Popular Content

Showing content with the highest reputation since 10/13/09 in all areas

  1. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  2. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  4. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  5. 2 points
    According to several reports, the latest Windows 10 Update pushed on Jan. 3rd is supposed to address the "Meltdown" security problem. However, due to changes to Windows kernel, Microsoft didn't make the update available to users without the "ALLOW REGKEY", and directed users to confirm with AV vendors if their products are compatible with the latest update. So is the current version of EAM compatible with this update?
  6. 2 points
    Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  7. 2 points
    Local is your machine, "this end" of a conversation. Remote is whatever machine's at the other end.
  8. 2 points
    I think you have made your point of view crystal clear for everyone, iwarren. Do we really nede more posts?
  9. 2 points
    That would help in this particular instance (alerts during an uninstall), however every rule that exists can decrease performance, so rules are generally not kept if they are not needed.
  10. 2 points
    You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
  11. 2 points
    Good morning. Can we expect to get a fix for the updates not working soon, please? Having to disable the firewall to get updates seems an important bug to me. Thanks in advance and best regards, François
  12. 2 points
    I don't have any insight in the test-methodology apart from what the article states, but a few observations make me doubt the relevancy of this test: The test compares a number of different products: antirootkit scanners and anti-malware scanners. This makes no sense to me. TDSSkiller is an excellent Antirootkit scanner in my opinion, but it is a limited tool, you cannot compare this with a anti-malware scanner like EEK or MBAM because its simply a different product. The tested malware is for the most part very, very old and not seen in the wild anymore, even though the article states 2015 and "in the wild" in the title. To give a few examples: Alureon/TDL3/4 hasn't been around "in the wild" for at least 3 years (and thats estimating it very loosely) The article listed is from 2010 (!) http://contagiodump.blogspot.gr/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html?m=1 The same goes for ZeroAccess/Max++. The latest usermode version of that rootkit was active in 2013 and after the botnet was taken down for a large part, there has been no re-emergence of this malware. However, its kernelmode version was quite a bit older, this was last seen in 2011. Sure, its interesting to see how products perform against such rootkits, but how useful is it? Those rootkits were "retired" for a very good reason, they can no longer infected today's OS versions. Finally, I'm not one to make accusations, but I don't like "sponsored by..." tests. I'm fully willing to believe that Zemana was indeed the best product to remove all these infections, but I just think its not the best strategy for any testing lab to let a sponsor also participate in the tests, just to avoid any possible doubt as to the objectiveness of the test results.
  13. 2 points
    The Shariff solution looks very elegant and I'm watching the project for quite some time. They released a new version a few months ago https://github.com/heiseonline/shariff It doesn't 100% meet our requirements but we may adapt some things from it and replace our current social media buttons. It's already in the works.
  14. 2 points
    Derzeit bieten wir Email Support auf Deutsch, Englisch, Franzoesisch, Spanisch, Niederlaendisch, Russisch und Italienisch an.
  15. 2 points
    Hello, Jenn Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. Please change your user name to something that is not your email address. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  16. 2 points
    Hi und Herzlich Willkommen beim Emsisoft Support Forum! Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften) Starte jetzt FRST. Ändere ungefragt keine der Checkboxen und klicke auf Scan. Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop. Bitte beide Logfiles in der nächsten Anwort anhängen.
  17. 1 point
    Hi Damaxx, can you share the decryptor. Wanted try it will work for my files or not.....
  18. 1 point
  19. 1 point
    EAM doesn't work on XP or Vista now. System requirements are :- For Windows 7/8.1/10, 32 & 64 bit
  20. 1 point
    mario.rossi Today the STOPDecrypter has been updated with the support of the .dutan extension https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Try decrypting some files first by making a copy of them for test.
