Leaderboard


Popular Content

Showing content with the highest reputation since 03/21/19 in all areas

  1. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  2. 1 point
    I just started playing around with the new "My Emsisoft Cloud Console". My first experiences have been quite positive. 🙂 Two little things that I would like to suggest for improvement: 1) I use only one policy for the whole network (i.e. workspace). This is why I delete all computer groups except "New Computers" (which cannot be deleted). I then set all required policy settings/options on the highest possible level, which is the "root" group called "Workspace". These settings are then of course inherited by the "New Computers" group (and possibly some other groups that I might add later). The problem is that whenever you re-visit the "Protection Policies" section by clicking in the navigation bar on the left hand side, the view defaults to the "New Computers" group. So if I'm not very careful, I'll change settings in this group instead of the root group "Workspace". It would be nice if the selection could default to "Workspace" whenever you re-visit the Protection Policies section. 2) Using the Enterprise Console, it was easy to see at a glance if the settings on some client PCs deviated from the original policy setting (the overview in EEC then shows a little round arrow next to the policy name in the "Computer Policy" column). In the cloud console, you must have a detailed look at the settings of each client PC to see if there is anything different to the original policy. It would be very helpful to be able to see policy vs. current client settings differences directly on the overview dashboard. (please bring back the round arrow 😉) Furthermore, there are some minor cosmetic issues: - When clicking on the menu of the root protection group "Workspace", the menu item "Clone" is not greyed out. It is clickable, but (as expected) nothing happens. It should be greyed out like the rest of this group's menu items. - Some German translations don't fit into the UI (mostly on buttons) - When using browser zoom (I use 120% by default) some lines around some UI fields get cut off And two final questions: - I was wondering what the setting "Detect registry policy settings" in the Scanner Settings section does (see attached screenshot). -Why does my license vanish from the "Licenses --> Personal Licenses" section after assigning it to a workspace ? Is this by design? This seems confusing to me... What happens if I delete a workspace - will the license be returned to the "Personal Licenses" section? What about client PCs that are NOT associated with the workspace - will they have licensing problems (I don't want to add all my PCs to the workspace)? Thanks for the great job so far! Raynor
  3. 1 point
    Hi @Marshall, Glad it worked for you, Take care, Steen
  4. 1 point
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  5. 1 point
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  6. 1 point
    mahmo In this case, we only help the victims who were attacked by this Ransomware and simplify data collection to Michael (dev STOPDecrypter). Now STOP Ransomware is the most active malware and crypto-ransomware. Masshtab of spread - for all countries.
  7. 1 point
    Hello, Here are some example files Let me know if you need something more.
  8. 1 point
    STOPDecrypter lists the MAC of every network adapter. Since the average user doesn't know how to find the MAC address of their network adapters, let alone what a MAC address even is, it's best for them to run STOPDecrypter. As for the possibility of running it on the wrong computer, I have added a couple of lines to the instructions I wrote covering that and pointing to the FAQ. Перевод предоставлен Google. STOPDecrypter перечисляет MAC-адрес каждого сетевого адаптера. Поскольку рядовой пользователь не знает, как найти MAC-адрес своих сетевых адаптеров, не говоря уже о том, что такое MAC-адрес, для них лучше всего запустить STOPDecrypter. Что касается возможности запуска его на неправильном компьютере, я добавил пару строк в написанные мной инструкции, охватывающие это и указывающие на FAQ.
  9. 1 point
    I have forwarded your ID and MAC to the creator of STOPDecrypter. Either he or myself will contact you if he is able to figure out your decryption key.
