Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      714

    • Content Count

      12182


  2. Kevin Zoll

    Kevin Zoll

    Emsisoft Employee


    • Points

      289

    • Content Count

      18806


  3. Fabian Wosar

    Fabian Wosar

    Emsisoft Employee


    • Points

      286

    • Content Count

      4405


  4. Elise

    Elise

    Emsisoft Employee


    • Points

      261

    • Content Count

      8293



Popular Content

Showing content with the highest reputation since 01/14/12 in all areas

  1. 7 points
    Official word is, "yes". We will give free license extensions to anyone who upgraded to Windows 10 and was unable to use the firewall. Once the issue has been resolved, please either submit a support ticket in our helpdesk system, or send a Private Message on the forums to me (English Support) or Thomas Ott (English/German Sales). Be sure to mention that you would like to have your license extended due to the Windows 10 issues and include in your message any license keys that were in use on a computer with Windows 10. Feel free to link to this forum post if you would like to.
  2. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  3. 4 points
    Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <- Forum post at BleepingComputer.com How do I remove the ransomware? The STOP/Djvu decrypter will stop the ransomware from running so that it can't continue encrypting your files, however it doesn't completely remove the ransomware. Most Anti-Virus software will detect STOP/Djvu if you run a scan for it, however if you don't have Anti-Virus software installed then you can run a Malware Scan with Emsisoft Emergency Kit (free for home/non-commercial use). Note that formatting the hard drive and reinstalling Windows will also remove the infection, however this ransomware is particularly easy to remove, so if a computer is only infected with STOP/Djvu then formatting the drive would be unnecessary. Will removing the infection unlock my files? No. Your files are encrypted. This encryption needs to be reversed (via a process called "decryption") before your files will be usable again. This encryption cannot be removed or undone simply by removing the STOP/Djvu ransomware infection. The decrypter can't decrypt my files? In most cases this means you have an online ID. It could also mean your files were encrypted by a newer variant of STOP/Djvu. See below for explanations. Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. Why is the decrypter stuck on "Starting"? When you run the decrypter, it looks for encrypted files. It will say "Starting" until it is able to find some. If the decrypter remains stuck on "Starting" for a long period of time, then this means it is unable to find any encrypted files. Offline ID. When the ransomware can't connect to its command and control servers while encrypting your files, it uses a built-in encryption key and a built-in ID. Offline ID's generally end in t1 and are usually easy to identify. Since the offline key and ID only change with each variant/extension, everyone who has had their files encrypted by the same variant will have the same ID and the files will be decryptable by the same key (or "private key" in the case of RSA encryption). Online ID. In most cases the ransomware is able to connect to its command and control servers when it encrypts files, and when this happens the servers respond by generating random keys for each infected computer. Since each computer has its own key, you can't use a key from another computer to decrypt your files. The decrypter is capable of working around this with older variants as long as it has some help, however for newer variants there is nothing that can be done to recover files. Old Variants. Old variants were those in distribution until near the end of August, 2019. Our decrypter supports offline ID's for almost all older variants, and can decrypt files for those with offline ID's without needing any help. For online ID's, it's necessary to supply file pairs to our online submission form so that the decrypter can be "trained" how to decrypt your files. A list of extensions from older variants can be found at the bottom of this post. New Variants. These use a more secure form of RSA encryption. Support for some offline ID's has been added to the decrypter for newer variants, and support for new offline ID's will be added as we are able to figure out decryption keys for them. As for online ID's, due to the new form of encryption, there's currently nothing the decrypter can do to help recover files. Will it ever be possible to decrypt new variants with online ID's? That depends on whether or not law enforcement is able to catch the criminals who are behind this ransomware. If law enforcement is able to catch them and release their database of keys, then we can add those to our database for decryption. If you would like to report this