Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      44

    • Content Count

      9392


  2. Thomas Ott

    Thomas Ott

    Emsisoft Employee


    • Points

      10

    • Content Count

      1230


  3. Elise

    Elise

    Emsisoft Employee


    • Points

      8

    • Content Count

      8116


  4. Fabian Wosar

    Fabian Wosar

    Emsisoft Employee


    • Points

      8

    • Content Count

      4403



Popular Content

Showing content with the highest reputation since 10/31/18 in all areas

  1. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  2. 2 points
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  3. 2 points
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  4. 2 points
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  5. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  6. 2 points
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  7. 2 points
    > Thanks how do I turn off the notification please ? See: Settings - Notifications - Browser Security verifications
  8. 2 points
    Hello, This is legitimate. You can read more about it here: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  9. 1 point
    [!] No keys were found for the following IDs:[*] ID: kdKoug7mCqSlGVQyBnLCBiCVzGFqKASgYnaVFcph (.roldat )Please archive these IDs and the following MAC addresses in case of future decryption:[*] MAC: 8C:16:45:3D:C1:B6[*] MAC: B2:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:24This info has also been logged to STOPDecrypter-log.txt
  10. 1 point
    First of all I like to thank Emsisoft for the fine decryptor offerd, it was good feeling to have the date restored. In this contribution I want to reflect on how (in my opinion) to avoid further attacks on the NAS Synology as well as how to back-up when not using ‘cloud’ options. As Amigo said: Having done my homework now, I think those machines are not defenseless, but they are sold with all doors open, furthermore it takes knowledge to find the doors, windows, escapes etc. Unfortunately the helpdesk to my experience (in many ways) was not always helpful. Anyway no (relevant) update has been provided since December 2018. Checking the system As a general remark I have found no (new) traces of intrusion other than I have reported before. So let’s start with that. From package center you are able to install “Antivirus Essential”, which allows you to do a system-scan on the DSM software. As a nice to know: In case you want to deïnstall any package/program, you will first have to select (double click on a installed package) which brings you to a separate menu, where you can select delete from a dropdown. Please know, that a complete scan by antivirus includes all data could take days or weeks, but that could also be done using a regular antivirus scanner. A system scan however can be scheduled on a daily basis. I am not sure/doubt whether that the scanner will detect uninfected programs not installed by yourself and not been published by Synology and its partners, but I assume it will detect infected files. Secondly you would like to check the published cron-job’s. Those will be found in the control panel as task-manager. In that task-schedular you will find DSM auto-update and maybe some other tasks. Unfortunate you will not find all tasks. For instance a scheduled Antivirus scan will not appear. Also do check your access-logs as I wrote on April, 26th in this blog. I’m afraid there is no other opportunities available to check the system. Prevention The most important probably is to block guest account, check my message on April 18th. Moreover, one should avoid to use regular user names such as ‘guest’, ‘admin’ or ‘user’, those names are vulnerable in general, I have noticed some hacking attempts using those names. Then open “Security Advisor” from the programs (check the most left up icon to find all your programs) and directly go to the advanced settings. Here you probably will find that the setting is set to ‘home and personal use’, which offers only restricted protection. I like to suggest to change that to custom and then select all items, to allow you to evaluate in a further phase what protections does make sense for you. Now you go back to the main screen (Overvieuw) of the security advisor and press scan to see whether your protection is good. The Security Advisor will then make suggestion what to change and where to find relevant settings for your system. It will guide you to find-out which port-numbers to change, whether your passwords are good enough, and much more. A special attention I want to draw when using the NAS on internet. I would feel like not doing that, but if you do so, It is wise to have dedicated users for the internet usage, which users you should set to double verification when connecting such as pin-code verification via SMS or email, further it is wise to use encryption during data transfer, preferable by installing a valid certificate on your system. All those features are available on the NAS but they have to be activated by yourself. The general settings of Synology will give you a maximum access as easy as possible, but that will make it for others easy as well. For more info on this subject check the Synology website. You also want to check the firewall, which you can find in the configuration screen, item Security. I mention this point separately from the Security Advisor, because at this point the guiding is not as good. To use the firewall, you have to switch it on, and moreover you have to make your own firewall-rules. Again, don’t assume that default rules are good enough. So select a custom profile for the firewall profile and press the button change the rules. Relevant rules can be altered by selecting LAN on the up right dropdown. Now when you choose not to access your NAS via Internet I would recommend to close the ports