2013 - 01:38 PM
Здравствуйте! Всем известно, что данный продукт не умеет лечить.. А ставиться на чистую систему, для того, чтобы предотвратить её заражение. И с этой задачей продукт справляется на все 100%. Очень жаль, что Вы разочаровались в данном продукте.. Однако по своей архитектуре, по качеству обнаружения новых угроз и т.д этот продукт занимает нишу одного из лучших вендоров! За все время использования Эмсика, а это уже более 3х лет, я ни разу не пожалел о его приобретении. Верьте в себя и в свой антивирусный продукт! Всего Вам хорошего!
Posted by Fabian Wosar on 15 February 2013 - 02:34 PM
You can't both ask a user about everything and not asking him and figuring it out internally on your own at the same time. You can install two different products (one HIPS, one behavior blocker) at the same time, but the only thing you achieve will be that you have to allow things twice. So either go with a HIPS or with a behavior blocker. But not both.
Posted by Christian Mairoll on 30 January 2013 - 08:10 AM
- Decreased the required init time for online updates.
- Improved license key handling and added support for Windows 2012 Server.
- Internal modifications of update system (closing GUI doesn’t break updates anymore).
- Problems in scheduler calculations used to evaluate the start time of auto-update and scheduled scans – fixed.
- Crash during scans in Security Setup Wizard – fixed.
- Several GUI fixes in freeware mode.
- Software/server communication issue – fixed.
- Improved restoration of modified registry values during cleaning.
- Problem with multiple reloading of signatures after online update – fixed.
- Crash when database location is changed – fixed.
- Scanned objects counter shows wrong number in Commandline Scanner – fixed.
- Added security measures to prevent a settings reset in case of a crash.
- Several minor bugfixes in Outlook plugins.
- Fixed a compatibility issue with the Surf Protection and Internet Explorer 10.
- Improved integrity check for settings file to avoid losing settings.
- Minor bugfixes.
- Bug in settings store system fixed.
- Changes to the help output of the Commandline Scanner.
- Changes to the quarantine submit system.
- Quarantine rescan on updates problem fixed.
- Bug when exporting custom host rules fixed.
- Wrong behavior of alert window when retrieving data from the anti-malware network fixed.
Emsisoft Anti-Malware includes 27 language-packs: English, German, French, Russian, Italian, Dutch, Arabic, Bulgarian, Catalan, Chinese Traditional, Chinese Simplified, Croatian, Czech, Finnish, Greek, Hungarian, Japanese, Persian, Polish, Portuguese, Serbian, Slovenian, Spanish, Swedish, Turkish, Ukrainian, Vietnamese.
- Emsisoft Anti-Malware 126.96.36.199 released!
- Emsisoft Anti-Malware 188.8.131.52 released!
- Emsisoft Emergency Kit 184.108.40.206 released!
- Emsisoft Online Armor 220.127.116.116 released!
- Beta updates – 2012-11-11
Posted by Fabian Wosar on 29 August 2012 - 10:46 AM
This isn't really an issue in our case as we only use the Bitdefender scan engine and signatures and added all our improvements like anti-rootkit technology, behavior blocking, the Emsisoft scan engine etc. on top of it. So even if malware authors patch Bitdefender detections, it doesn't mean one of our other detection layers won't catch it.
I am not happy to see yet another company using Bitdefender, get´s easier for virus writer out there to bypass more and more products as so many are using Bitdefender.
To get an idea on how efficient our added technology actually is just take a look here:
Posted by Adam R. on 30 June 2012 - 12:27 PM
Teoretycznie, tłumaczenie EAM należy do zupełnie innej osoby (w pliku językowym na końcu powinna znaleźć się nota zawierająca imię, nazwisko i email) i to ona za to odpowiada.
Kilka razy poprawiałem już ten plik językowy (np. do wersji 6 i 6.5), ale wygląda na to że EAM potrzebuje pełnej rekonstrukcji polskiego pliku językowego.
Jest wyraźnie zalecenie Emsisoftu by sprawdzać plik językowy raz w miesiącu w poszukiwaniu brakujących wpisów. Skoro poprzedni tłumacz nie wyraża chęci aktualizacji pliku (kilka razy zwracałem mu uwagę), trzeba będzie wziąć sprawy w swoje ręce.
Dzięki za zwrócenie uwagi .
BTW: i tak Online Armor ma priorytet, więc poprawki do EAM mogą być wydane dość późno.