ransomware incident to law enforcement, then please click here for more information. The more reports law enforcement agencies receive, the more motivation they have to track down the criminals. What is a file pair? This refers to a pair of files that are identical (as in they are the exact same file), except one copy is encrypted and the other is not. Our decryption service can analyze the differences between an encrypted file and an original unencrypted copy of the same file, allowing it to determine how to decrypt that type of file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back. File pairs only work for one type of file. Due to the way encryption works in STOP/Djvu, file pairs can only help the decryption service figure out how to decrypt one type of file. For instance, if you submit a file pair for an MP3 file, then the decrypter will be able to decrypt all of your other MP3 files, however it won't be able to decrypt any other type of file. There are some exceptions to this, such as certain newer Microsoft Office documents (such as DOCX and XLSX) since those files are technically ZIP archives. The decrypter can't decrypt all of my pictures even though I submitted file pairs for them? JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decrypter will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you've obtained those pictures from. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Is there anything I can do to help catch these criminals? The best thing you can do right now is file a report with your country's national law enforcement. There is more information available at the following link: https://www.nomoreransom.org/en/report-a-crime.html Extensions from older variants that the decrypter supports:
  4. 4 points
    Guten Tag, Wir haben mittlerweile mehrfach etabliert, dass Emsisoft nicht das Programm Ihrer Wahl ist. Sie haben sich bereits anderweitig ein Antivirus gesucht, dass auch noch dreißig weitere Funktionalitäten mitabdeckt. Fakt ist jedoch, dass viele Leute eben auch ein Antivirenprogramm suchen, dass nicht noch fünfzig Extras mitbringt, die man nicht will oder nicht braucht. Für diese Leute gibt es eben Emsisoft Anti-Malware und die meisten unserer Kunden sind mit der Tatsache, dass es eben 'nur' ein Rundumschutz für den Rechner ist und nicht mehr, zufrieden. Für all die angesprochenen Features - Passwortgenerator, Kinderschutz, etc - gibt es bereits gute Programme, die man sich bei Bedarf installieren kann. Viele Leute haben aber entweder keine Kinder oder wollen diesen den Zugang nicht beschränken, warum sollten wir diesen Leuten einen Kinderschutz mitinstallieren. Einige haben eben auch nicht RAM oder CPU im Überfluß, für diese Leute ist es noch ärgerlichr wenn das RAM durch ein AV belegt ist, dass aufgrund von ungenutzten Features die Ressourcen auffrisst. Fazit: Es gibt viele Antivirenprogramme, die die eierlegende Vollmilchsau sein wollen und versuchen alle Programme in einem zu vereinen. Es gibt User, die diesen Ansatz nicht mögen und nur ein Antivirenprogramm wollen. Nicht mehr. Für diese Leute gibt es, zum Beispiel Emsisoft Anti-Malware. Sie gehören nicht zu dieser Gruppe und das ist ok. Mit freundlichen Grüßen Kathrin
  5. 4 points
    Which for everything related to our core technologies (engine, behavior blocker, cleaning engine) would be me. Hi, nice to meet you! Next time someone looks strange at me for talking to myself I can now point them to this post and tell them you asked me to talk to me . Your argument is that we chose Bitdefender because it is "the best". Both Kaspersky as well as Avira consistently score higher in pure on-demand tests than Bitdefender does. If you consider PUP detection ESET is a superior contender as well. We considered all of them at one point or another but they were discarded for various reasons. The article is based on the submission we got through the "Submit information about detected Malware" option in all our products, which reports back meta data (infection names, number of infected objects) about all infections found by our products.
  6. 4 points
    Actually, there is a system behind it: My workstation computers are named after noble gases, like Krypton or Helium. Computers that I only use temporarily or belong to guests are named after transition metals like Titanium. Non-computer devices like smartphones are named after non-metals like Oxygen. All systems and VMs that are used for malware testing are named after radioactive elements like Uranium. Needless to say my WLAN and local workgroup is called "Periodic Table". And yes, I spent a significant amount of time coming up with that system and I am proud of it .
  7. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  8. 3 points
    Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Finding the right ransomware sample becomes infinitely more challenging when you deleted the infection and can't provide us with the ransomware. It is okay to disable the infection by disabling any autorun entries pointing to it or by quarantining the infection. However, it is important not to delete it from quarantine or to remove the malicious files right away without a backup. Disable any system optimisation and cleanup software immediately A lot of ransomware will store either itself or necessary files in your temporary files folder. If you do use system cleanup or optimisation tools like CCleaner, BleachBit, Glary Utilities, Clean Master, Advanced SystemCare, Wise Disk/Registry Cleaner, Wise Care, Auslogics BoostSpeed, System Mechanic, or anything comparable, disable those tools immediately and make sure there are no automatic runs scheduled. Otherwise, these applications may remove the infection or necessary ransomware files from your system, which may be required to recover your data. Create a backup of your encrypted files Some ransomware has hidden payloads that will delete and overwrite encrypted files after a certain amount of time. Decrypters may also not be one hundred percent accurate, as ransomware is often updated or simply buggy and may damage files in the recovery process. In those cases, an encrypted backup is better than having no backup at all. So we urge you to create a backup of your encrypted files first, before doing anything else. Server victims: Figure out the point of entry and close it Especially recently we have seen a lot of compromises of servers. The usual way in is by brute-forcing user passwords via RDP/Remote Desktop. We firmly suggest you check your event logs for a large number of login attempts. If you find such entries or if you find your event log to be empty, your server was hacked via RDP. It is crucial that you change all user account passwords immediately. We also suggest to disable RDP if at all possible or at least change the port. Also, it is important to check all the user accounts on the server, to make sure the attackers didn't create any backdoor accounts on their own that would allow them to access the system later. Figure out what ransomware infected you Last but not least it is important to determine what ransomware infected you. Services like VirusTotal, which allows you to scan malicious files, and ID Ransomware, which lets you upload your ransom note and encrypted files to identify the ransomware family, are incredibly useful and we will probably end up asking you for the results of either of these services. So by providing them right away, you can speed up the process of getting back your files. If you struggle with any of these points, please feel free to ask for help. Our ransomware first aid service comes with no-strings-attached and is free for both customers and non-customers.
  9. 3 points
    Please note that Emsisoft Anti-Malware for Windows XP hasn't been updated (as in program updates) in over 2 years, and we never intended on continuing long-term database update support for it. In fact, we discontinued our own database updates for it over a year and a half ago, and those still running Emsisoft Anti-Malware on Windows XP have only been receiving BitDefender database updates. We've decided that it is time to stop redistributing those BitDefender updates for Windows XP, as all they are doing is giving those on Windows XP a false sense of security. In addition, it is extremely dangerous to continue using Windows XP. It has (for several years now) had well-known and major security vulnerabilities that Microsoft will never fix. These vulnerabilities make it trivial to infect a Windows XP system, and there is no security software in the world that is capable of preventing it. We can not, in good conscience, continue to provide any support for this version of Windows, as we announced on December 31st, 2015: https://blog.emsisoft.com/2015/12/02/why-we-believe-its-not-ethical-to-sell-antivirus-software-for-windows-xp-any-longer/ We highly recommend that you upgrade to a newer Operating System that is still supported. It doesn't matter if that's a newer version of Windows, or something free like Linux or BSD, as long as you'll be receiving security updates from whoever makes it. New vulnerabilities are discovered almost every day for every major Operating System (Windows, Linux, BSD, MacOS, Android, etc) so it is absolutely critical that you are able to receive security updates from whoever made the Operating System to help keep you and your data safe.
  10. 3 points
    Wenn alle Features eingebaut würden, die Galaxy wünscht, dann würde ich EAM sofort deinstallieren. Ich mag das Programm so wie es ist und hoffe, das bleibt auch so.
  11. 3 points
    Is this working OK now for everyone else? If it is, then there's no need for any more logs. All we needed was a traceroute to send to our CDN provider to help in identifying the server that was having the issue, and I managed to get one of those the other day.