for NTP-service, Bonjour, FTP, ATP, CIFS, NFS, Telnet and SSL. Those ports should be closed for all IP addresses ranging from 1.0.0.0 to 223.255.255.255 but not for those IP addresses (range) specifically used in your own network. B.t.w.: the NAS will not allow you to exclude yourself as long as you are logged in. Finally you want to be informed in case anything unexpected has happened. You can do that by configure your email account in the settings for e-mail which can be found from control panel, messages. Indeed you can select which type of messages you want receive and which not in the tabsheet advanced. Back-up When deciding not to use the internet for back-up one can use several external USB-drives to have a program for backups on save places and manual rotations. For this old school solution I have used Hyper-Backup, which can be installed from the package center. Hyper-backup allows you to have a time-machine file management, to compress data and avoiding duplicated data as well as it allows to encrypt the data. Encryption is a good idea as you (should) carry the USB disks to different locations. You then will require a password which generates a RSA-key, which password and/or key you need to store in a proper way to have an orderly future access to your data. Hyper-backup has a good interface. To have a back-up choose ‘local map & USB’, and then select as shared map the applicable USB-drive and the name of the backup. For each back-up drive you should choose a different task and a different name, as you then can continue with the other backup settings and finally the initial backup. As a consequence of compression, encryption etc, that initial backup could take several days. Of course the succeeding incremental backups are much quicker. So the next initial backup disk you want to increase the speed. This can be done by copying the data form one disk to another, where you only copy all data from that map in the root which carries the name of that backup you placed on the drive. On the new drive you will than change the name of that map to the new backup name. When now making a new backup task, again choose ‘local map & USB’ but then do not use standard the radio-button selection ‘make backup task’ but select ‘link to an existing backup task’. From here you select the new USB drive and the newly made map containing the initial or progressed backup data. You than have an initial backup right from the beginning. Summery The possibilities for checking the actual health of the system are available but this could be insufficient. Nonetheless, good methods for protecting the system exist, where the Security Advisor is essential to find the right protection. However, it requires the user not to rely on any default settings of Synology which in general can be described as week. Many Back-up solutions are offered including the ones which are off-line. Bottom-line there still is room to improve the product to make it more secure to a non-specialized public. To me it appears the message Synology send to us is: "We don’t care".
  11. 1 point
    He said that while he did add detection to try to keep people from using keys that are not correct for their encrypted files, he also said that it is technically still possible to get the decrypter to allow you to enter an incorrect key and end up with corrupted files. Nothing is completely foolproof, after all.
  12. 1 point
    This is going to be a difficult one, because I see multiple ID's in that screenshot, and none of them are the one from the ransom note you attached to your post. Would it be possible to attach a copy of STOPDecrypter-log to a reply so that we can see all of the ID's?
  13. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  14. 1 point
    Hallo darktwilight, vielen Dank für die Rückmeldung. Sehr gerne. Alles klar, ich melde mich dann auch gleich noch einmal via privater Nachricht.
  15. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Actually, Demonslay335 told me earlier today that he already helped you, so you should be good to go. If you need anything else, then please let us know.
  16. 1 point
    Yes, all these actions have already been done, access to SAMBA on the router is closed, Guest's account too. The Synology software has always been updated on a regular basis - but that did not help - unfortunately, as you can see. So I am waiting for information and advice on how to decode these files - I will be grateful for your help.
  17. 1 point
    Hmmm. Well - it wasn't me. Maybe I accidentally violated an Emsisoft Forum policy inadvertently? DECRYPTION TESTS WERE SUCCESSFUL!!! If anyone is reading this into the future, I would say that you should heed GT500's advice to check out Bleeping Computer - and reach out to Amigo-A because he understands the product that decrypted for me. The advice on this forum started me on the path to a solution. I can't thank everyone here enough!
  18. 1 point
    Hello everyone, We would like to inform you that due to a corrupted MySQL database we had to restore a recent forum backup. This means that all changes made since 2019-04-25 at 18:08:37 UTC have been lost. This includes among others: Posts, topics, registrations and profile changes. We apologise for the confusion and inconvenience this may have caused you.
  19. 1 point
    To add to what Amigo-A said, your ID doesn't appear to be an offline ID, so the chances of being able to decrypt your files is slim. That being said, if you download STOPDecrypter, run it, and copy and paste the ID and MAC it gives you into a reply then I can forward them to the create of STOPDecrypter in case he is able to figure out your decryption key at some point in the future. Here's a link to instructions on how to do that: https://kb.gt500.org/stopdecrypter
  20. 1 point