  21. 1 point
    Hallo Wolfgang, vielen Dank dass Sie unseren Support kontaktiert haben. Eine Infektion durch die offizielle Version vom VLC Player bei der Installation oder beim Update sollte sich ausschließen lassen. Sie haben Chip erwähnt, Ihrem Beitrag entnehmen ich aber dass Sie den Chip Installer nicht verwendet haben als Sie VLC Player installiert haben? Wie Sie bereits festgestellt haben könnte man sagen es wird einem damit einfach gemacht auch andere Dinge als das Programm zu installieren welches man eigentlich herunterladen wollte. Daher sollten Programme immer direkt vom Hersteller bezogen werden, damit sollten sich dann auch Zwischenfälle ausschließen lassen, wird in einer offiziellen Software einmal eine Infektion gefunden sollten vertrauenswürdige Hersteller auch dafür sorgen dass alle Nutzer informiert werden. Wenn eine Plattform wie Chip.de verwendet werden soll um Software zu beziehen, würde ich persönlich empfehlen Ausschau nach einem Link "Manuelle Installation" zu halten; damit wird dann der Installer des Herstellers heruntergeladen, und nicht der Chip Installer über den dann wiederum z.B. VLC Player heruntergeladen und am System installiert werden soll. Ein einfaches Rezept zur Säuberung eines Systems welche für Jedermann und in alle Fälle gut funktioniert lässt sich vermutlich nicht finden. Etwa ist die Anleitung welche @onegasee59 freundlicherweise erwähnt hat schon in ein sehr brauchbares Format gebracht worden. Gerne sind wir Ihnen bei der manuellen Bereinigung behilflich, lassen Sie mich bitte wissen wenn Sie gerne eine Anleitung zum Erstellen der benötigten Log-Dateien haben würden die wir benötigen damit wir Sie damit unterstützen können. Wenn Software vom Hersteller des eigenen Vertrauens bezogen wurde sollte man davon ausgehen können dass Update-Aufforderungen legitim sind wenn diese eindeutig von diesem Programm stammen. Verhaltensverstöße bzw. Aktionen die auf einmal von einem Programm am System durchgeführt werden sollen können schon von Sicherheitssoftware aufgespürt werden - etwa mit einer Technologie wie unserer Verhaltensanalyse; vorausgesetzt es wurde keine Ausnahme-Regel für das Programm erstellt. Man sollte sich da System genauer ansehen, wir helfen Ihnen gerne dabei, mit eine Anleitung die dann für Jedermann funktionieren würde können wir aber leider nicht dienen. Darauf lässt sich leider keine Antwort finden wenn man nicht vorher einen genaueren Blick auf das System geworfen hat. Dazu werden wiederum diverse Tools verwendet die detaillierte Informationen über den Systemzustand und verschiedene wichtige Bereiche im System auflisten. Entweder muss dann wiederum mit anderen Werkzeugen nachgesehen werden bzw. werden die Informationen dazu genutzt um dann Malware die am System gefunden wird gezielt zu entfernen. Es tut mir Leid dass meine Antworten für Sie nicht genauer ausfallen können oder ich mit einer Anleitung dienen kann die dann vielen Nutzern sofort auf einfache Weise helfen könnte. Für Ihre Fragen und Anliegen stehe ich gerne weiter zur Verfügung.
  22. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  23. 1 point
    that's fun. firefox doesn't block code injection yet, but it's on their roadmap for q4 2018/q1 2019. i'd also expect opera to start doing it if they merge upstream changes from chromium. *EDIT* Opera is tracking Chromium 69 for Opera 56, and Vivaldi is tracking Chromium 69 for Vivaldi 2.x.
  24. 1 point
    Not a big fan of the GUI. Way too much white space, too much scrolling and I do not like sidebars. Its also starting to look like a web page which I think is what you guys are going for but I hate it. A gui should be compact, crisp and intuitive, this one is none of the above. I need to put on sunglasses for this one.
  25. 1 point
    They posted that 30 days ago. Just keep an eye on BleepingComputer, and if there are any new developments then they should announce it.
  26. 1 point
    I am using the Command Line Scanner within my Application scanning incoming files in a certain directory. My Application opens a DOS process in which we run the command line scanner, capturing the output and analysing the results (I wrote a little parser for the output). This worked for the last years without any problems. We use it on three servers, 2 of them are running Windows Server 2008 R2 and 1 server runs on Windows Server 2012 R2. Since yesterday the 2012 R2 server had problems running the command line scanner, the process hangs and did not finish. The other 2 servers on 2008 R2 are still running without any problems. I did a reinstall of EMSIsoft on the 2012 R2, the problem still exists. Are there any known problems on 2012 R2 using the Command Line Scanner?