  12. 3 points
    @achtsam Es wird eher langsam Zeit, dass Du deinen privaten Kreuzzug einstellst. Das nimmt ja wirklich paranoide Züge an.
  13. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  14. 3 points
    Today, we've received information that our Dutch team member Rob R. passed away yesterday afternoon, after suffering from an unexpected heart attack last Wednesday. Rob was our lead software tester and we always admired him for his special eye to track down the most tricky bugs. He joined our team more than five years ago by voluntarily sending over a brand new and complete Dutch translation of our software. Shortly after he initiated our efforts in offering physical delivery of our software on CD boxes and USB sticks. He also demonstrated a great interest in testing security software which recently led him to becoming our lead tester for Emsisoft Anti-Malware and Emsisoft Internet Security. Rob will truly live on in our memories as a valued team member and friend.
  15. 3 points
    Hardik587 You are indeed becoming most wearisome. There is an old expression among diehard Texans. "No matter how much you kick a dead horse it won't get up" This is exactly what you are doing.
  16. 3 points
    Hello, please send me your license key via PM (personal message). I will add some days to your key as a sign of goodwill.
  17. 2 points
    The Emsisoft Browser Security extension is now available on the Microsoft Addons store for Chromium Edge: https://microsoftedge.microsoft.com/addons/detail/jlpdpddffjddlfdbllimedpemaodbjgn Hopefully we'll be able to update EAM soon to check whether or not it's installed when you launch Chromium Edge.
  18. 2 points
    Such tests aren't reliable. They aren't actually malicious, and may not be blocked by our Behavior Blocker like real ransomware would.
  19. 2 points
    @adityagede99, @Chinnhoo Computer, and @Kotari koteswararao this is a newer variant of STOP/Djvu, and your ID's are online ID's, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ @Surasri this is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ @Nouman this is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. The STOP/Djvu ransomware will encrypt files on any drive connected to your computer. Yes. It requires a connection to our servers to function. We don't "develop" private keys. Those are created by the servers operated by the criminals. With offline ID's, since everyone's files who have offline ID's for the same variant of STOP/Djvu have been encrypted with the same public key, their files can all be decrypted with the same private key. We get those private keys when someone who has an offline ID pays the ransom and donates the decrypter the criminals sent them to us so that we can extract the private key from it. This process takes time, as it relies on the generosity of victims who have enough money and don't mind paying the ransom in order to make a donation like that.
  20. 2 points
    @m2413 and @Juroan24 private keys for offline ID's are added to our database once we are able to find them. Just run the decrypter once every week or two in order to see when we've added the private key for your variant.
  21. 2 points
    @ferko85 Let’s deal with the active malware infection before attempting to recover your files. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt
  22. 2 points
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  23. 2 points
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  24. 2 points
    FYI: https://blog.emsisoft.com/en/32110/emsisoft-anti-malware-2018-9-beta/
  25. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  26. 2 points
    Are there any plans of introducing an anti-malware for Mac in the near future? I'm very curious. We see more and more interest of our customers that are demanding a good mac protection software. Now we deliver Emsisoft for Windows but we can't for MAC OS. By canceling development of EIS is there now more of a possibility for a new product?
  27. 2 points
    Other companies have 10 to 100 times the number of employees we do. Having one person there that fixes bugs in Windows Insider builds isn't much of an issue there. However, us doing that would mean ~30% of all development time disappears to keep a couple of hobbyists happy who use a system that is not intended for use in production systems on their production system. We do include insider builds in our QA runs, so we know if or what is broken so we can fix it in time for a release. But unless something is fundamentally broken, risking system security or stability, we won't fix bugs specific to insider builds before a release to web is close.
  28. 2 points
    We had to turn off XP updates because the latest scan engine and its signatures are no longer compatible with it. Instead of pretending that we could protect you from malware (which we effectively can't because XP is full of holes and flaws that aren't gonna be fixed at all) we would rather strongly recommend you to upgrade your computer. If that is for any reason impossible and means that you can't use our software anymore at all, we're happy to issue a refund for the remaining period.
