Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      114

    • Content Count

      9640


  2. stapp

    stapp

    Global Moderator


    • Points

      23

    • Content Count

      3060


  3. JeremyNicoll

    JeremyNicoll

    Member


    • Points

      21

    • Content Count

      1396


  4. Frank H

    Frank H

    Emsisoft Employee


    • Points

      15

    • Content Count

      1422



Popular Content

Showing content with the highest reputation since 06/18/18 in Posts

  1. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  2. 2 points
    Possibly in the future, just give us some time. 😉
  3. 2 points
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  4. 2 points
    That's an offline ID. Support for it should be added to STOPDecrypter soon, and once that happens it should be possible for you to decrypt your files.
  5. 2 points
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  6. 2 points
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  7. 2 points
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  8. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  9. 2 points
    Hallo Moreau, vielen Dank fĂŒr Ihre positive RĂŒckmeldung. Immer wieder gerne und vielen Dank fĂŒr die freundliche Kommunikation. Ich wĂŒnsche Ihnen einen guten Start in die (noch fast) neue Woche!
  10. 2 points
    > Thanks how do I turn off the notification please ? See: Settings - Notifications - Browser Security verifications
  11. 2 points
    Hello, This is legitimate. You can read more about it here: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  12. 2 points
    FYI: https://blog.emsisoft.com/en/32110/emsisoft-anti-malware-2018-9-beta/
  13. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  14. 1 point
    EAM doesn't work on XP or Vista now. System requirements are :- For Windows 7/8.1/10, 32 & 64 bit
  15. 1 point
    [+] Loaded 42 offline keys Please archive the following info in case of future decryption: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt --------------------------------------------------------------------------------------------------------------- Decrypted 0 files! Skipped 45 files. [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.zip ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rar ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt please help me STOPDecrypter-log.txt
  16. 1 point
    This is STOP Djvu Ransomware, and we need a sample of the malware. Can you check Task Scheduler for a suspicious task running very often (like every 5 minutes)? If you find it, please disable it, then go to Properties for it, Actions tab, and select the "Start a program" - click Edit, and note the location the executable is. Find that executable and upload it to VirusTotal, then send me a link to it. If you need further help with this, I will have a support team member reach out to you for more guided assistance. I do need that malware sample ASAP. In addition to securing the malware executable, please follow the directions in this article to provide me the Personal ID and MAC addresses of the infected machine. https://kb.gt500.org/stopdecrypter
  17. 1 point
    There are still some bugs in the current implementation of Emsisoft Cloud Console (which is what you're seeing in MyEmsisoft when you manage your workspace). It's still a beta, and our developers are still adding features and making changes to existing functionality, so every now and then a new bug will be introduced. Zwergenmeister already reported this as a bug, and the response from QA was that it is a known issue and is being worked on.
  18. 1 point
    haha, thanks, or should I say merci 😀 I suppose you could argue that it should be called Mon Emsisoft 😄 Also, where it says Mon, and then Les Appareils, and Licences below that, it probably should say Mes, and then Appareils and Licences
  19. 1 point
    Hello, ECC its just in beta, it will be corrected soon, i have also report that.
  20. 1 point
    https://blog.emsisoft.com/de/33459/neu-in-2019-5-verbesserte-myemsisoft-uebersicht-beta/
  21. 1 point
    Most ad blockers will block cryptominers as well, so specialized extensions for it aren't necessarily needed. I know uBlock Origin started blocking them almost immediately after CoinHive started to be exploited (although it appears to be one of the third-party filter lists that are enabled by default that are blocking it).
  22. 1 point
    "Opt in " 1 click, " Opt out " 1 click, so convenience is the same either way. For people who like not to having to renew every year its fine, but, many people are unaware of this, you know how people are, they just click click click without reading a dam thing. Many people will be receiving invoices they are not expecting and this is how the slimy companies get them. Not saying Emsisoft is one of these, on the contrary Emsisoft is one of the best, if not the best, for integrity and customer service. I just don't like opt out. If you continue on this route then you need a page to pop up with 4 inch letters explaining what is happening so that there is no way anyone can miss it.
  23. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Actually, Demonslay335 told me earlier today that he already helped you, so you should be good to go. If you need anything else, then please let us know.
