All Activity

This stream auto-updates     

  1. Today
  2. Hello! Exactly this is something new at EAM! Because BEFORE the EAM update (Sciter) (2020.6) - I had NO problems with the crash of a2guard.exe😒 Ok, I’ll try to turn off isolation and look at the crash problem. Then can you turn Core Isolation back on without harming the system? p.s. EAM has been working for me for a whole year (!) with Core Isolation turned on without crash problems. So, the reason, most likely, is not in this setting of Windows, but with a new element in EAM! Agree, this is a logical argument?
  3. when you suggested to check if there any other Anti-virus service active, that time I disabled the protection and then did a fresh install of EMSISOFT.
  4. Just run the decrypter. It will tell you your ID, whether it is online or offline, and whether or not your files can be decrypted.
  5. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  7. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  8. An "online key" refers to a pair of private and public keys that were generated by the ransomware's command and control server. Many ransomwares use this same strategy to ensure that victims can't get their hands on the private key in order to ensure that they can't decrypt their files for free or get help from anyone else. The only reason we use the terms "online" and "offline" in regards to the ID's and keys used by STOP/Djvu is due to the fact that the ransomware has a built-in ID and public key to be used for encrypting files when it can't connect to its command and control servers, which is why we refer to them as "offline".
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. Apparently it was suggested to QA already, and they've made a note of it.
  12. That reminds me, the Windows Security Center isn't installed on server editions of Windows by default, so Windows Defender may not be shutting off when Emsisoft Anti-Malware is installed and active. You may need to disable Windows Defender manually, or add an exclusion to Windows Defender for Emsisoft Anti-Malware's EXE files to prevent issues. I'll check with QA about that.
  13. Behavioral detection (that is detection based entirely on an unknown program's behavior rather than static or heuristic signatures in a database) is governed by a series of rules that are stored locally, and supplemented by a cloud network that uses multiple sources of data to try to reduce false positives and increase quality of detections. EAM also uses traditional Anti-Virus technology where a local threat database with static and heuristic signatures is kept for the purposes of real-time and on-demand scanning of files and programs. This database is updated periodically (once every hour by default) to ensure detection of the latest threats. Partially. We use two Anti-Virus engines (one made by us, and one made by BitDefender) and each has its own database. If you mean the software (Emsisoft Anti-Malware, aka. "EAM") then it relies mostly on its Anti-Virus engines and database of signatures, as well as the Web Protection. The Behavior Blocker is there to stop the small percentage of threats that aren't stopped by the other protection mechanisms, sort of like a last line of defense.
  14. thanks but ... Where should I look for the id that you said?
  15. The Behavior Blocker is capable of producing a significant number of notifications in rapid succession. They have to be contained to prevent blocking too much screen real estate, otherwise they become too much of a nuisance. Currently we handle that by only allowing a single notification on the screen at a time. Also, in this case, as soon as EAM receives information from our servers about the process being queried, the notification that it's looking up the reputation becomes irrelevant since EAM is done doing that and is ready to tell you what it found. That's why the notification changes immediately instead of waiting for its normal timeout period. This was the result:
  16. It could be related to the new version of Sciter (the framework we use to build EAM's UI) we updated to in EAM 2020.6. When we do that, there's always the possibility of new UI related bugs, and the content of the notifications is displayed using Sciter just like everything else in the UI. My assumption would be that it probably isn't, however we haven't tested this recently so I can't know for certain. If you turn it off and restart the computer, does that have any effect on the issue?
  17. Logs from the stable version are unfortunately not going to tell us anything new (we already have those logs from our own systems that are experiencing this), and we've moved beyond the current stable version in our own testing. Obviously we appreciate the offer to assist us, but right now we need to focus on getting debug information from special testing builds of EAM, and that will go faster if we do it internally as employees with effected workstations can communicate directly with QA and the developers and send them debug info right away when there's need to.
  18. Hmm, lesson learned, for me, not to assume. Had I not read this thread. I would have gone on assuming Emsisoft AM Home is akin to most (to my understanding) device security solutions. So, the optional Antimalware Network is an opinion added to automated detection decision flow. Or, an opinion offered to user for manual detection decision flow. To confirm my now understanding. Analysis occurs locally. Analysis is primarily based on local database using local engines, using local resources with an optional Network (cloud) opinion (somehow) factored in. And the local database is 3rd party? Does Emsisoft detection analysis flow rely, perhaps, more from behavior - heuristic engines. Are there generalities that suggest Emsisoft AM Home detection analysis flow is more or less signature based vs behavior - heuristic - reputation based. Again, not sure why I just assumed that the heavy lifting was not done locally...any more. I assumed the evolution of all security solutions had moved their heavy lifting to the cloud. Just me. Thank you.
  19. Yesterday
  20. What I see when I watch the video carefully is: First you run "Pubg_Lite Cheat.exe". That gets an alert (presumably from File Guard) which says gets alert Trojan C:\hostwin\runtimereview.exe and it says that that was detected and quarantined. It's not clear to me how that relates to what happens next, which is that the BB says "suspicious behaviour" in C:\hostwin\d8Ct...........bat & Verifying with AMN Then there's a pane that says "Suspicious behaviour detected and stopped" C:\hostwin\d8Ct...........bat Program will be quarantined in 9s OK Wait, I think it is safe For some reason you expect to see a pane telling you what the result of the AMN lookup was? But in Advanced Settings you have: YES Look up reputation NO Automatically allow programs with good reputation YES Automatically quarantine programs with bad reputation (You need the " YES Look up reputation" set for the lookup to happen, ... and we know it did happen because you got "Verifying with AMN" earlier.) The AMN clearly thinks the file is bad, so YES Automatically quarantine programs with bad reputation applies. So you get the pane telling you ("Program will be quarantined in 9s") that the file is about to be quarantined. What did you expect that is different?
  21. the problem sounds fixed now i didn't reproduce since last week and i just checked it again, i can see the result of verifying with AM Network now not sure what was the problem however
  22. i could see that too, my problem is that i did not see the "result" of that verifying status with Anti-Malware Network. i just saw that it's checking. but in the screenshot that Arthur provided, we can actually see the result of that verifying thats the point of the whole thing right? user see that if file is SAFE or not by Anti-Malware Network so he/she can like decide that if BB blocking the file is false positive or something..
  23. > i'm sure my Internet connection is not faster than yours considering you was able to see the result of the action The speed of Arthur's internet connection is not relevant. He (and I, and anyone else) can see the sequence of notifications /in the video/ by stopping it at the 46-second point then clicking to move the "current point" back and forth on the video timeline. In real time (as it happened for you) it's probably impossible to see that sequence but the video frame-by-frame sequence makes it possible. @GT500 - it would be sensible if the notification display logic were changed. Although a user can choose where on the screen a notification will be displayed, that preference should only apply if there is no other notification already displayed. If multiple ones are needed they should not completely overlay previous ones.
  24. i'm sure my Internet connection is not faster than yours considering you was able to see the result of the action and again considering i'm from Iran and the Average of Internet connection speed is about 2Mbit/s here so it is definitely not because my connection speed is fast enough, cause if mine is fast enough then yours is faster for sure and yet you was able to see the thing you know.. hope you get my point. why we should not consider the reason might be that my system could not connect to Emsisoft Anti-Malware Network( it's not this cause i've had malwares blocked by AM Network )? or something went wrong i don't know
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up