  29. 2 points
    Guten Tag, Bei Schwachstellen in einer Software ist es eigentlich immer am Besten wenn der Softwarehersteller die Schwachstelle behebt. Er ist der einzige, der Zugriff auf den Quellcode hat und diesen direkt verändern kann. Selbst der Patch von Microsoft ist ein wenig eine Krücke in diesem Sinne, da er nur den Zugriff verhindert und nicht wirklich die Schwachstelle behebt. Intel hat jedoch angekündigt innerhalb einer Woche eine Patch zu veröffentlichen und spätestens bis Ende Januar für alle zur Verfügung zu stellen. Emsisoft kann hier nicht dasselbe leiste wie Microsoft oder Intel, da wir weder den Quellcode von Windows noch für die Intelprozessoren haben. Wir werden jedoch, wie immer, unsere Verhaltensanalyse und den Dateiwächter mit allen Signaturen ausrüsten um Malware die diese Schwachstelle nutzen will zu blockieren. Besser ist es jedoch so schnell wie möglich sämtliche Sicherheitsupdates zu installieren. Ein Antivirenprogramm ist keine Alternative zu Sicherheitupdates. Mit freundlichen Grüßen Kathrin
  30. 2 points
    Emsisoft Anti-Malware ist vollständig mit dem Windows Update kompatibel. Wir haben ausserdem grade ein Update für alle Nutzer des Beta, Stable und Delayed Update Trees veröffentlicht, dass den entsprechenden Kompatibilitätsmarker in der Registry platziert. Wir möchten an dieser Stelle zu bedenken geben, dass Microsoft den selben Kompatibilitätsmarker für alle Anti-Virus und Anti-Malware Anwendungen verwendet. Sollten also mehr als ein Anti-Virus oder Anti-Malware Programm in Benutzung sein, besteht das Risiko das eine der Anwendungen, wie Emsisoft Anti-Malware z.B., das System als kompatibel markiert, obwohl eines der anderen installierten Sicherheitsprodukte nicht kompatibel ist. Es gibt für uns leider keine Möglichkeit dies zu verhindern oder abzufangen, da Microsoft die Verwendung mehrerer Schutzprogramme auf dem selben System schlicht nicht vorsieht. Dies ist übrigens ein perfektes Beispiel dafür, wieso wir seit Windows 10 von der parallelen Verwendung mehrerer Sicherheitsprogramme abraten. Weitere Informationen, gibt es auch in unserem Blog.
  31. 2 points
    Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  32. 2 points
    Thanks Umbra. I've also done step 2, and I suspect your right that is good enough.
  33. 2 points
    If you change the setting (for Malware hosts) on that screen (eg to Block silently) then all instances of malware-host alerts would become silent. That's not necessarily sensible - yes, fewer alerts, but also you'd be less aware of sites that maybe you shouldn't trust so much. If you see alerts for that specific malware host frequently, you could add a rule to treat it differently eg just silently blocking it. But again, you'd then not be warned that such sites had embeded links to that host. Is that wise?
  34. 2 points
    Hello to you all, l don't know how some of you are going to react to my post but the end is what matters. On Friday morning we (company) where infected from the Cry36 Virus(Ransom). Our Server 2008R2 was with anti-virus and with Windows Update.. up to date.. At the time we had a external Hard drive connected to the server (the only one we had) since we didn't have a duplicate due the second one failed on us. Due to hard times here in Greece we thought that one hard drive was enough. Since our server was under repair with a raid problem we had an live backup. All our files where encrypted.. Most you will probably understand. We called local Police, Internet Crime Center Greece and Interpol. We had support for a number o techs, antivirus profs in Greece and around the world. We had no choice but to gamble with the hackers. They asked for $800 in bit coin. We had nearly every day email exchange with them. The process to obtain bit coin was a long and stressing time. The amount of money we where loosing day by day was nightmare. After 8 days we had the bit coin, we transferred them to the people responsible and in 15min we had the unlock.exe we our ID and a password from Greece to US. They even gave us instructions and warnings not to damage the files. We got all our files back!!!!!!!!!!!!!! Yes we did the wrong thing and payed. In the end we lost a lot of money and lived 10 days of hell!!!!! The virus was infected from a personal email...
  35. 2 points