  27. 1 point
    Let's try a different tool. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. • Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. • Right-click RogueKiller.exe and select Run As Administrator to run the tool. • Once the Prescan has finished, click Scan. • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.
  28. 1 point
    I see,I will check out the link. Customer service here is top notch! Thanks again Elise
  29. 1 point
    A quick workaround, if you'd like to try it, would be to exclude the mpc-hc64.exe file in Emsisoft Internet Security. Here are instructions on excluding a process from scanning and monitoring: Open Emsisoft Internet Security. Click on Settings in the menu at the top. Click on Exclusions in the menu at the top. To the right of the list to Exclude from scanning, click on the Add file button. Navigate to the file you would like to exclude, click on it once to select it, and then click Open. To the right of the list to Exclude from monitoring, click on the Add file button. Navigate to the file you would like to exclude, click on it once to select it, and then click Open. Close Emsisoft Anti-Malware. Note: If a program you have excluded is running, then you will need to close it and reopen it for the exclusion to take effect. In some cases you will need to restart your computer before this will happen. I assume the file in question is in a folder such as one of the following: C:\Program Files\Media Player Classic C:\Program Files (x86)\Media Player Classic
  30. 1 point
    I've answered via email. I'll update here once we've taken are of it.
  31. 1 point
    Then don't enter any data in any webform that doesn't have the https:// prefix, avoid any security products that use https intercepts, see also this article: https://www.bleepingcomputer.com/news/security/us-cert-security-products-that-perform-https-interception-weaken-security/ Besides that, always be sure to use strong passwords, personally I'd recommend using a password manager like LastPass or KeePass to ensure you use unique and strong passwords that can't easily be hacked.
  32. 1 point
    Lets try getting a diagnostic log. You can find the instructions and download at this link. When it's done, it will open a log in Notepad (as explained in the instructions). Please save this log somewhere easy to find, such as on your Desktop or in your Documents folder, and then send it to me in a Private Message so that I can take a look at it. Important: Don't post the log publicly. It contains a copy of your a2settings.ini file, which contains encrypted license information. If someone were to figure out how to break that encryption, then someone else could use your license key.
  33. 1 point
    Nothing should be able to delete files in the EIS folder while EIS is running. Application Rules are created automatically in EIS for trusted programs, so this is a sign that it recognized the digital signature and allowed it.
  34. 1 point
    Not sure if an antivirus vendor forum is the best place to ask this, but I would not use driver updaters. Never Download a Driver-Updating Utility; They’re Worse Than Useless - How-To Geek Best place to get drivers is to go straight to the manufacturer's website.
  35. 1 point
    Actually, the hotfix says that it was CorelDRAW and other applications. Those applications included: Internet Explorer, AutoCAD, Orthotrac, QuickBooks, KeyDepot and a couple of SAP applications. Since every Windows user has Internet Explorer and a large number of applications rely on it working properly, as they use IE internally, everyone gets the hotfix. Signatures are program code as well. A significant portion of the signature database contains executable code. Code that relies on the applications using it to behave a certain way. That is why we don't allow to only update one or the other. Both have to be updated at the same time. Or just switch to the delayed update feed that gets updates with hotfixes included a couple of weeks later.
  36. 1 point
    You can add the BatchGotAdmin batch code to the beginning of your batch file as a workaround for this issue. It may require some editing to pass the path of your file to be scanned to the VBS file (I haven't tested whether passing parameters to a batch file that uses BatchGotAdmin will be preserved after the batch file is reopened by the VBScript).
  37. 1 point
    Can you post a screenshot of the error, or tell us what it says?
  38. 1 point
    Glad things are working great on your system . If you run into any unforeseen issues or if you have any further questions, don't hesitate to contact us again.
  39. 1 point
    Hello, then please uninstall Emsisoft Anti-Malware and reboot your computer. Now run the Emsisoft Clean Utility (emsiclean.exe) again and enable all entries in the list. Press Remove selected objects and reboot the computer again. Now please run a new Emsisoft Anti-Malware install. All protection layers are working now?
