All Activity

This stream auto-updates     

  1. Past hour
  2. Behavioral detection (that is detection based entirely on an unknown program's behavior rather than static or heuristic signatures in a database) is governed by a series of rules that are stored locally, and supplemented by a cloud network that uses multiple sources of data to try to reduce false positives and increase quality of detections. EAM also uses traditional Anti-Virus technology where a local threat database with static and heuristic signatures is kept for the purposes of real-time and on-demand scanning of files and programs. This database is updated periodically (once every hour by default) to ensure detection of the latest threats. Partially. We use two Anti-Virus engines (one made by us, and one made by BitDefender) and each has its own database. If you mean the software (Emsisoft Anti-Malware, aka. "EAM") then it relies mostly on its Anti-Virus engines and database of signatures, as well as the Web Protection. The Behavior Blocker is there to stop the small percentage of threats that aren't stopped by the other protection mechanisms, sort of like a last line of defense.
  3. The Behavior Blocker is capable of producing a significant number of notifications in rapid succession. They have to be contained to prevent blocking too much screen real estate, otherwise they become too much of a nuisance. Currently we handle that by only allowing a single notification on the screen at a time. Also, in this case, as soon as EAM receives information from our servers about the process being queried, the notification that it's looking up the reputation becomes irrelevant since EAM is done doing that and is ready to tell you what it found. That's why the notification changes immediately instead of waiting for its normal timeout period. This was the result:
  4. It could be related to the new version of Sciter (the framework we use to build EAM's UI) we updated to in EAM 2020.6. When we do that, there's always the possibility of new UI related bugs, and the content of the notifications is displayed using Sciter just like everything else in the UI. My assumption would be that it probably isn't, however we haven't tested this recently so I can't know for certain. If you turn it off and restart the computer, does that have any effect on the issue?
  5. Today
  6. Logs from the stable version are unfortunately not going to tell us anything new (we already have those logs from our own systems that are experiencing this), and we've moved beyond the current stable version in our own testing. Obviously we appreciate the offer to assist us, but right now we need to focus on getting debug information from special testing builds of EAM, and that will go faster if we do it internally as employees with effected workstations can communicate directly with QA and the developers and send them debug info right away when there's need to.
  7. Hmm, lesson learned, for me, not to assume. Had I not read this thread. I would have gone on assuming Emsisoft AM Home is akin to most (to my understanding) device security solutions. So, the optional Antimalware Network is an opinion added to automated detection decision flow. Or, an opinion offered to user for manual detection decision flow. To confirm my now understanding. Analysis occurs locally. Analysis is primarily based on local database using local engines, using local resources with an optional Network (cloud) opinion (somehow) factored in. And the local database is 3rd party? Does Emsisoft detection analysis flow rely, perhaps, more from behavior - heuristic engines. Are there generalities that suggest Emsisoft AM Home detection analysis flow is more or less signature based vs behavior - heuristic - reputation based. Again, not sure why I just assumed that the heavy lifting was not done locally...any more. I assumed the evolution of all security solutions had moved their heavy lifting to the cloud. Just me. Thank you.
  8. Yesterday
  9. What I see when I watch the video carefully is: First you run "Pubg_Lite Cheat.exe". That gets an alert (presumably from File Guard) which says gets alert Trojan C:\hostwin\runtimereview.exe and it says that that was detected and quarantined. It's not clear to me how that relates to what happens next, which is that the BB says "suspicious behaviour" in C:\hostwin\d8Ct...........bat & Verifying with AMN Then there's a pane that says "Suspicious behaviour detected and stopped" C:\hostwin\d8Ct...........bat Program will be quarantined in 9s OK Wait, I think it is safe For some reason you expect to see a pane telling you what the result of the AMN lookup was? But in Advanced Settings you have: YES Look up reputation NO Automatically allow programs with good reputation YES Automatically quarantine programs with bad reputation (You need the " YES Look up reputation" set for the lookup to happen, ... and we know it did happen because you got "Verifying with AMN" earlier.) The AMN clearly thinks the file is bad, so YES Automatically quarantine programs with bad reputation applies. So you get the pane telling you ("Program will be quarantined in 9s") that the file is about to be quarantined. What did you expect that is different?
  10. the problem sounds fixed now i didn't reproduce since last week and i just checked it again, i can see the result of verifying with AM Network now not sure what was the problem however
  11. i could see that too, my problem is that i did not see the "result" of that verifying status with Anti-Malware Network. i just saw that it's checking. but in the screenshot that Arthur provided, we can actually see the result of that verifying thats the point of the whole thing right? user see that if file is SAFE or not by Anti-Malware Network so he/she can like decide that if BB blocking the file is false positive or something..