  10. 1 point
    There is something more interesting on the encrypted files: The encryption speed seems to depend on the number of files; not on the size of the file. A very large file is ‘encrypted’ with the same speed a very small file. On average I calculated a speed of about 13 files a second. More analyzing shows to my first impression that only the first 64kB of each file is encrypted. This does however not mean that smaller files cannot be encrypted as well. What I further think is that encryption is done in blocks of 128 bit and when the filesize does not match the remaining few bytes are left as is, keeping the filesize unchanged
  11. 1 point
    You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link: https://kb.gt500.org/stopdecrypter
  12. 1 point
    Ok. Thank to H6T9, balumka13 In short: your files were encrypted by Scarab-Gefest Ransomware, from the Scarab family. No free decoder. You can get the private decryption that DrWeb and ESET do if they have an encoder file. Request for decryption 1) DrWeb makes a free test-decryption, used only encrypted files, registry files and a ransom note file. Link. If they can decrypt, then they offer to first buy a 'Rescue Package' with DrWeb Security Space for 2 years, then give a decoder for the encrypted files. And user will under their protection for 2 years. For users from Russia, the package price is 5299 rubles, and for foreigners - 150 € (euro). The service without the rescue package of Dr.Web is not available. 2) ESET first offers to buy their commercial antivirus, and then make a test-decryption. Link. Recently I told how to make a request in ESET, if you're interested, see the link on the BleepingComputer forum. Starting with post # 554. I have nothing to do with them and can’t influence their prices. I also believe that it was possible to make this service cheaper, if the user gets support for the first time. Later he would still buy protection if she would provide real security for a year. If details Ransomware are interesting: What is this Scarab, I realized immediately when I carefully looked at the results of ID-Ransomware. But extortionists often confuse traces: they take the name of someone else's note, the text of the ransom, imitate the ID and so on. I talked about the fifth element, in fact there are more of them and they came together before I saw the note itself. It was also clear to me exactly which version of the Scarab and which group is currently engaged in this variant. The hint is the BM-address from the note. Previously, the same people spread Hermes, then another and Scarab. Then Hermes was sold and the actors went to other projects. When the basic encryptor of Scarab was updated last year, many extortionists switched to using it. I wrote about some, who switched to the Scarab and came from other projects. The Scarab Ransomware-project employs many groups from different countries, they work in groups and individually.
  13. 1 point
    If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  14. 1 point
    This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  15. 1 point
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  16. 1 point
    Hi Raynor, We currently don't have concrete plans to end Emsisoft Enterprise Console. If we ever come to that point, we would make an announcement at least one year in advance to provide planning safety for our customers. 1) Local update caching will become available later. 2) We have no plans to offer a profiles migration path, for now. Re-connecting existing devices from EEC to ECC will become an easy procedure and can be automated. We are working hard to add new features to Emsisoft Cloud Console. Feel free to start testing it and see how stable it is. You can connect existing Emsisoft installs manually as of version 2019.3. Thanks
  17. 1 point
    The Behavior Blocker in Emsisoft Anti-Malware does do cloud lookups on unknown applications that are exhibiting potentially malicious behavior. This is primarily used for determining if an application is known as safe, as a form of whitelisting, however there are malicious programs that are detected through cloud lookups as well. The reason we don't rely heavily on cloud lookups for detection is simply due to the fact that the Behavior Blocker will block/quarantine any unknown applications that exhibit potentially malicious behavior, so it will generally take care of infections on its own, and only needs help with identifying safe applications so that its less likely to block/quarantine them along with malicious applications.
  18. 1 point
    OK. Let us know if you're able to recover anything, that way we know whether or not to continue recommending trying file recovery software.
  19. 1 point
    The cheapest option for you would be the 3-PC license key, even if you only have 2 computers. You're not required to have a 3-PC license key though, so if you prefer to buy two 1-PC license keys (one for each computer) then feel free to do so, however note that the total cost of doing so is usually more than a 3-PC license key.
  20. 1 point
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  21. 1 point
    Hi Gawg Thanks for your comments. I'll try a reboot first when future problems arise.
  22. 1 point
    More than likely 3DMark's software has an issue with the kind of hooks Emsisoft Anti-Malware opens to monitor it. This is something that they will have to fix, as it's a bug in their software.
  23. 1 point
    I should add: I have notes which suggest the remap (recalculation of a machine key based on its connected hardware) can happen up to 5 times per day before you have a problem. You can temporarily get around this by limiting EAM's update frequency to "every 6 hours" which means it'll only remap four times per day. I know this is going to cause me problems because my next desktop PC is going to have multiple caddied drives on it.
