Leaderboard


Popular Content

Showing content with the highest reputation since 10/13/09 in all areas

  1. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  2. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  4. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  5. 2 points
    According to several reports, the latest Windows 10 Update pushed on Jan. 3rd is supposed to address the "Meltdown" security problem. However, due to changes to Windows kernel, Microsoft didn't make the update available to users without the "ALLOW REGKEY", and directed users to confirm with AV vendors if their products are compatible with the latest update. So is the current version of EAM compatible with this update?
  6. 2 points
    Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  7. 2 points
    Local is your machine, "this end" of a conversation. Remote is whatever machine's at the other end.
  8. 2 points
    I think you have made your point of view crystal clear for everyone, iwarren. Do we really nede more posts?
  9. 2 points
    That would help in this particular instance (alerts during an uninstall), however every rule that exists can decrease performance, so rules are generally not kept if they are not needed.
  10. 2 points
    You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
  11. 2 points
    Good morning. Can we expect to get a fix for the updates not working soon, please? Having to disable the firewall to get updates seems an important bug to me. Thanks in advance and best regards, François
  12. 2 points
    I don't have any insight in the test-methodology apart from what the article states, but a few observations make me doubt the relevancy of this test: The test compares a number of different products: antirootkit scanners and anti-malware scanners. This makes no sense to me. TDSSkiller is an excellent Antirootkit scanner in my opinion, but it is a limited tool, you cannot compare this with a anti-malware scanner like EEK or MBAM because its simply a different product. The tested malware is for the most part very, very old and not seen in the wild anymore, even though the article states 2015 and "in the wild" in the title. To give a few examples: Alureon/TDL3/4 hasn't been around "in the wild" for at least 3 years (and thats estimating it very loosely) The article listed is from 2010 (!) http://contagiodump.blogspot.gr/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html?m=1 The same goes for ZeroAccess/Max++. The latest usermode version of that rootkit was active in 2013 and after the botnet was taken down for a large part, there has been no re-emergence of this malware. However, its kernelmode version was quite a bit older, this was last seen in 2011. Sure, its interesting to see how products perform against such rootkits, but how useful is it? Those rootkits were "retired" for a very good reason, they can no longer infected today's OS versions. Finally, I'm not one to make accusations, but I don't like "sponsored by..." tests. I'm fully willing to believe that Zemana was indeed the best product to remove all these infections, but I just think its not the best strategy for any testing lab to let a sponsor also participate in the tests, just to avoid any possible doubt as to the objectiveness of the test results.
  13. 2 points
    The Shariff solution looks very elegant and I'm watching the project for quite some time. They released a new version a few months ago https://github.com/heiseonline/shariff It doesn't 100% meet our requirements but we may adapt some things from it and replace our current social media buttons. It's already in the works.
  14. 2 points
    Derzeit bieten wir Email Support auf Deutsch, Englisch, Franzoesisch, Spanisch, Niederlaendisch, Russisch und Italienisch an.
  15. 2 points
    Hello, Jenn Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. Please change your user name to something that is not your email address. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  16. 2 points
    Hi und Herzlich Willkommen beim Emsisoft Support Forum! Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften) Starte jetzt FRST. Ändere ungefragt keine der Checkboxen und klicke auf Scan. Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop. Bitte beide Logfiles in der nächsten Anwort anhängen.
  17. 1 point
    Hi Damaxx, can you share the decryptor. Wanted try it will work for my files or not.....
  18. 1 point
  19. 1 point
    Hallo und danke für die Anfrage. Vielen Dank auch für die Unterstützung @eric cartman Eventuell noch als Nachtrag ein Verweis zur Übersicht der Produkt-Updates: https://blog.emsisoft.com/de/category/emsisoft-neuigkeiten/produkt-updates/
  20. 1 point