    STOPDecrypter lists the MAC of every network adapter. Since the average user doesn't know how to find the MAC address of their network adapters, let alone what a MAC address even is, it's best for them to run STOPDecrypter. As for the possibility of running it on the wrong computer, I have added a couple of lines to the instructions I wrote covering that and pointing to the FAQ. Перевод предоставлен Google. STOPDecrypter перечисляет MAC-адрес каждого сетевого адаптера. Поскольку рядовой пользователь не знает, как найти MAC-адрес своих сетевых адаптеров, не говоря уже о том, что такое MAC-адрес, для них лучше всего запустить STOPDecrypter. Что касается возможности запуска его на неправильном компьютере, я добавил пару строк в написанные мной инструкции, охватывающие это и указывающие на FAQ.
  21. 1 point
    @Albert-S and @borstibo there is a possibility that if you remove the drives from the effected NAS, and connect them to a computer that is capable of reading them (if they are formatted with either that FAT32 or NTFS filesystems then Windows computers should be able to read them), that you may be able to use file recovery/undelete software to recover some of the files. Please note that this is based on an assumption, and may not be correct. The assumption is that the device is not actually infected, and that an attacker was able to gain access through a service on the NAS such as FTP or SMB, copy the files to their system, encrypt them, and then copy them back to the NAS. There's also the possibility that the files may simply have been renamed rather than being encrypted. If you want more information about the possibility of using file recovery software, then look over some of the messages that I and Amigo-A posted for Mr_Ohrberg further up in this topic.
  22. 1 point
    You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link: https://kb.gt500.org/stopdecrypter
  23. 1 point
    This is a new version of STOP-Djvu Ransomware You need to leave the application to the developer STOPDecryptor at the link on the forum BleepingComputer. Only there are collected all the requests and cases where the decrypting failed. You need to carefully read the first post of the topic to find out what you need to provide. If you do not want to read there, provide the following information: 1) the extension on your encrypted files; 2) MAC (physical) address of the network card that was used to access the Internet at the time of the attack (others are not needed!!!); 3) personal ID from a ransom note or attach a this text file to your message; 4) ID, which unsupported from the STOPDecrypter, only if you have already tried to decrypt and your extension is supported by STOPDecrypter. But at the moment STOPDecrypter your extension does not support. Therefore, your message should be left there as soon as possible.
  24. 1 point
    OK. Let us know if you're able to recover anything, that way we know whether or not to continue recommending trying file recovery software.
  25. 1 point
    Hallo Thomas Vielen Dank für Deine Hilfe via PN. Immerhin gibt es diesen "Umweg" um vor Querelen geschützt zu sein. Andere Nutzer sind da wahrscheinlich versierter um das mit Cleverbridge klarzukriegen. Ich bin ganz froh, daß Du mir helfen kannst und willst. Danke dafür .
  26. 1 point
    More than likely 3DMark's software has an issue with the kind of hooks Emsisoft Anti-Malware opens to monitor it. This is something that they will have to fix, as it's a bug in their software.
  27. 1 point
    Ich dachte das wollte man ändern? https://support.emsisoft.com/topic/30225-neues-lizenz-system-abonnement/
  28. 1 point
    I should add: I have notes which suggest the remap (recalculation of a machine key based on its connected hardware) can happen up to 5 times per day before you have a problem. You can temporarily get around this by limiting EAM's update frequency to "every 6 hours" which means it'll only remap four times per day. I know this is going to cause me problems because my next desktop PC is going to have multiple caddied drives on it.
  29. 1 point
    This wasn't about malware. This was about serious vulnerabilities in processors that could have exposed information from any running process. This information could include anything you had open at the time the vulnerabilities were exploited. Financial information, password databases, browser history, etc. And it is exploitable from within a web browser, so all you'd have to do is visit a malicious website. As I said, I highly recommend leaving the mitigations turned on. Microsoft's latest patch for the Spectre v2 mitigations (released March 1st) does help with performance issues.
  30. 1 point
    The Behavior Blocker will catch the payload. While it does have some exploit protection, it isn't intended to provide a full range of exploit protection, and thus will only catch certain exploits.
  31. 1 point
    Just don't. You will hurt your general performance considerably. Better to just enable the MVPS filter list in uBlock. Kind of pointless. uBlock does a better job. Ad hosts blocked by uBlock can't set cookies in the first place. That's all it pretty much does if you are using Firefox. For someone who is concerned about their privacy it is interesting that you willingly send your entire surf history to any company in clear text: Literally every single website you browse to will get submitted in that way. Bitdefender Traffic Light isn't the only extension that does this. Other extensions known to do this are Avira Browser Safety, Avast Online Security, Norton Safe Web and Comodo Online Security Pro.
  32. 1 point