    Hello, When it comes to surfing: keep it simple, a browser is only as safe as it's user. I'd advice against using any browser "security" that intercepts https traffic, for an explanation see here: http://blog.emsisoft.com/2017/02/09/https-interception-what-emsisoft-customers-need-to-know/ Choose the browser that suits you best en practice safe surfing (use an adblocker, use a password manager as alternative to using easy to guess or identical passwords), don't visit shady sites and if you're not sure about a site, scan the URL on http://www.virustotal.com Personally I use Google Chrome with uBlock origin, Lastpass, and a few small add-ons that help facilitate certain routine tasks. never had any browser-related security issues.
  36. 2 points
    Fabian who works on the decrypters has been ill recently, but we are looking into this. Please be patient. Regards, Sarah
  37. 2 points
    Das Problem ist, dass keine Schutzsoftware Dir helfen kann. Wenn der Server aufgemacht wird, was bei TeamXRat, die Malware die dahinter steckt, der Fall ist, kann der Angreifer die Software einfach beenden oder die Malware erlauben. Ich hab die Malware kurz ueberflogen und sie sieht entschluesselbar aus. Falls das Loesegeld also noch nicht bezahlt wurde, dann kann ich mal schauen was ich tun kann.
  38. 2 points
    Zum AV-C Test: Bei dem Test gab es ein Problem mit dem Testsetup. Es ist nicht ganz klar ob entweder das automatische Testsystem von AV-C oder EAM versagt hat. Allerdings gab es 13 Samples die als nicht erkannt klassifiziert wurden. Weder AV-C noch wir konnten das Problem reproduzieren, weshalb nach einem Nachtest alle "misses" in "user decisions" umgeklariert wurden. Allerdings ist auch die Klassifizierung irrefuehrend. Das Problem ist, dass unsere Cloud die meisten Anfragen automatisch haette beantworten koennen. Allerdings wurden alle Nachtests ohne Cloud durchgefuehrt, weil wir halt schummeln und alle Dateien in der Cloud haetten Blacklisten koennen und AV-C keine Moeglichkeit hat, unsere Cloud zum Zeitpunkt des Originaltests zurueck zu drehen. Fehlalarme wurden durch Setups verursacht die Double Signed sind. EAM hatte in dem Fall Probleme die digitalen Signaturen korrekt zu erkennen. Das Problem wurde mittlerweile allerdings behoben.
  39. 2 points
    Ich kann diesen beinahe hysterischen Umgang mit dem Virenschutz ohnehin nicht nachvollziehen. Ich vertraue Emsisoft, weil es im Unterschied zu sehr vielen anderen nicht spioniert und keinen Crap mitinstalliert bzw. anbietet. Das ist fast ein - und mir persönlich sehr wichtiges - Alleinstellungsmerkmal. Außerdem arbeiten an der Software Menschen, da kann es durchaus vorkommen, daß jemand temporär mal ein Brett vorm Kopf hat, es urlaubsbedingt oder aus anderen Gründen (Todesfall) zu personeller Unterbesetzung kommt oder man kurz hinter einer Erkennungsrate herhinkt, weil da jemand bei XXX einen Geistesblitz hatte oder besonders empathisch war. In solchen Fällen wird dann schnellstmöglich "aufgeholt". Folglich kein Problem und bei jedem Hersteller so vorkommend. Außerdem soll und kann jeder Schutz ja auch nur "Spitzen kappen". In erster Linie ist bei jeder Maschine derjenige gefragt, der davor sitzt, also brain.exe. In Grunde hat dieses permanente Vergleichen der Tests mit etwas Abstand betrachtet so'n Beigeschmack von Pimmellängevergleichen - oder auch dieser Anspruch, daß Deutschland gefälligst die Goldmedaillen holen muß, das ist eine verzerrte Sicht aus der gleichen Ecke. Gelassenheit und ehrliche Fairness, daran mangelt's immer häufiger. Und das obwohl das ständige "cool" doch in aller Munde ist...
  40. 2 points
    Hallo und vielen Dank für die Anfrage bei uns im Support-Forum. Bitte vielmals um entschuldigung, bei einem Upgrade zu Emsisoft Internet Security wurde scheinbar die Rabattstufe nicht richtig auf den neuen Lizenzschlüssel übertragen. Ich habe das nun für Sie nachgeholt und eine Verlängerung mit angemessenen Kunden- und Mengen-Rabatt ist nun über unsere Verlängerungsseite möglich: http://www.emsisoft.de/de/order/renew/ Da das Lizenzende schon sehr bald eingetreten wäre habe ich die Lizenz ein wenig verlängert so dass genügend Zeit für eine Verlängerung übrig bleibt. Vielen Dank dass Sie unsere Softwarelösungen verwenden. Sollten noch weitere Fragen bestehen, so stehe ich gerne dafür zur Verfügung.
  41. 2 points
    just click the 'more reply options' button and attach any file to your post.
  42. 2 points
    Generell basiert der Mechanismus des Quarantaene Rescans darauf, dass wir Elemente in der Quarantaene nach jedem Update neu scannen. Sollte eine Datei dann ploetzlich nicht laenger erkannt sein, gehen wir davon aus, dass es sich um einen Fehlalarm handelte. Wir justieren Erkennungen konstant. Entsprechend kann es vorkommen, dass insbesondere bei Erkennungen, die von generischen Signaturen ausgeloest wurden, selbst kleine Modifikationen dazu fuehren, dass ein bestimmtes Sample einer Malware Familie nicht laenger erkannt wird. Falls man generell nicht moechte, dass EAM oder EIS die Quarantaene bei jedem Update neu scanned, dann kann man unter Einstellungen/Allgemein den Quarantaene-Scan von "Automatisch" auf "Kein erneutes Scannen" aendern. Haette sie definitiv. Tesla ist im Grunde nicht wirklich neu. Die ersten Versionen gehen auf Mai diesen Jahres zurueck. Das hier wuerde passieren, wenn man versucht TeslaCrypt auf einem von EAM or EIS geschuetzten PC auszufuehren: Sollte man die Cloud Unterstuetzung deaktiviert haben oder in dem unwahrscheinlichen Falle, dass die Cloud das Sample noch nicht kennt, dann bekommt man folgende Warnungen zu sehen: Erst nachdem man jede dieser Warnhinweise ignoriert und die weitere Ausfuehrung erlaubt hat, wird ueberhaupt irgendeine Datei auf dem PC verschluesselt.