  24. 1 point
    You can technically just remove all entries from your hosts file using Notepad. Just delete everything except the "127.0.0.1 localhost" entry if there is any. Lines starting with "#" are comments by the way. Pretty much. We are not an ad blocker, no. You use uBlock Origin which is pretty much the best adblocker you can get. So you are well covered in that area already. Correct. When you try to click the link, it will block access to the site. But I do understand that a lot of people would like to know before they click, which is why we consider adding it. Interestingly enough WOT got in trouble for the very same thing that some AVs are doing with their extension. You can always set up your own DNS server locally or in a cheap VPS box online. DNS also can be tunneled via various secure protocols (DNS-over-HTTPS for example). Those use methods that provide k-anonymity. Firefox in addition also sends "fake" requests if I remember correctly so the hoster of the block list does not know whether that was a website you actually surfed to or a random request. If you are so concerned, just host your own VPN. Get a cheap VPS with bitcoin at njal.la for example, host OpenVPN and your own DNS server on it and there will be no link between you and the VPS. It's serious overkill though.
  25. 1 point
    uBlock is exceptionally good at removing duplicate filter rules. So if you enable the MVPS filter list there, it will only enable it for stuff that isn't covered by other lists. That's also why in the rules list it says "x used out of y". Because it tells you how many rules it actually used out of that filter list. The rest was already covered by other lists. uBlock is also a lot more efficient as parsing and applying these filter rules than the DNS API in Windows is, which is the component that parses the "hosts" file. Depending on the browser you use, the "hosts" file may actually get ignored entirely. Some browsers like Chrome, for example, implemented their own, faster DNS client as the Windows DNS API isn't the fastest. So in the worst case scenario, you were having this huge hosts file, slowing down every program that does remotely something with networking, while at the same time your browser completely ignored it. Yeah, most people aren't aware of it and it is the main reason why we decided to create our own browser extension. The worst part is, that it is completely unnecessary from a technical point of view as well. But yeah, as it is often the case: If something a free, you pay with your data. Unfortunately not. If you find one, let me know which one and I can check how intrusive it is for you though. We are also considering adding search indicators in our extension. So you may want to wait for that. There is no ETA though.
  26. 1 point
    Just don't. You will hurt your general performance considerably. Better to just enable the MVPS filter list in uBlock. Kind of pointless. uBlock does a better job. Ad hosts blocked by uBlock can't set cookies in the first place. That's all it pretty much does if you are using Firefox. For someone who is concerned about their privacy it is interesting that you willingly send your entire surf history to any company in clear text: Literally every single website you browse to will get submitted in that way. Bitdefender Traffic Light isn't the only extension that does this. Other extensions known to do this are Avira Browser Safety, Avast Online Security, Norton Safe Web and Comodo Online Security Pro.
  27. 1 point
    I think it's specifically related to the Creators Update for Windows 10 that Microsoft released recently, and has been slowly pushing out to everyone's computers. They made some sort of change in the Creators Update that caused this to happen. For Windows 7 the easy fix is to uninstall EIS, restart the computer twice, and then download and reinstall EIS from the following link (I don't think this would help on Windows 10 though): http://dl.emsisoft.com/EmsisoftInternetSecuritySetup.exe
  28. 1 point
    I would believe our developers are still looking in to it, however thus far we have been assuming it is an issue with Windows 10 since certain Windows tools still read the firewall status correctly.
  29. 1 point
    We're aware of the issue. Some parts of Windows 10 seem to detect that Emsisoft Internet Security's firewall is active, and some do not.
  30. 1 point
    It's not abnormal for Windows to say that when a program update for Emsisoft Internet Security gets installed. When that happens, Emsisoft Internet Security has to restart itself in order to update itself, and during that brief period of time Windows will report that Emsisoft Internet Security is turned off. I would believe we made some changes recently so that Windows doesn't do that anymore, however I have not tested to verify that (I would have checked before posting, but there's currently no beta version for me to install in order to test).
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up