  40. 1 point
    Copy the below code to Notepad; Save As fixlist.txt to your Desktop. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Reg: reg delete "HKEY_USERS\S-1-5-21-2835325914-3951994643-1403611485-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f Reg: reg delete "HKEY_USERS\S-1-5-21-2835325914-3951994643-1403611485-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f Reg: reg delete "HKEY_USERS\S-1-5-21-2835325914-3951994643-1403611485-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f Reg: reg delete "HKEY_USERS\S-1-5-21-2835325914-3951994643-1403611485-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f AlternateDataStreams: C:\ProgramData\TEMP:5C321E34Close Notepad.NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  41. 1 point
    Currently it isn't possible to switch between engines. Even if you could enable or disable the engines, the engine would still be loaded into memory, so it isn't really worth doing it (it would just reduce protection). I've asked a developer to take a look at your topic for the other questions.
  42. 1 point
    Online Armor doesn't have a cloud-based system where user decisions are stored to reduce the number of alerts. Emsisoft Anti-Malware has a cloud-based system like this, but it is currently not used in Online Armor.
  43. 1 point
    Have you followed the advise in the error message?
  44. 1 point
    Hello, there are no special differences in the installer for both programs.
  45. 1 point
    I think I have an alternate solution. Create an account at this link, and then let me know once you've done that. Once you have an account, I can create a 5-day Online Armor Premium license for you in our system, and that should give you enough time to backup your settings, reinstall Online Armor, and then restore your settings.
  46. 1 point
    Windows 8 introduced a few additional changes to the way Patch Guard works. As a result it is no longer possible to prevent screen, key, and clipboard grabbing the same way it was previously possible. We are already working on it but we don't have an ETA for an update yet. That being said, actual malware performing key, screen, or clipboard logging will still be detected and blocked for other reasons as it will exhibit a lot more and different behaviors. For example installing autoruns, accessing the internet, installing itself in the system etc.. So beside leak tests who are purely artificial and therefore harmless the actual real life threat for one's computer is negligible and almost purely theoretical.
  47. 1 point
    These both appear to be False Positive detections: C:\Windows\Desktop Manager\dwm.exe detected: Trojan.Generic.KDV.294492 (B) C:\Program Files\SrvBack\Srvback.exe detected: Gen:Variant.Graftor.2974 (B)
  48. 1 point
    Could you please check for beta updates and then verify that if you'd "Trust" this dll once - it's being trusted later too? (in other words - you'd get only 1 popup in which you'd select "Trust" + "Remember" + "Allow") Thanks in advance,
  49. 1 point
    oa.cat, oa.hlp, oa.srv, oa.gui those 4 processes is always running, start taskmanager (right-click on the taskbar or start taskmgr.exe) and take a look. anyway, i have been using OA & EAM together for years without any exclusions, and i have never had any problems. now i have those 4 excluded in all my antivirus-programs, just in case.... EAM exclusions in OA: a2service.exe. a2guard.exe, a2start.exe
  50. 1 point
    Hi f4uju87, welcome to the forum The short answer to you question at the end of you post: If you trust the Software then just White-List ======= other than that ======= Traces are not necessarily dangerous You can search this or the old forum with keywords “traces”; Trace.Directory” ; "Trace.Registry" or alike and find many discussions Read this article: Spyware Traces in Detail Since you performed the quick scan only – the traces were flagged but the Software (files) itself were not scanned (unless the process is active) You may consider to scan the Software as well (Choose Custom Scan of the folder, for example if you don't want Deep scanning) In addition, especially if associated files are flagged - you can submit as described in Submitting suspected False Positives for analysis or if you trust the Software then just White-List, because indeed the traces can reappear as soon as you rerun the Software Here is one of the threads: http://support.emsisoft.com/topic/1623-a-squared-and-free-rip-false-positive/page__pid__8313__st__0entry8313 Please ask if any other questions My regards P.S. Be careful though with “Trace.Directory”, since quarantining that can remove the whole Software Always check before making decisions … see this Sticky
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up