Popular Content

Showing content with the highest reputation since 10/13/09 in Posts

  1. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  2. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  4. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  5. 2 points
    According to several reports, the latest Windows 10 Update pushed on Jan. 3rd is supposed to address the "Meltdown" security problem. However, due to changes to Windows kernel, Microsoft didn't make the update available to users without the "ALLOW REGKEY", and directed users to confirm with AV vendors if their products are compatible with the latest update. So is the current version of EAM compatible with this update?
  6. 2 points
    Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  7. 2 points
    Local is your machine, "this end" of a conversation. Remote is whatever machine's at the other end.
  8. 2 points
    I think you have made your point of view crystal clear for everyone, iwarren. Do we really nede more posts?
  9. 2 points
    That would help in this particular instance (alerts during an uninstall), however every rule that exists can decrease performance, so rules are generally not kept if they are not needed.
  10. 2 points
    You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
  11. 2 points
    Good morning. Can we expect to get a fix for the updates not working soon, please? Having to disable the firewall to get updates seems an important bug to me. Thanks in advance and best regards, François
  12. 2 points
    I don't have any insight in the test-methodology apart from what the article states, but a few observations make me doubt the relevancy of this test: The test compares a number of different products: antirootkit scanners and anti-malware scanners. This makes no sense to me. TDSSkiller is an excellent Antirootkit scanner in my opinion, but it is a limited tool, you cannot compare this with a anti-malware scanner like EEK or MBAM because its simply a different product. The tested malware is for the most part very, very old and not seen in the wild anymore, even though the article states 2015 and "in the wild" in the title. To give a few examples: Alureon/TDL3/4 hasn't been around "in the wild" for at least 3 years (and thats estimating it very loosely) The article listed is from 2010 (!) http://contagiodump.blogspot.gr/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html?m=1 The same goes for ZeroAccess/Max++. The latest usermode version of that rootkit was active in 2013 and after the botnet was taken down for a large part, there has been no re-emergence of this malware. However, its kernelmode version was quite a bit older, this was last seen in 2011. Sure, its interesting to see how products perform against such rootkits, but how useful is it? Those rootkits were "retired" for a very good reason, they can no longer infected today's OS versions. Finally, I'm not one to make accusations, but I don't like "sponsored by..." tests. I'm fully willing to believe that Zemana was indeed the best product to remove all these infections, but I just think its not the best strategy for any testing lab to let a sponsor also participate in the tests, just to avoid any possible doubt as to the objectiveness of the test results.
  13. 2 points
    Derzeit bieten wir Email Support auf Deutsch, Englisch, Franzoesisch, Spanisch, Niederlaendisch, Russisch und Italienisch an.
  14. 2 points
    Hello, Jenn Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. Please change your user name to something that is not your email address. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  15. 2 points
    Hi und Herzlich Willkommen beim Emsisoft Support Forum! Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften) Starte jetzt FRST. Ändere ungefragt keine der Checkboxen und klicke auf Scan. Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop. Bitte beide Logfiles in der nächsten Anwort anhängen.
  16. 1 point
    DrWeb can decrypt some files that STOP-Decrypter cannot decrypt, only in another way. Only .pdf encrypted files and all the Office documents .doc, xls, docx, xlsx, ppt, pps, etc … Unfortunatly with this way can't will decrypt photo, video, audio and many files with other extensions. If free test decrypt these files will successful, the fees requested by Dr.Web experts 150 EUR for Rescue Pack (Personal decryptor + 2-year DrWeb Security Space protection). There is no alternative to receiving this service. If the test-decrypt will fails, no payment will be required. Tell me, if this way suits you, I will let you know what files you need to collect for this. I do not participate in this process and do not provide any help except this information. I not having any financial benefit and is not involved in this decryption service at all.
  17. 1 point
    [!] No keys were found for the following IDs:[*] ID: kdKoug7mCqSlGVQyBnLCBiCVzGFqKASgYnaVFcph (.roldat )Please archive these IDs and the following MAC addresses in case of future decryption:[*] MAC: 8C:16:45:3D:C1:B6[*] MAC: B2:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:24This info has also been logged to STOPDecrypter-log.txt
  18. 1 point
    Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.
