Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      711

    • Content Count

      12245


  2. Kevin Zoll

    Kevin Zoll

    Emsisoft Employee


    • Points

      282

    • Content Count

      18810


  3. Fabian Wosar

    Fabian Wosar

    Emsisoft Employee


    • Points

      272

    • Content Count

      4405


  4. Elise

    Elise

    Emsisoft Employee


    • Points

      261

    • Content Count

      8297



Popular Content

Showing content with the highest reputation since 06/13/12 in all areas

  1. 7 points
    Official word is, "yes". We will give free license extensions to anyone who upgraded to Windows 10 and was unable to use the firewall. Once the issue has been resolved, please either submit a support ticket in our helpdesk system, or send a Private Message on the forums to me (English Support) or Thomas Ott (English/German Sales). Be sure to mention that you would like to have your license extended due to the Windows 10 issues and include in your message any license keys that were in use on a computer with Windows 10. Feel free to link to this forum post if you would like to.
  2. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  3. 4 points
    Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <- Forum post at BleepingComputer.com How do I remove the ransomware? The STOP/Djvu decrypter will stop the ransomware from running so that it can't continue encrypting your files, however it doesn't completely remove the ransomware. Most Anti-Virus software will detect STOP/Djvu if you run a scan for it, however if you don't have Anti-Virus software installed then you can run a Malware Scan with Emsisoft Emergency Kit (free for home/non-commercial use). Note that formatting the hard drive and reinstalling Windows will also remove the infection, however this ransomware is particularly easy to remove, so if a computer is only infected with STOP/Djvu then formatting the drive would be unnecessary. Will removing the infection unlock my files? No. Your files are encrypted. This encryption needs to be reversed (via a process called "decryption") before your files will be usable again. This encryption cannot be removed or undone simply by removing the STOP/Djvu ransomware infection. The decrypter can't decrypt my files? In most cases this means you have an online ID. It could also mean your files were encrypted by a newer variant of STOP/Djvu. See below for explanations. Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. Why is the decrypter stuck on "Starting"? When you run the decrypter, it looks for encrypted files. It will say "Starting" until it is able to find some. If the decrypter remains stuck on "Starting" for a long period of time, then this means it is unable to find any encrypted files. Offline ID. When the ransomware can't connect to its command and control servers while encrypting your files, it uses a built-in encryption key and a built-in ID. Offline ID's generally end in t1 and are usually easy to identify. Since the offline key and ID only change with each variant/extension, everyone who has had their files encrypted by the same variant will have the same ID and the files will be decryptable by the same key (or "private key" in the case of RSA encryption). Online ID. In most cases the ransomware is able to connect to its command and control servers when it encrypts files, and when this happens the servers respond by generating random keys for each infected computer. Since each computer has its own key, you can't use a key from another computer to decrypt your files. The decrypter is capable of working around this with older variants as long as it has some help, however for newer variants there is nothing that can be done to recover files. Old Variants. Old variants were those in distribution until near the end of August, 2019. Our decrypter supports offline ID's for almost all older variants, and can decrypt files for those with offline ID's without needing any help. For online ID's, it's necessary to supply file pairs to our online submission form so that the decrypter can be "trained" how to decrypt your files. A list of extensions from older variants can be found at the bottom of this post. New Variants. These use a more secure form of RSA encryption. Support for some offline ID's has been added to the decrypter for newer variants, and support for new offline ID's will be added as we are able to figure out decryption keys for them. As for online ID's, due to the new form of encryption, there's currently nothing the decrypter can do to help recover files. Will it ever be possible to decrypt new variants with online ID's? That depends on whether or not law enforcement is able to catch the criminals who are behind this ransomware. If law enforcement is able to catch them and release their database of keys, then we can add those to our database for decryption. If you would like to report this ransomware incident to law enforcement, then please click here for more information. The more reports law enforcement agencies receive, the more motivation they have to track down the criminals. What is a file pair? This refers to a pair of files that are identical (as in they are the exact same file), except one copy is encrypted and the other is not. Our decryption service can analyze the differences between an encrypted file and an original unencrypted copy of the same file, allowing it to determine how to decrypt that type of file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back. File pairs only work for one type of file. Due to the way encryption works in STOP/Djvu, file pairs can only help the decryption service figure out how to decrypt one type of file. For instance, if you submit a file pair for an MP3 file, then the decrypter will be able to decrypt all of your other MP3 files, however it won't be able to decrypt any other type of file. There are some exceptions to this, such as certain newer Microsoft Office documents (such as DOCX and XLSX) since those files are technically ZIP archives. The decrypter can't decrypt all of my pictures even though I submitted file pairs for them? JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decrypter will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you've obtained those pictures from. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Is there anything I can do to help catch these criminals? The best thing you can do right now is file a report with your country's national law enforcement. There is more information available at the following link: https://www.nomoreransom.org/en/report-a-crime.html Extensions from older variants that the decrypter supports:
  4. 4 points
    Guten Tag, Wir haben mittlerweile mehrfach etabliert, dass Emsisoft nicht das Programm Ihrer Wahl ist. Sie haben sich bereits anderweitig ein Antivirus gesucht, dass auch noch dreißig weitere Funktionalitäten mitabdeckt. Fakt ist jedoch, dass viele Leute eben auch ein Antivirenprogramm suchen, dass nicht noch fünfzig Extras mitbringt, die man nicht will oder nicht braucht. Für diese Leute gibt es eben Emsisoft Anti-Malware und die meisten unserer Kunden sind mit der Tatsache, dass es eben 'nur' ein Rundumschutz für den Rechner ist und nicht mehr, zufrieden. Für all die angesprochenen Features - Passwortgenerator, Kinderschutz, etc - gibt es bereits gute Programme, die man sich bei Bedarf installieren kann. Viele Leute haben aber entweder keine Kinder oder wollen diesen den Zugang nicht beschränken, warum sollten wir diesen Leuten einen Kinderschutz mitinstallieren. Einige haben eben auch nicht RAM oder CPU im Überfluß, für diese Leute ist es noch ärgerlichr wenn das RAM durch ein AV belegt ist, dass aufgrund von ungenutzten Features die Ressourcen auffrisst. Fazit: Es gibt viele Antivirenprogramme, die die eierlegende Vollmilchsau sein wollen und versuchen alle Programme in einem zu vereinen. Es gibt User, die diesen Ansatz nicht mögen und nur ein Antivirenprogramm wollen. Nicht mehr. Für diese Leute gibt es, zum Beispiel Emsisoft Anti-Malware. Sie gehören nicht zu dieser Gruppe und das ist ok. Mit freundlichen Grüßen Kathrin
  5. 4 points
    Which for everything related to our core technologies (engine, behavior blocker, cleaning engine) would be me. Hi, nice to meet you! Next time someone looks strange at me for talking to myself I can now point them to this post and tell them you asked me to talk to me . Your argument is that we chose Bitdefender because it is "the best". Both Kaspersky as well as Avira consistently score higher in pure on-demand tests than Bitdefender does. If you consider PUP detection ESET is a superior contender as well. We considered all of them at one point or another but they were discarded for various reasons. The article is based on the submission we got through the "Submit information about detected Malware" option in all our products, which reports back meta data (infection names, number of infected objects) about all infections found by our products.
  6. 4 points
    Actually, there is a system behind it: My workstation computers are named after noble gases, like Krypton or Helium. Computers that I only use temporarily or belong to guests are named after transition metals like Titanium. Non-computer devices like smartphones are named after non-metals like Oxygen. All systems and VMs that are used for malware testing are named after radioactive elements like Uranium. Needless to say my WLAN and local workgroup is called "Periodic Table". And yes, I spent a significant amount of time coming up with that system and I am proud of it .
  7. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  8. 3 points
    Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Finding the right ransomware sample becomes infinitely more challenging when you deleted the infection and can't provide us with the ransomware. It is okay to disable the infection by disabling any autorun entries pointing to it or by quarantining the infection. However, it is important not to delete it from quarantine or to remove the malicious files right away without a backup. Disable any system optimisation and cleanup software immediately A lot of ransomware will store either itself or necessary files in your temporary files folder. If you do use system cleanup or optimisation tools like CCleaner, BleachBit, Glary Utilities, Clean Master, Advanced SystemCare, Wise Disk/Registry Cleaner, Wise Care, Auslogics BoostSpeed, System Mechanic, or anything comparable, disable those tools immediately and make sure there are no automatic runs scheduled. Otherwise, these applications may remove the infection or necessary ransomware files from your system, which may be required to recover your data. Create a backup of your encrypted files Some ransomware has hidden payloads that will delete and overwrite encrypted files after a certain amount of time. Decrypters may also not be one hundred percent accurate, as ransomware is often updated or simply buggy and may damage files in the recovery process. In those cases, an encrypted backup is better than having no backup at all. So we urge you to create a backup of your encrypted files first, before doing anything else. Server victims: Figure out the point of entry and close it Especially