  12. > i'm sure my Internet connection is not faster than yours considering you was able to see the result of the action The speed of Arthur's internet connection is not relevant. He (and I, and anyone else) can see the sequence of notifications /in the video/ by stopping it at the 46-second point then clicking to move the "current point" back and forth on the video timeline. In real time (as it happened for you) it's probably impossible to see that sequence but the video frame-by-frame sequence makes it possible. @GT500 - it would be sensible if the notification display logic were changed. Although a user can choose where on the screen a notification will be displayed, that preference should only apply if there is no other notification already displayed. If multiple ones are needed they should not completely overlay previous ones.
  13. i'm sure my Internet connection is not faster than yours considering you was able to see the result of the action and again considering i'm from Iran and the Average of Internet connection speed is about 2Mbit/s here so it is definitely not because my connection speed is fast enough, cause if mine is fast enough then yours is faster for sure and yet you was able to see the thing you know.. hope you get my point. why we should not consider the reason might be that my system could not connect to Emsisoft Anti-Malware Network( it's not this cause i've had malwares blocked by AM Network )? or something went wrong i don't know
  14. No key for New Variant online ID: bg7XrZsXKgUI2WomLV1WoFkE1bugAlUCjnNJBcfj Notice: this ID appears to be an online ID, decryption is impossible its a .pezi stop djvu ransomeware....emisoft please do something...
  15. Hello, Dear GT500, May I kindly ask is there any hope for the future? I mean, are you guys working for any solution please :( and yes I am desperate... I hope this hacker gets cancer and die in pain!
  16. > So only when you enable debuglogging and send us the logs, we can analyse CPU load. But you've not asked for any more logs... Do you want mine from (most of) the last two days?
  17. my all files virus afected(.dewar) Please convert orginalfiles(xlsx)الدمام E C B.xlsx.id[94CEDF43-2754].[[email protected]].dewar
  18. is STOPdjvu virus the first virus to use an online key encryption ? if any other ransomware used the online key encryption then, did someone even find a way to decrypt those files? also how long do we have to wait in order to decrypt our files?
  19. Thanks for all your feedback. We can replicate and are working on this issue to get this resolved asap. This just takes time as its not an easy one and we have to analyse step by step. New logs are not required. Workaround: disable selfprotection and kill process a2start. a2start is just the UI and it will load again when you click on the Emsisoft Icon in the icon tray. Additionally: We added CPU load info to debug logging. So only when you enable debuglogging and send us the logs, we can analyse CPU load.
  20. @GT500 said a while back (mid-May) that they could reproduce the problem. It's interesting that the new release apparently contains some code intended to try to colelct data about what;s going on... but if it does, how is that info meant to get back to the developers? Is EAM "phoning home"? Are there enough developers all running that code that they can see whatever it collects themselves?
  21. Have you sent them any logs regarding the issue like I did above? I know that the more people that have the same issue and the more logs they can get from said users will probably help speed up the possibility of an update that fixes the problem.
  22. @bjm_ - No, it's not "cloud-based". Signatures are held on the local pc but are normally updated frequently, typically every hour. When something that might be malware is analysed, there's an optional check made of knowledge on an online server (the Antimalware Network). Users can choose if that will be done and whether or not they want the server's opinion to be displayed or immediately acted on. There's also an optional browser extension that uses an online server to judge whether specific pages of certain websites are dangerous.
  23. I am not here to compare any to any brand just i am looking for best for myself so my client's data in cloud be safe. I was so close to purchase it for all my cloud servers just before that i wanted to watch it on overall performance. I totally agree to all the points that we have highlighted here that any of the Protection services should not be terminated, however we are looking at the more logical point that if in case someone from any user / auto-script or something which tries to eliminate the task, the error shall appear not that the processing power goes to 99% where all users are affected. It should just deny the request which i think could be more sensible rather taking 99% of CPU. Well windows defender is part of Win 2016 Server, and I did not manually made any changes, my installation process was pretty simple. Login.. Download ... Install. I will still check on it and if its active in case i will disable it from gp settings. In addition to this, I just checked one more thing that email notifications work like charm, however when agent is offline / down then there no alerts.
  24. Hallo, OK, das ist beruhigend. Dann geht es, hat einfach nur falsche Fehlermeldung. Gebe das weiter. Wird dann vielleicht in zukünftigen Update gefixt. Claude
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up