  19. 1 point
    My computer was also infected by .udjvu and all files were encrypted. My wife is a Teacher and all her documents are now encrypted by .udjvu My only option is to install a new Hard Disc on the computer and make a fresh start. I will keep the encrypted Hard Drive in case someone in the future manages to decrypt .udjvu Please let us know if something comes up. Thanks, Andreas. _openme.txt DSC01680.JPG.udjvu DSC01682.JPG.udjvu
  20. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  21. 1 point
    Our release cycle is always like that. When a beta reaches our expected level of quality it becomes a stable build. Beta 4 in particular was just a minor cosmetic change from Beta 3, so our internal tests went through quite quickly.
  22. 1 point
    Easy workaround for now (and something that I do in any security software just to cut down on hooks opened to games) is to exclude the Steam folder in Emsisoft Anti-Malware and COMODO Firewall. Here are instructions on excluding a folder from scanning and monitoring: Open Emsisoft Anti-Malware. Click on Settings in the menu at the top. Click on Exclusions in the menu that appears right below the one at the top. The exclusions section contains two lists (Exclude from scanning and Exclude from monitoring). Look for the box right under where it says Exclude from scanning. Click on the Add folder button right below the Exclude from scanning box. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK. Scroll down to the box under Exclude from monitoring and click the Add folder button right below that box. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK. Close Emsisoft Anti-Malware. Note: If a program is still running when you exclude its folder, then you will need to close it and reopen it for the exclusion to fully take effect. In some cases you will need to restart your computer before this will happen. In the case of Steam, just exit it and then open it again.
  23. 1 point
    That is possible, however keep in mind that Cry36 has been around for some time without any real progress being made in decryption, so please note that it may take a little while for security researchers and/or law enforcement to finally get their hands on the private keys to decrypt your files.
  24. 1 point
    FYI: This does appear to be a new variant of the Nemesis ransomware, which Cry36 is a variant of as well. An affiliate/reseller for Dr.Web is claiming that Dr.Web is capable of decrypting the files (or at least figuring out the private key to use to decrypt them), and selling the service on BleepingComputer's forums. Note that Dr.Web will provide this service for free to anyone who has a license for their business Anti-Virus software. They have a form to request this service available at this link. Edit: Please see the note in the post at this link about Dr.Web not being able to decryt this ransomware, and your current options for recovering files.
  25. 1 point
    One of our malware analysts took a look at the copy of CerberTear that was mentioned in the Twitter post you linked to. He said it looks easily decryptable, however the only details he gave me were that the ransomware didn't transmit decryption keys back to whoever made it, so if someone were to pay the ransom they wouldn't get a working decrypter back from the criminals who made/distributed this ransomware (if the criminals responded to the victim at all). Michael Gillespie will also have access to the copy of the ransomware mentioned in the Twitter post, so he should have no trouble figuring out the encryption method.
  26. 1 point
    So... is that specific webpage meant to show no file name, no file size etc?
  27. 1 point
    Yup, you're correct. OpenDNS has limited malicious/bad site blocking (they focus on long-lived stuff like botnets) and phishing protection. Quad9 uses a bunch of vendors' threat intelligence feeds to block malicious and phishing sites. Comodo is vague, but claim they use RBLs. They aren't RFC-compliant with regard to DNS TTLs. No idea whether they redirect on NXDOMAIN (I don't trust Comodo as a company, so I haven't used this svc) Norton uses their own threat intelligence feeds to block phishing, malicious sites, etc, but last I checked, they redirect instead of returning NXDOMAIN, and partner with ask.com for that monetization stuff (yuck).
  28. 1 point
    the issue seems to be fixed and will be available in the 2017.8 beta release
  29. 1 point
  30. 1 point
    Our server administrator tried to update our forums on Wednesday morning, and there were some problems that necessitated restoring from a backup, so any messages posted during that time are gone. I thought I had seen a reply from David to this topic Wednesday morning, however it looks like any staff replies disappeared after the backup was restored. I'm glad to hear that David was able to help you sort out the issue.
  31. 1 point
    We're aware of the issue. Some parts of Windows 10 seem to detect that Emsisoft Internet Security's firewall is active, and some do not.
  32. 1 point
    Dear michaelws, Thank you for your kind feedback, you are very welcome I wish you a great and malware-free day!
  33. 1 point
    Hi Siketa, Nice catch! I added them to our tracker, will be fixed soon. Thanks, Orlando
  34. 1 point
    I've confirmed the issue, collected some debug information, and am sending it to our QA Manager.