recently we have seen a lot of compromises of servers. The usual way in is by brute-forcing user passwords via RDP/Remote Desktop. We firmly suggest you check your event logs for a large number of login attempts. If you find such entries or if you find your event log to be empty, your server was hacked via RDP. It is crucial that you change all user account passwords immediately. We also suggest to disable RDP if at all possible or at least change the port. Also, it is important to check all the user accounts on the server, to make sure the attackers didn't create any backdoor accounts on their own that would allow them to access the system later. Figure out what ransomware infected you Last but not least it is important to determine what ransomware infected you. Services like VirusTotal, which allows you to scan malicious files, and ID Ransomware, which lets you upload your ransom note and encrypted files to identify the ransomware family, are incredibly useful and we will probably end up asking you for the results of either of these services. So by providing them right away, you can speed up the process of getting back your files. If you struggle with any of these points, please feel free to ask for help. Our ransomware first aid service comes with no-strings-attached and is free for both customers and non-customers.
  9. 3 points
    Please note that Emsisoft Anti-Malware for Windows XP hasn't been updated (as in program updates) in over 2 years, and we never intended on continuing long-term database update support for it. In fact, we discontinued our own database updates for it over a year and a half ago, and those still running Emsisoft Anti-Malware on Windows XP have only been receiving BitDefender database updates. We've decided that it is time to stop redistributing those BitDefender updates for Windows XP, as all they are doing is giving those on Windows XP a false sense of security. In addition, it is extremely dangerous to continue using Windows XP. It has (for several years now) had well-known and major security vulnerabilities that Microsoft will never fix. These vulnerabilities make it trivial to infect a Windows XP system, and there is no security software in the world that is capable of preventing it. We can not, in good conscience, continue to provide any support for this version of Windows, as we announced on December 31st, 2015: https://blog.emsisoft.com/2015/12/02/why-we-believe-its-not-ethical-to-sell-antivirus-software-for-windows-xp-any-longer/ We highly recommend that you upgrade to a newer Operating System that is still supported. It doesn't matter if that's a newer version of Windows, or something free like Linux or BSD, as long as you'll be receiving security updates from whoever makes it. New vulnerabilities are discovered almost every day for every major Operating System (Windows, Linux, BSD, MacOS, Android, etc) so it is absolutely critical that you are able to receive security updates from whoever made the Operating System to help keep you and your data safe.
  10. 3 points
    Wenn alle Features eingebaut würden, die Galaxy wünscht, dann würde ich EAM sofort deinstallieren. Ich mag das Programm so wie es ist und hoffe, das bleibt auch so.
  11. 3 points
    Is this working OK now for everyone else? If it is, then there's no need for any more logs. All we needed was a traceroute to send to our CDN provider to help in identifying the server that was having the issue, and I managed to get one of those the other day.
  12. 3 points
    @achtsam Es wird eher langsam Zeit, dass Du deinen privaten Kreuzzug einstellst. Das nimmt ja wirklich paranoide Züge an.
  13. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  14. 3 points
    Today, we've received information that our Dutch team member Rob R. passed away yesterday afternoon, after suffering from an unexpected heart attack last Wednesday. Rob was our lead software tester and we always admired him for his special eye to track down the most tricky bugs. He joined our team more than five years ago by voluntarily sending over a brand new and complete Dutch translation of our software. Shortly after he initiated our efforts in offering physical delivery of our software on CD boxes and USB sticks. He also demonstrated a great interest in testing security software which recently led him to becoming our lead tester for Emsisoft Anti-Malware and Emsisoft Internet Security. Rob will truly live on in our memories as a valued team member and friend.
  15. 3 points
    Hardik587 You are indeed becoming most wearisome. There is an old expression among diehard Texans. "No matter how much you kick a dead horse it won't get up" This is exactly what you are doing.
  16. 3 points
    Hello, please send me your license key via PM (personal message). I will add some days to your key as a sign of goodwill.
  17. 2 points
    We can take a look at it if you find it again, however it's more than likely that each computer will require a different private key to decrypt files, and thus the decrypter will only work on a specific computer.
  18. 2 points
    Password protected archives work, as long as the password isn't posted with the link. Personally I prefer malicious files to be uploaded to VirusTotal and the link to the analysis posted, as we can download from VirusTotal but the average person who comes across our forums can't. Just keep in mind that all it takes to be allowed to download from VirusTotal is a premium account there, so technically anyone can get access to download files and thus you don't want to upload anything confidential there. We've started an analysis on it as well, however I don't think our malware analysts have had a chance to finish yet. I'll pass your links on in case they come in handy.