    I'm fairly certain that no security software can provide adequate protection against these vulnerabilities, especially since they are generally exploited through otherwise trustworthy software running remote scripts (such as web browsers). The performance gain would be minor. The amount that the patches effected performance was extremely dependent on the number of users on the system, and thus terminal servers and certain "cloud" hosting servers suffered the greatest performance impact (maybe 15% to 20%). For the average home user, I would believe the estimated reduction in performance was 5% or less. Admittedly the conditions under which the patches caused performance reduction may have been different for each patch, as there were a number of different vulnerabilities related to similar CPU technologies, and of course one or more patches for each of those vulnerabilities in order to try to mitigate them. If you want to play with the mitigations for these vulnerabilities to test the performance differences of the system, then I recommend making an image of the disk first, that way you have something to restore the system from when you're done or if anything goes wrong.
  33. 1 point
    @Jimbo - There's an on/off control in Settings - Notifications.
  34. 1 point
    That's correct. We don't exclude all system processes from injection in case they get replaced by malware, and since Windows won't allow injection when it's a legitimate system file with strict code signing requirements then it isn't going to cause any problems.
  35. 1 point
    https://support.emsisoft.com/topic/30471-beta-9188/?tab=comments#comment-190459
  36. 1 point
    I am having exactly the same issues. Also have a 4K screen. I have already informed David from customer support regarding this. Do you have a time frame when this would be fixed as this has been going on for months now? Its been a very very long time since this has been like this, probably like 3 months.
  37. 1 point
    Die meisten Problemchen sind so einfach zu lösen . Wünsche auch ein schönes Wochenende.
  38. 1 point
    hey, here's the blog post about it: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  39. 1 point
    Got this update but no blog post? this other forum post raises concern as well https://support.emsisoft.com/topic/30341-is-this-legitimate/ My program is on stable channel i have never used beta
  40. 1 point
    I have received 2 phone calls regarding this issue. Is this legitimate?
  41. 1 point
    I just got this also. Windows 10 Pro. Pale Moon,Firefox & Chrome installed. Chrome default
  42. 1 point
    https://malwaretips.com/threads/emsisoft-browser-security.88869/ Pity it wasn't posted here as well.
  43. 1 point
    The extension does provide additional protection. It is capable of blocking full URL's instead of just domains, so in the case of domains that are normally legitimate but contain a few malicious pages the extension can handle those instead of Surf Protection blocking the entire domain. You can install it whenever you want. It doesn't actually integrate with EAM in any way, so it will function just as well regardless of whether or not you have the 2018.12 beta installed.
  44. 1 point
    My computer was also infected by .udjvu and all files were encrypted. My wife is a Teacher and all her documents are now encrypted by .udjvu My only option is to install a new Hard Disc on the computer and make a fresh start. I will keep the encrypted Hard Drive in case someone in the future manages to decrypt .udjvu Please let us know if something comes up. Thanks, Andreas. _openme.txt DSC01680.JPG.udjvu DSC01682.JPG.udjvu
  45. 1 point
    That depends on when law enforcement and security companies are able to gain access to the servers operated by these criminals and "liberate" their database of private keys.
  46. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  47. 1 point
    Was soll das bedeuten? Im Zweifel bedeutet das für Server eine andere Software einsetzen und EAM auf en Clients zu halten. Es wirkt eher wie eine verschwurbelte Preiserhöhung. Preis und einfache Oberfläche waren bis jetzt Hauptvorteile von EAM. Die Enterrpriseconsole ist auch kompakt. Komplexität und Featureflut haben wir ja bei der Konkurrenz genug. Preislich ist sicherlich noch etwas Luft, aber wenn jetzt noch eine Schulung für die Preis/Featureliste notwendig wird, dürfte es Akzeptanzprobleme geben. Da bin ich mal gespannt, wie die Spreizung zwischen Enterprise und Privat gestaltet wird. Gerade was Betatests angeht. Die Netzwerkverbindungs-Probleme mit 2018.9. ware da eine interssante Erfahrung.
  48. 1 point
    The option used to be on by default, however to my knowledge it is now always off by default. That is correct. If the 300-500 MB of RAM it will use isn't a burden, then there's no real need to have the option turned on. Note that if your pagefile is on an SSD, you may not notice any performance differences between having the option on or off. It may also work differently on Windows 10, where Windows favors compressing memory pages rather than moving them to the pagefile to reduce memory usage. The way it works, turning the option on would reduce performance, and turning the option off would improve performance. The text of the tooltip may need to be updated to clarify that it is off by default due to reduced system performance when the option is on.
  49. 1 point
    It's not abnormal for Windows to say that when a program update for Emsisoft Internet Security gets installed. When that happens, Emsisoft Internet Security has to restart itself in order to update itself, and during that brief period of time Windows will report that Emsisoft Internet Security is turned off. I would believe we made some changes recently so that Windows doesn't do that anymore, however I have not tested to verify that (I would have checked before posting, but there's currently no beta version for me to install in order to test).
  50. 1 point
    no tried because version 11 used my CPU. I back version 10 and waiting for Stable of version 11 EIS WE ARE EMSISOFT USERS and WE LOVE EMSISOFT
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up