  24. 1 point
    Hallo Emsi-GeschĂ€ftsfĂŒhrung. Ich wollte gerade meine Lizenz fĂŒr ein weiteres Jahr verlĂ€ngern. Das hat leider nicht geklappt, weil ich kein HĂ€kchen bei "Abonnement" gesetzt habe. So konnte der Bestellvorgang nicht beendet werden. Braucht Ihr Eure treuen Privatkunden nicht mehr? Dann sehe auch ich mich, allerdings ungern, nach was Anderem um, bspw. Malwarebytes.
  25. 1 point
    Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.
  26. 1 point
    I have forwarded your ID and MAC to the creator of STOPDecrypter. Either he or myself will contact you if he is able to figure out your decryption key.
  27. 1 point
    @Albert-S and @borstibo there is a possibility that if you remove the drives from the effected NAS, and connect them to a computer that is capable of reading them (if they are formatted with either that FAT32 or NTFS filesystems then Windows computers should be able to read them), that you may be able to use file recovery/undelete software to recover some of the files. Please note that this is based on an assumption, and may not be correct. The assumption is that the device is not actually infected, and that an attacker was able to gain access through a service on the NAS such as FTP or SMB, copy the files to their system, encrypt them, and then copy them back to the NAS. There's also the possibility that the files may simply have been renamed rather than being encrypted. If you want more information about the possibility of using file recovery software, then look over some of the messages that I and Amigo-A posted for Mr_Ohrberg further up in this topic.
  28. 1 point
    You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link: https://kb.gt500.org/stopdecrypter
  29. 1 point
    The Behavior Blocker will catch the payload. While it does have some exploit protection, it isn't intended to provide a full range of exploit protection, and thus will only catch certain exploits.
  30. 1 point
    uBlock is exceptionally good at removing duplicate filter rules. So if you enable the MVPS filter list there, it will only enable it for stuff that isn't covered by other lists. That's also why in the rules list it says "x used out of y". Because it tells you how many rules it actually used out of that filter list. The rest was already covered by other lists. uBlock is also a lot more efficient as parsing and applying these filter rules than the DNS API in Windows is, which is the component that parses the "hosts" file. Depending on the browser you use, the "hosts" file may actually get ignored entirely. Some browsers like Chrome, for example, implemented their own, faster DNS client as the Windows DNS API isn't the fastest. So in the worst case scenario, you were having this huge hosts file, slowing down every program that does remotely something with networking, while at the same time your browser completely ignored it. Yeah, most people aren't aware of it and it is the main reason why we decided to create our own browser extension. The worst part is, that it is completely unnecessary from a technical point of view as well. But yeah, as it is often the case: If something a free, you pay with your data. Unfortunately not. If you find one, let me know which one and I can check how intrusive it is for you though. We are also considering adding search indicators in our extension. So you may want to wait for that. There is no ETA though.
  31. 1 point
    That's correct. We don't exclude all system processes from injection in case they get replaced by malware, and since Windows won't allow injection when it's a legitimate system file with strict code signing requirements then it isn't going to cause any problems.
  32. 1 point
    Sorry, der Beitrag wurde aus Versehen verschoben. Sollte jetzt wieder richtig sein. Ansonsten war die Inkludierung von Emsisoft, wie vom Autor in seinem Forum bereits bestaetigt, ein Versehen seinerseits. Wir verschicken keine vollstaendigen URLs. Wir verschicken nichtmal Domainnamen im Klartext. Wir verschicken ausschliesslich Hashes von Teilen des Domainnamens, die von uns nicht einmal zurueck in einen echten Domainnamen umgewandelt werden koennen. Die Idee ist im Endeffekt nicht, dass wir wissen wo da jemand grade rumsurft, sondern nur, dass wir genug Informationen haben um 99.9999% aller schaedlichen URLs die wir kennen auszuschliessen. Das Ziel ist die Liste an potentiell moeglichen schaedlichen URLs soweit zu reduzieren, dass es praktikabel ist sie zurueck an den Browser zu schicken, damit dieser dann schauen kann ob sich der User grade auf einer bekannt schaedlichen Seite aufhaelt.
  33. 1 point
    With notification turned in in EAM setting I was offered the option to install it via clicking on the slide info. (No need to have a Microsoft account to get this from the store in case anyone is wondering) Installed and running
  34. 1 point
    hey, here's the blog post about it: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  35. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  36. 1 point