  19. 2 points
    Such tests aren't reliable. They aren't actually malicious, and may not be blocked by our Behavior Blocker like real ransomware would.
  20. 2 points
    I am running decrypter in every 2 days. I hope...! I will have my files decrypted one day soon. I hope...! :) Thank you
  21. 2 points
    @m2413 and @Juroan24 private keys for offline ID's are added to our database once we are able to find them. Just run the decrypter once every week or two in order to see when we've added the private key for your variant.
  22. 2 points
    We just added the private key for .reha offline ID's on Thursday, which is why it suddenly was able to decrypt your files. Thanks for letting us know that it worked. 👍
  23. 2 points
    As the FAQ clearly states, you have an online ID, and it is not decryptable. Only the criminals have your key.
  24. 2 points
    @ferko85 Let’s deal with the active malware infection before attempting to recover your files. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt
  25. 2 points
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  26. 2 points
    That's an offline ID. Support for it should be added to STOPDecrypter soon, and once that happens it should be possible for you to decrypt your files.
  27. 2 points
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  28. 2 points
    I could only confirm David's post - on both my computers with Comodo (Win 7 64 bit, SSD HDD - as this probably had some impact on that unpleasant EAM behaviour) I switched to stable version and all seem to work. So yes, the problem with Comodo on some comps is probably over. I want to add my two cents to discusion above. I work with computer more than 25 years. A lot years ago I worked as programmer. This is all over now (even as I sometimes write a few lines of code in php and MySQL). My main work is with graphics software, but for a few of my customers I do also some kind of computer servis. Not that I'm any expert in LAN's or such but I could help individual users with some computer problems. So my computer knowledges are a little bit above standard. Usually I could help myself with any and all hardware or software troubles, but this time it was very frustrating and it took me a lot of precious time (which I should have spent differently) to revert my work and home computers back to working state. And it was because of EAM "no user asking" PROGRAM update (unfortunately it even didn't create system restore point - why this isn't standard upon bigger program update is above my understanding). This is why I ask you for avoiding such program behaviour. I understand your points but you should hear our opinions also. Maybe it's not wise to let some users decide about something they don't understand but I don't ask you to do this. You can let default EAM settings on stable version update but I'd appreciate the possibility for some of us to switch off this behaviour. Why couldn't you add to setup/actualization menu two choices: 1) update program without asking user 2) update program only after user confirmation? First choice could be the default one - I don't care. This would be enough. And (not only) after this experience I'd immediately switch it to the "update program only after user confirmation". And a few words to Neneduty post: no, I won't uninstall ANY of my programs only because ANY antivirus software couldn't work with it. All programs are in my computers for good reasons (this is true especially for Comodo firewall). This could end that Emsisoft (or any other antivirus producer for that reason) could ask me not to use my graphics programs, because they could be in conflict with EAM (btw. there was situation Adobe Acrobat didn't start because of conflict with EAM one time - I resolved it with Emsisoft help then - fortunately Emsisoft helpdesk didn't want me to uninstall it :-) ). Antivirus software is in any computer to help not to be infected by computer virus; it's not there to block users to work with their programs... Any other debate about this is ridiculous. Uffff. Enough from me.
  29. 2 points
    We had to turn off XP updates because the latest scan engine and its signatures are no longer compatible with it. Instead of pretending that we could protect you from malware (which we effectively can't because XP is full of holes and flaws that aren't gonna be fixed at all) we would rather strongly recommend you to upgrade your computer. If that is for any reason impossible and means that you can't use our software anymore at all, we're happy to issue a refund for the remaining period.
  30. 2 points
    Thanks Umbra. I've also done step 2, and I suspect your right that is good enough.
  31. 2 points