//Dodane: nowy plik językowy pojawi się w kanale aktualizacji w ciągu kilku następnych dni. Zmienione zostaną takie elementy jak: kreator konfiguracji, okno główne, sekcja konfiguracji oraz okno o programie. Plik językowy zostanie oczyszczony i "przemodelowany".
Posted by Vspyshkin on 01 May 2012 - 08:31 AM
Posted by AaLF on 22 December 2011 - 06:07 AM
To me the Anti-malware title puts the product on the same level as MalwareBytes and has in the past stopped me from considering it.
Or even SuperAntiSpyware or Ad Aware. It's not about 'what is the correct term'. Its about connecting with the buying public. Their ears and eyes are tuned to the words 'Anti-virus' and their reasoning is 'anti-malware' is a side-issue.
Posted by Illuminati on 19 October 2011 - 03:42 AM
Posted by Lynx on 15 November 2009 - 03:21 AM
First, instead of just shutting down whole Guard try separately disabling “onExecution Scan” scan only and then “Malware-IDS” only.
The reason for testing “onExecution” being disabled, despite that is a long shot:
In the past there were reports that opening large media files of certain type by double-clicking will cause scanning the media too with substantial delay.
But when I asked the user to test invoking the the Player 1st and after that opening the media file - that worked perfectly fast.
You answered already that “opening from inside” doesn't help. Still please test disabling “onExecution”.
Nobody insisting on deeper investigation, that's your choice but “cutting off net connection” is not all. That may not be the case, but if you are testing that - there are ways to check whether there still are attempts to “connect” if suspected...
Just out curiosity for testing you may try different free notepad.
Set association with .TXT and observe its behaviour
Here is one of the lists of Notepad Alternatives
Those have many additional features, most of them, if not all are multi-document.
You may not need all that, but that's just for testing or use it if that's working fine & fast.
You always can go back when & if the cause of the main problem was found.
Notepad ++ can be installed as Portable Application, so you don't mess with the Registry (just delete the folder later and that's all)
That's interesting and innovative method to solve “small problem” by getting new laptop and OS (we all should try that )
Just a reminder.
Since I mentioned temporary shutting down ThreadFire (TF) in order to test – if you will uninstall A-M from old PC in order to reinstall on a new system, you can save/leave TF, otherwise I would suggest not using it alongside with A-M.
P.S. 1) after having the morning coffee I looked back to the image you provided.
It is not the best quality, but most importantly that is the overall view
What was asked to look at is – drill deeper into Applications, etc. and see whether there are events at the time of running Notepad.
2) I had no time yet to find your uncle
Posted by Lynx on 14 November 2009 - 05:10 PM
Wow! That would be small thing to forget "ThreatFire"... you mean (?)
Show hidden icons revealed ThredFire
my bad, I clean forgot its existence...
And?... Please tell if you found the cause related to that.
====== most likely redundant info below
Anyway since I prepared some after reading your previous reply I will post it ... even if nothing applies it may help in other situations
I am not sure I can see how that related to A-M at the moment from the description, except you are saying that disabling the guard helps.
I am not using Vista but I hope that H_D may help to provide Properties info for the standard Notepad and you can do the same.
a side note: that may not relate but still … If you search out there there are reports for Vista slow file opening (notepad included) but as I briefly noticed that was in time of SP1
Any reasons that you are still using SP1 but not SP2?
You didn't answer the question about the size of files you are opening and whether that matters?
Can you try to open any other file with Notepad like .log/ .ini. Will you experience the same effect?
Are you using any add-ons / typing enhancements for Notepad?
Well, again not really A-M related but there are several things that improve file opening and in Notepad in particular:
- try to uncheck Word Wrapping – that really reduces opening time, but for big files.
- In Explorer / File Options / View Tab find and uncheck "automaticaly search for network folders and printers "
Have you ever connected this PC to the LAN?
There is a weird thing: when you do the above some associations for opening files can be changed for network names “\\” in the Registry and another interesting article comes to mind (but I cannot find it right now) programs' network rules could be set that they are accessing particular IP addresses
and when PC is disconnected that is still happening until that times out. Therefore, there is a delay that could be around 30 seconds before the file opens normally.
You may check if there are network activities when you are opening files with Notepad.
Any logged events in the System/Application Event viewer at the moments when you are using Notepad?
You can clean IDS Log and check what is logged there as well at that time.
Not much help and no more ideas at this point.
Posted by Fabian Wosar on 07 April 2014 - 01:17 PM