    Was soll das bedeuten? Im Zweifel bedeutet das fĂŒr Server eine andere Software einsetzen und EAM auf en Clients zu halten. Es wirkt eher wie eine verschwurbelte Preiserhöhung. Preis und einfache OberflĂ€che waren bis jetzt Hauptvorteile von EAM. Die Enterrpriseconsole ist auch kompakt. KomplexitĂ€t und Featureflut haben wir ja bei der Konkurrenz genug. Preislich ist sicherlich noch etwas Luft, aber wenn jetzt noch eine Schulung fĂŒr die Preis/Featureliste notwendig wird, dĂŒrfte es Akzeptanzprobleme geben. Da bin ich mal gespannt, wie die Spreizung zwischen Enterprise und Privat gestaltet wird. Gerade was Betatests angeht. Die Netzwerkverbindungs-Probleme mit 2018.9. ware da eine interssante Erfahrung.
  37. 1 point
    Try the following, and let me know if that helps: Open Emsisoft Anti-Malware. Click on Protection. Click on Surf Protection in the menu at the top. Make sure that the option Hide built in list is not selected (located to the right of the search field). Search for the website that is being blocked. If you find it and it's a custom rule (these say "My own" under "Category"), then you can click on it once to select it, and then click the Remove rule button in the lower-right. If you want to edit the rule to change whether or not it is blocked, then just double-click on the website address in the list you want to edit, change the Implemented action to Don't block, and click OK to save it.
  38. 1 point
    It's a bit of an ongoing situation siketa. See here https://support.emsisoft.com/topic/29877-still-scanning/
  39. 1 point
    I fear we will get the new GUI layout whether we like it or not Jeremy. Me.. I dislike it intensely. It's so difficult to just get to where you want to go and what you want to do. Some would say ''but hey, they've put short cut icons down the side to help you'' In that case why have tabs as well? Why double everything up?
  40. 1 point
    Here's a screenshot of the renewal options showing where to find the number of computers on the license key:
  41. 1 point
    If you enter your license key at the following link, and then click the Show Renewal Options button, you can increase the number of PC's on your license key while purchasing a renewal: https://www.emsisoft.com/en/order/renew/
  42. 1 point
    Bad Reputation should mean the rating on the Anti-Malware Network. If there's no notification, then open Emsisoft Anti-Malware and click on Protection, and make sure that the Behavior Blocker is set for Auto resolve, notifications for threats only.
  43. 1 point
    FYI: We had some temporary downtime this morning that lasted about an hour. It wasn't caused by anything serious, and we don't expect it to happen again.
  44. 1 point
    Attachments... only downloadable by staff... is (of course) right, but this poster was previously posting URLs to a pastebin-like site, so anyone could follow the URL.
  45. 1 point
    I am looking for an anti-malware solution from a vendor that has a strong commitment to privacy and is against SSL/HTTPS Scanning (TLS interception), with no PUPs or unnecessary (heavy) tools. Hard to find. If Emsisoft can come up with such a product for MacOS, I would be more than happy.
  46. 1 point
    As far as I know it's meant to run from anywhere, including a USB stick. That's what the instructions at the top of this post say. Perhaps it would help if you said you actually did at the start. Presumably you downloaded EEK from this website and ended up with something named EmsisoftEmergencyKit.exe then put that on your USB drive and double-clicked it to run it? I've not run it because I'm not certain I can do so without - maybe - altering something about how EAM runs here. But looking at what's inside EmsisoftEmergencyKit.exe I think it would create a couple of folders of files named bin32 and bin64, a readme file, and two other .exe's. When you read the contents of the readme file it tells you three ways to run EEK itself. I don't know why "the updates would never stop"... unless there's a problem with the USB stick itself - if it's full or can't be written to?
  47. 1 point
    There are many ways to remove webroot antivirus, i suggest you to remove webroot with the help of wrsa webroot removal tool.. If you are still not able to get ride of it,, then remove it with the help of command prompt
  48. 1 point
    Logs.db3 is an SQLite database file saved by Emsisoft Anti-Malware. If the file is missing, it will simply create a new one, as this file is used to store all of the logs that appear in Emsisoft Anti-Malware. As for uninstalling, please download Emsiclean from this link (be sure to save it on your desktop), and follow the instructions below to get me a log: Run the Emsiclean download that you saved on your desktop. Read the disclaimer. Note that you must agree to it in order to proceed. Once the scan is finished, simply exit Emsiclean, and do not remove anything. A new file will be saved on your desktop with a log of what was detected. Please attach that to a reply so that I can review it.
  49. 1 point
    I would believe our developers are still looking in to it, however thus far we have been assuming it is an issue with Windows 10 since certain Windows tools still read the firewall status correctly.
  50. 1 point
    no tried because version 11 used my CPU. I back version 10 and waiting for Stable of version 11 EIS WE ARE EMSISOFT USERS and WE LOVE EMSISOFT
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up