    Just for fun (and reference) I took a screenshot of the visitor stats from my own private server. The screenshot is censored so it doesn't show IP addresses, the names of files visitors accessed, or what websites they were referred from. Here's a link if anyone wants to see it: https://www.gt500.org/images/http_stats.png This is just general statistics compiled from server logs, and you can actually get a little more information than what you see there from those logs. I guess what I'm trying to say is simply that if website owners really want to track you, they don't don't need Google or other analytics services to do it. Especially since there's no way to prevent the server from logging all of this data (since the servers do that automatically and have access to all of that data when your web browser loads anything from the server). If this is something you're concerned about then TOR, VPN's, and Virtual Machines are going to do you much more good than worrying about what "trackers" are being used by any individual webpage. TOR and VPN's help keep your IP address private and make it very difficult to determine where you actually are, and of course Virtual Machine's give a generic system for you to browse on and you can restore to a snapshot to reset everything to the condition it was in before you started browsing. Some things may be unique to your Virtual Machine, such as the combination of your CPU and the amount of RAM and disk space, so in theory it would still be possible to "fingerprint" it, however does it really matter if a website "fingerprints" a Virtual Machine (especially when they can't determine the geographical location)? Also note that "browser fingerprinting" isn't something that I tend to worry much about. It's unfortunate that it's possible, but it's also benign in the vast majority of cases, and the lengths you have to go to in order to prevent it are... well... more that I would be willing to do for something that isn't going to effect me enough for me to care. uBlock Origin blocks most advertising and tracking stuff, so the amount of money that advertisers can make by "fingerprinting" my browser and targeting me is minimal, and if the NSA wants to monitor me then I expect the only way to truly prevent that is to live in a lead box and never connect to the Internet again.
  32. 2 points
    Wenn man seriöse Seiten aufruft, Programme nur aus verlässlichen Quellen verwendet und installiert und auch mal liest was da bei einer Installation alles so steht und an Haken gesetzt ist, dass Gehirn einschaltet und auch nicht immer alle Links in E-Mail anklickt, dann ist man EAM bestens gerüstete! Denn die Router Firewall sollte ihren Dienst auch ausreichend verrichten. Ich verwende seit 2006 keine Firewall mehr, wie z.B. Zonealarm und habe seit dem auch nicht mehr Probleme, im Gegenteil, dass System läuft wesentlich flüssiger! Im großen und ganzen muss man feststellen, dass Emsisoft seine Hausaufgaben sehr gut erledigt, auf Kunden Beanstandungen Zeitnah reagiert und vor allem im direkten Kontakt zum Kunden steht! Dass kenne ich von keinem anderen Hersteller und ich habe schon viele AV-Programme getestet! Von daher sollte man sich ernsthaft überlegen, ob man Emsi verlassen sollte.
  33. 2 points
    Arbeite doch einfach selbst Deine Profilneurose auf, oder suche Dir professionelle Hilfe. Ich bin ziemlich sicher, daß das Sammeln von likes und dislikes Dir nicht wirklich weiterhelfen wird...
  34. 2 points
    From (very) humble beginnings in a Windows XP Service Pack update, the Windows Firewall has evolved into a capable security tool. Today, its performance is on par with – if not better than – any modern third-party desktop firewall on the market. In light of this, and after a lot of careful consideration, the Emsisoft team made a very conscious decision to rely on the Windows Firewall moving forward, which ultimately led to us merging Emsisoft Internet Security with Emsisoft Anti-Malware. This will allow us to concentrate our efforts on building a bulletproof product while using our Behavior Blocker technology to further strengthen the already rock-solid Windows Firewall. To put it simply, using Windows Firewall in conjunction with Emsisoft Anti-Malware will provide better protection for our users, and that is our number one objective above all else. Since our announcement of the Emsisoft Internet Security and Emsisoft Anti-Malware merger, we have received a lot of positive feedback. However, we also got a lot of questions. We want to take the time to answer the most frequently asked questions in a bit more detail: So are you going to remove the firewall completely? The answer to that question is not as simple as it may seem at first. Firewalls are usually divided into two parts: A so-called packet filter, which usually deals with incoming packets and is therefore often called an inbound firewall; and an application filter that deals with applications wanting to access the network or internet, which is why it is often also referred to as an outbound firewall. Emsisoft Anti-Malware has always had an application filter as part of its Behavior Blocker and that will continue to be true. The difference between the outbound firewall in Emsisoft Anti-Malware and Emsisoft Internet Security is that the former makes decisions autonomously, while the later, at least in theory, allowed you to also use your manual rules. In practice, the default for Emsisoft Internet Security was to automatically allow all outbound connections and the majority of all our users never changed it. Why did you make the change? Was Emsisoft Internet Security less secure than the Windows Firewall? No. All firewalls on modern versions of Windows are based on the same technologies provided by Microsoft. In addition, inbound firewalls in particular are incredibly straightforward to implement, as they only block or allow access based on simple rules. That is why there is absolutely no difference in protection provided between any of the inbound firewalls on the market, including the Windows Firewall. However, the Windows Firewall does have some benefits: Support for Windows Networking like Home Groups is a lot better in the Windows Firewall out of the box. There is no need to tweak any rules manually as was often the case for Emsisoft Internet Security. It is easier to use. This is mostly because third-party applications will take care of creating all