  35. 1 point
    May I recommend the free cloud scanner herdProtect as a second opinion scanner? It is powered by 68 anti-malware engines, among them from the top brands, one of them being Emsisoft. Can't hurt together with Emsisoft IS on your machine, specially not because herdProtect does not protect you while you are surfing and downloading stuff, and Emsisoft IS does.... but as a second opinion scanner it might be the best one. And it removes detected malware for free.
  36. 1 point
    EEK should detect the vast majority of ransomware (is uses both BitDefender's database and our own database), and its detection rate is usually one of the best. BTW: EEK works fine in Safe Mode.
  37. 1 point
    Hello, Sorry you're having troubles with EIS. And thank you for attaching the minidumps. I will investigate this asap.
  38. 1 point
    You'd have to create rules to block either the domain names that IDM uses as aliases for its update servers in the Surf Protection, or create a firewall rule to block the IP addresses of their update servers. The firewall rule can be created in the Application Rules to apply only to IDM, or it can be created in the global rules to apply to everything (just make sure that your custom rule is above the rule for Application Rules, otherwise the Application Rules will override it).
  39. 1 point
    When we changed our product name, we didn't change a lot of the file names, so most of them still start with a2 (such as a2service.exe, a2start.exe, a2guard.exe, a2wizard.exe, etc).
  40. 1 point
    Hi there, Please do not use Emsiclean on your own unless one of the support staff instructs you to - see here.
  41. 1 point
    Fabian, Would you ask the team to look into creating an option that allows us to not prompt for reboots during a specified time period? For my business clients I need to NOT have it request a reboot during the day when they are working. Most of my clients are in the healthcare industry, and asking for a reboot when they are working with a patient is a BIG problem. If you click on Close when it prompts for a reboot, it pops back up within a coupe of minutes asking for a reboot again.
  42. 1 point
    Dear all, my JPGs,DOCs files has encrypted by CTB- locker with an extension jbfzvfe , any idea how to solve it, i've tried a tool called decrypt_pclock but it doesnt work i think the malware author updated his malware anyone has a new tool kindly share it, its very important to get back these work file \ Decrypt-All-Files-yqkjcce.bmp
  43. 1 point
    For what its worth, a large number of the detected objects are related to PUPs (potentially unwanted programs). Such applications often are installed without your consent when you run an installer for a legitimate program downloaded on the internet. To be sure you get rid of all remnants, best is to follow the guide Stapp linked to. To prevent this type of infection in the future, always read carefully what you agree to before clicking "Next". Uncheck or skip all additional offers so that you won't end up with applications or browser changes you didn't ask for. .
  44. 1 point
    Malwarebytes scans only files that begin with MZ (PE files) so the EICAR test file is not targeted.
  45. 1 point
    Hello, Москвич Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  46. 1 point
    Your logs indicate that you are bypassing the Adobe activation servers. However, I see no retail Adobe products installed. Bypassing Adobe's activation servers indicate that unlicensed copies of Adobe products are in use. Please clarify why you are bypassing the Adobe activation servers, before we continue.
  47. 1 point
    Hallo, nach Rücksprache mit unseren Malwarespezialisten handelt es sich dabei um einen Fehlalarm. Der Fehlalarm wird mit dem nächsten Signaturenupdate beseitigt. Das Update sollte in ein paar Minuten zur Verfügung stehen.
  48. 1 point
    @KiRa, lade Dir das neueste Setup runter, deinstalliere die vorhandene Version, starte den Rechner neu und installiere die neu geladene Setup Datei. Ich für meinen Teil kann weder auf meinem Win7 noch auf meinem XP Testsystem schwerwiegende Bugs feststellen. Mitlerweile läuft die V6 sehr gut, so das man von einer "stabil version" reden kann. Glaube mir, andere Hersteller haben noch mehr Schwierigkeiten!
  49. 1 point
    OK, a quick chat with Fabian has revealed that this is an issue with Online Armor that our developers are already aware of. A quick check of our bug tracker shows that the issue is already fixed. I assume the fix will be included in the next program update to Online Armor, however I have not spoken to Andrey to confirm that.
  50. 1 point
    Hi JR5280, welcome to the forum Please have a look into "Configuration" > License Tab What do you have there? There should be full & Free license stated (You can post the image here) Can you highlight the full one & "Refresh" Please tell whether that helped My regards
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up