  43. 2 points
    Similar issue here. I had strayed and had been using a trial of another product. Reinstalled the latest EMIS very early this AM - 3AM EST. Tonight I have been unable to download the 1 new Important Windows Update for 8.1. Have tried several times. Can see that there is zero incoming traffic. Finally get an error that Windows Update failed. I suppose it is possible that the issue is on the Microsoft side.
  44. 2 points
    Here's how to reset the Global Firewall Rules to factory defaults: Open Emsisoft Internet Security. Click on Settings in the menu at the top. Click on the Factory defaults button near the upper-right. Make sure that only the option labeled Global firewall rules is selected. Click the OK button to apply the changes.
  45. 2 points
    Dies ist die Kernaussage des m.M.n exzellenten Artikels auf der offiz. HP: http://blog.emsisoft.com/de/2015/06/26/antivirensoftware-schutz-fuer-ihre-dateien-aber-auf-kosten-ihrer-privatsphaere/ Ich finde, dieser wichtige Aspekt wird viel zu wenig gewürdigt, sei es in den Tests der ganzen Testinstitute, die meist nur nach Erkennung, Beseitigung und Performance unterteilen oder in den ganzen "Fach"zeitschriften wie computerbild oder chip, etc. Aber auch bei den Usern: Wenn ich mir anschaue, dass auf dem beliebtesten Donwload-Portal Deutschlands Avira über 400.000 Mal diesen Monat heruntergeladen wurde, dann muss man sich fragen, ob es den meisten Usern nicht schlichtweg egal ist, was mit Ihren Daten passiert oder sie wissen es erst gar nicht: Motto, Hauptsache, es ist umsonst. Erschwerend dazu kommt der Herdentrieb: Soviele User können sich ja gar nicht irren. Umsonst soll ja heute sowieso alles am besten sein; wer bezahlt die Malware-Analysten, die Developer, die an den Erkennungsroutinen und am Selbstschutz des Programms arbeiten, die normale Verwaltung und die angebundene Hardware/Server u.v.m? Das alles wird ausgeblendet. Wirklich umsonst ist heute fast nichts mehr, sei es Avast (in o.a. Artikel ja erwähnt), AVG (Toolbar) oder Avira - lange Jahre Ask-Toolbar in Verwendung, heute angeblich eine eigenständig entwickelte ("Hust"!). Hier bezahlt man m.M.n indirekt mit den persönlichen Daten. Ich finde, jede Software ist heute immer Vertrauenssache, das trifft vor allem auf AV Programme zu. In dem Kontext finde ich Emsisoft und seine Datenschutzpolitik klasse , neben der sehr guten Erkennung war das für mich das Hauptkriterium bei der Kaufentscheidung! Weiter so Emsisoft!
  46. 2 points
    We have offered it to some of our business contacts and we definitely wouldn't charge too much. But it's not only about compiling a set of code files. The product requires some online backend infrastructure that can't be developed within a few days. A good part of its power relies on the server side databases and algorithms that require ongoing maintenance and improvements. To be future proof, the product also requires some code changes. Just to name a few: IPv6, full unicode support, Windows 8 driver model changes, etc. These all are doable but not trivial I'm afraid. Only a very small number of software developers have the required skills to code firewall drivers that don't crash all day long. Based on our experience firewall development is one of the most challenging areas of software development you can think about. Windows API documentation is generally poor and you have to expect to find bugs in Windows that Microsoft doesn't even know about (had a few cases in the last year).
  47. 2 points
    Hello, Jenn Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. Please change your user name to something that is not your email address. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  48. 2 points
    If a license key for Emsisoft Anti-Malware is remapped more than 5 times in a day, then our system will lock out any further remaps for 24 hours. If you contact support, we can clear the mapping history manually if needed. In your case, this shouldn't end up being an issue.
  49. 2 points
    Hi und Herzlich Willkommen beim Emsisoft Support Forum! Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften) Starte jetzt FRST. Ändere ungefragt keine der Checkboxen und klicke auf Scan. Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop. Bitte beide Logfiles in der nächsten Anwort anhängen.
  50. 2 points
    Here are the reports. Also, received error report that C:\$mft is corrupt
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up