necessary firewall rules for you. That is not an option that Emsisoft Internet Security could provide, as most software vendors don’t care about third-party firewalls. The Windows Firewall also provides much better compatibility. Third-party software vendors usually test their products with the Windows Firewall as it is part of Windows, but almost never test their product’s compatibility with aftermarket firewall products. Last but not least, the Windows Firewall also provides a lot more configuration possibilities to expert users and allows for much more complex rulesets than the inbound firewall offered as part of Emsisoft Internet Security. But there are also a couple of disadvantages, which is where Emsisoft Anti-Malware 2017.8 comes in: Intelligent outbound firewall: The outbound firewall part of the Windows Firewall will by default allow every application to connect. This behaviour is actually identical with Emsisoft Internet Security, which also allowed any application to connect to the network or the internet unhindered by default. While both products can be manually configured to block programs from accessing the internet, most users don’t want to deal with this responsibility. This is where the intelligent outbound firewall that is part of our Behavior Blocker comes in, which will prevent malicious applications from communicating with the internet automatically while not getting in the way of benign applications. Enhanced malware protection: The Windows Firewall on its own does not provide any protection against more sophisticated attempts to bypass its outbound firewall through advanced techniques like code injection. Code injection essentially allows malware to take over a trusted program in order for its internet communication to pass through the firewall unhindered. Again, the Behavior Blocker in Emsisoft Anti-Malware is incredibly good at detecting and preventing these kinds of attacks. Windows Firewall Fortification: The functions Windows Firewall provides to software vendors to automatically create rules for their applications in the Windows Firewall for ease of use are also pretty much unprotected. That means that malware can and does create rules for itself automatically. In version 2017.8, we extended our Behavior Blocker technology to protect the exposed Windows Firewall functions from malicious usage. This gives you control over which of your applications are allowed to create Windows Firewall rules for you and which aren’t. This is what we refer to as “Windows Firewall Fortification”. To sum things up, for inbound filtering, the Windows Firewall is just as solid a choice as any other firewall product on the market, including Emsisoft Internet Security. It provides better compatibility and is easier to use for the majority of users. Its drawbacks mostly revolve around its outbound filtering capabilities, which are perfectly complemented by the enhanced Behavior Blocker that is part of Emsisoft Anti-Malware 2017.8 and later. Where can I find the new Windows Firewall Fortification options? The new options are part of the Emsisoft Anti-Malware Behavior Blocker. As such, you can find them under Protection/Application Rules: In addition, whenever the Behavior Blocker sees any application it doesn’t know to be trustworthy attempting to create new firewall rules or change the firewall status, it will attempt to auto-resolve the situation by blocking the attempt: If you have auto-resolve disabled, it will simply ask. Where can I find the “advanced configuration possibilities” you talk about? My Windows Firewall only has a couple of options! The default dialog to configure the Windows Firewall can be incredibly deceptive at first. The advanced configuration dialog is stashed away behind an innocuous looking link in the normal Windows Firewall configuration dialog: Windows Firewall dialog with link to Advanced settings Clicking that link will expose the real configuration of the Windows Firewall where you have full access to all the rules it adheres by. That looks awfully complicated. Are there easier methods? There exist a slew of additional applications that sit on top of the Windows Firewall and attempt to enhance it by making rule creation and management easier. Some of the most popular are: TinyWall (Free) – http://tinywall.pados.hu/ Windows Firewall Control (Freemium) – https://www.binisoft.org/wfc.php Glasswire (Paid) – https://www.glasswire.com/ That being said, we think that the majority of users probably won’t find these tools to be necessary. That is also why we decided against creating our own Windows Firewall front-end and focus our development efforts on improving the complementary and enhanced technology in our Behavior Blocker instead. So what do you recommend I should do? We strongly believe that the combination of Emsisoft Anti-Malware and the Windows Firewall is the best option for almost every user. For the past 12 years while developing our product, we used this exact combination in all of our internal performance evaluations of our technology. Our malware research team works hard to make sure that even the most advanced threats are blocked immediately across all our products. So yes, Emsisoft Anti-Malware blocks the same malware that Emsisoft Internet Security blocks out of the box – no configuration, paying extra or jumping through hoops needed. If you do feel the need to make sure that certain legitimate applications can’t access the internet, the Windows Firewall does offer the ability to do so via its Advanced Settings. If you find that method to be too inconvenient, going with one of the many front-ends may be an option for you. We do know that a small minority of Emsisoft Internet Security users believe that the Windows Firewall must have backdoors implemented by Microsoft to allow them to spy on their users. In all our research, we haven’t found one and neither have hundreds of other security professionals that constantly review Windows for possible backdoors and vulnerabilities. We also think it is important to keep in mind that every single firewall product for Windows Vista and later uses the very same frameworks to implement packet and application filtering. There is no difference between the Windows Firewall, Emsisoft Internet Security and any other third party firewall from a technical point of view. If Microsoft were to backdoor their products to allow unhindered communication, this backdoor would probably be part of the Windows Filter Platform or the NDIS Lightweight Filter Framework, which are the underlying technologies all firewall products are built upon, and affect every firewall product equally. If you still prefer to use a firewall product other than the Windows Firewall, we recommend you contact the software company creating your new firewall product of choice beforehand to ask them whether they implement their own firewall or rely on the Windows Firewall as well. Most firewalls and internet security suites dropped their own implementation in favour of the Windows Firewall many years ago. So we suggest you ask them first to make sure you don’t end up with a Windows Firewall front-end instead. Do you have more questions? Post them in the comments and we’ll answer them. Have an excellent (malware-free) day! View the full article
  35. 2 points
    Ah, I see everyone already saw the stable build. You're welcome.
  36. 2 points
    It doesn't matter if it is securely transmitted or not. Your browser decrypts the HTTPS traffic when it is received, so the file would be saved in its original form, and our protection would catch it either way. HTTPS (secure connections) are only intended to keep information being exchanged over the Internet private. For instance, if you do a search on your favorite search engine, and the connection to their website uses HTTPS (and thus is secure), then when the NSA records the data that is sent from your computer to the search engine tell it what you want to search for, that data is encrypted, and thus the NSA can't actually tell what you searched for if they were to review the data they had collected (obviously they may have other ways of finding out, but at least they can't get it from the HTTPS traffic). Of course, I'm using the NSA as an example due to the various leaks revealing that they record everything that is transmitted across the Internet. The original purpose of HTTPS was to secure online purchases and other information you submit to websites from criminals snooping on data sent across the Internet. If malware is downloaded over a secure connection, then all it really does is keep anyone from snooping on your Internet traffic (or government agencies recording everything you do online) from seeing what you downloaded. That sort of thing would generally be done either with malicious extensions, or some sort of malicious program on your computer. If there is something malicious on your computer, then everything is compromised, and not just a single tab. Note that most modern browsers (except maybe Firefox) have a sandbox for each tab in the browser, which should isolate the tabs from each other. I have never saw these words before and do not know what they are . ClassicShell is a program for Windows 8, Windows 8.1, and Windows 10 that adds the classic Windows 7 Start Menu to these newer versions of Windows. AmmyAdmin is a remote access software similar to TeamViewer. There are testing organizations/companies that will test websites for security problems periodically, and some website owners will sign up for those services to ensure their websites are secure. With paid services the website owners are usually allowed to put some sort of graphic on their website that links back to the latest test results to allow visitors to verify whether or not the website is secure. If you see one of those graphics on a page, and can click on it to verify that it is valid, then the website is more than likely secure. If there is no such graphic on a website, then there will be no publicly available way to verify the website is secure, however this does not mean the website unsafe. As an example, GT500.org doesn't have a graphic/button/etc. that you can click on to see if the website has been tested, however it is tested weekly for security vulnerabilities by Beyond Security and is almost always given the highest possible score (when it isn't, any security issues are dealt with quickly).
  37. 2 points
    The secure connection (HTTPS vs HTTP) has nothing to do with whether or not the website is secure. It has to do with whether or not your connection to the website is secure, which is intended to prevent snooping on communication between you and the server more than it is anything else. Man-in-the-middle attacks can still expose the contents of secure connections, but if a website is configured correctly then it is extremely difficult to do that. A hacker can compromise a website and replace legitimate downloads with infected copies, and this has happened before (ClassicShell and AmmyAdmin are a couple of examples). With popular software (7-Zip for instance) there shouldn't be a BB alert, since it would be trusted by our Anti-Malware Network. With less popular software, it does become more problematic, however a user can search for the SHA-1 hash provided in the alert and try to find information about the file in question.
  38. 2 points
    Vielen Dank für die Antwort. Ein Lösegeld ist geflossen, aber die Entschlüsselung funktioniert nicht sauber. Am Ende der meisten Dateien bleiben Codereste übrig, die natürlich die Funktion des Systemes stark einschränken und die ganze Aktion ist für die Katz. Ich kann die Dateien teilweise per Hand bereinigen, aber das ist keine Lösung. Sollte eine saubere Entschlüsselung möglich sein, wäre ich sehr dankbar, da sonst alle Patientendaten einfach mal weg sind. Das wäre ein Totalschaden. Im Moment setze ich das System neu auf und versuche die Oracledatenbank wiederherzustellen und brauchbar zu machen. Wenn es von Interesse ist, kann ich die Entschlüsselungsdatei zur Verfügung stellen. Aber bei diesem Trojaner ist eine Zahlung sinnlos.
  39. 2 points
    Das Problem ist, dass keine Schutzsoftware Dir helfen kann. Wenn der Server aufgemacht wird, was bei TeamXRat, die Malware die dahinter steckt, der Fall ist, kann der Angreifer die Software einfach beenden oder die Malware erlauben. Ich hab die Malware kurz ueberflogen und sie sieht entschluesselbar aus. Falls das Loesegeld also noch nicht bezahlt wurde, dann kann ich mal schauen was ich tun kann.
  40. 2 points
    That would help in this particular instance (alerts during an uninstall), however every rule that exists can decrease performance, so rules are generally not kept if they are not needed.
  41. 2 points
    hi, as you know Online Armor and the latest Emsisoft Internet security v9 can't be installed when Virtual box is present (it will generates a BSOD) ; so there is the procedure to to have them both. If Virtual Box is not installed yet (and was never installed) 1- Install OA/ EIS 2- install Vbox If Virtual Box was installed before but removed 2- open "Regedit" (via Run) 3- check this registry key : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt 4- if it's still present, delete it 5- reboot (not necessary, but better if done) 6- install OA/EIS 7- install Vbox If Virtual Box is already installed 1- uninstall Vbox 2- open "Regedit" (via Run) 3- check this registry key : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt 4- if it's still present, delete it 5- reboot (not necessary, but better if done) 6- install OA/EIS 7- install Vbox hope this will help you note: i did this procedure since ages so it really works ^^
  42. 2 points
    Yes, this is normal. It's possible that there may be something we can do to prevent the extra notification, so I'll talk to our QA team and see what they think about this.
  43. 2 points
    We have made a workaround for the above mentioned incompatibility. If you are experiencing the above behavior, please try the following build (no need to uninstall first). HitmanPro.Alert 3.1.7 Build 357 PreRelease Changelog Fixed incompatibility with Emsisoft Internet Security 11.0.0.6131Download http://test.hitmanpro.com/hmpalert3b357.exe Please let me know if this update fixes the incompatibility.
  44. 2 points
    You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
  45. 2 points
    I appreciate the honesty but I hope you understand that a bug like this needs to be fixed on top priority. It prevents the download of critical updates unless the Firewall is deactivated but deactivating the firewall can make the system vulnerable. I mean an issue as critical as this should be treated as soon as possible.
  46. 2 points
    Hallo, Ja das ist kein Problem. Vermieden werden sollte lediglich zwei Desktopfirewalls parallel zu installieren. Zum Beispiel Emsisoft Internet Security und Bitdefender Internet Security gleichzeitig zu installieren. Sollten weitere Fragen bestehen kontaktieren Sie uns bitte erneut.
  47. 2 points
    We have offered it to some of our business contacts and we definitely wouldn't charge too much. But it's not only about compiling a set of code files. The product requires some online backend infrastructure that can't be developed within a few days. A good part of its power relies on the server side databases and algorithms that require ongoing maintenance and improvements. To be future proof, the product also requires some code changes. Just to name a few: IPv6, full unicode support, Windows 8 driver model changes, etc. These all are doable but not trivial I'm afraid. Only a very small number of software developers have the required skills to code firewall drivers that don't crash all day long. Based on our experience firewall development is one of the most challenging areas of software development you can think about. Windows API documentation is generally poor and you have to expect to find bugs in Windows that Microsoft doesn't even know about (had a few cases in the last year).
  48. 2 points
    Yes, the setup files support a commandline parameter to change installation directory: /DIR="x:\dirname"
  49. 2 points
    Nee, alles in Ordnung Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm. Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten starte den Rechner einfach neu. Dies sollte das Problem beheben.
  50. 2 points
    This isn't really an issue in our case as we only use the Bitdefender scan engine and signatures and added all our improvements like anti-rootkit technology, behavior blocking, the Emsisoft scan engine etc. on top of it. So even if malware authors patch Bitdefender detections, it doesn't mean one of our other detection layers won't catch it. To get an idea on how efficient our added technology actually is just take a look here:
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up