    The cheapest option for you would be the 3-PC license key, even if you only have 2 computers. You're not required to have a 3-PC license key though, so if you prefer to buy two 1-PC license keys (one for each computer) then feel free to do so, however note that the total cost of doing so is usually more than a 3-PC license key.
  21. 1 point
    You can technically just remove all entries from your hosts file using Notepad. Just delete everything except the "127.0.0.1 localhost" entry if there is any. Lines starting with "#" are comments by the way. Pretty much. We are not an ad blocker, no. You use uBlock Origin which is pretty much the best adblocker you can get. So you are well covered in that area already. Correct. When you try to click the link, it will block access to the site. But I do understand that a lot of people would like to know before they click, which is why we consider adding it. Interestingly enough WOT got in trouble for the very same thing that some AVs are doing with their extension. You can always set up your own DNS server locally or in a cheap VPS box online. DNS also can be tunneled via various secure protocols (DNS-over-HTTPS for example). Those use methods that provide k-anonymity. Firefox in addition also sends "fake" requests if I remember correctly so the hoster of the block list does not know whether that was a website you actually surfed to or a random request. If you are so concerned, just host your own VPN. Get a cheap VPS with bitcoin at njal.la for example, host OpenVPN and your own DNS server on it and there will be no link between you and the VPS. It's serious overkill though.
  22. 1 point
    Siehe hier.. https://support.emsisoft.com/topic/30508-build-9204/?tab=comments#comment-190523
  23. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  24. 1 point
    In this case I don't think VirusTotal would have shown us detecting it if you did the URL scan, but if you did a search for the domain then you'd get to see a list of scanned files at that domain (among other things): https://www.virustotal.com/#/domain/img1.wsimg.com VirusTotal doesn't always show us detecting a malicious URL, even when it's in our database and EAM detects it. Our malware analysts have noticed this as well, however we're not sure why it happens.
  25. 1 point
    Was soll das bedeuten? Im Zweifel bedeutet das für Server eine andere Software einsetzen und EAM auf en Clients zu halten. Es wirkt eher wie eine verschwurbelte Preiserhöhung. Preis und einfache Oberfläche waren bis jetzt Hauptvorteile von EAM. Die Enterrpriseconsole ist auch kompakt. Komplexität und Featureflut haben wir ja bei der Konkurrenz genug. Preislich ist sicherlich noch etwas Luft, aber wenn jetzt noch eine Schulung für die Preis/Featureliste notwendig wird, dürfte es Akzeptanzprobleme geben. Da bin ich mal gespannt, wie die Spreizung zwischen Enterprise und Privat gestaltet wird. Gerade was Betatests angeht. Die Netzwerkverbindungs-Probleme mit 2018.9. ware da eine interssante Erfahrung.
  26. 1 point
    So... is that specific webpage meant to show no file name, no file size etc?
  27. 1 point
    With EAM it would normally be a2service.exe and EmDmp.exe (the latter being our crash report tool), however I would believe that depends on whether or not you use the Enterprise Console to manage EAM from another computer/server (CommService.exe is used when EAM is connected to the Enterprise Console).
  28. 1 point
    Kein Problem Danke
  29. 1 point
    Yes you can delete them - delete the oldest ones. Logs should be in: C:\ProgramData\Emsisoft\Logs Names like: a2service_20170205003925(1116).log are named according to the part of the product that created the log (eg "a2service") then the yyyymmddhhmmss date and time they were first created, and the last bit in brackets is (I think) the process id. Just don't try to delete the log(s) that are being written to at the moment.
  30. 1 point
    Yes, Farbar, does publish changes made to FRST, but that is not publicly accessible. I Can forward that suggestion to Farbar. ADS themselves are not malicious but can be used to perform malicious functions. A couple of articles on ADS: https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/ https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/ Your logs look fine. How are things running?
  31. 1 point
    Hi nada hesham, Are you sure you are dealing with Xorist? Do you have any ransom notes? Regards, Sarah
  32. 1 point
    Nothing should be able to delete files in the EIS folder while EIS is running. Application Rules are created automatically in EIS for trusted programs, so this is a sign that it recognized the digital signature and allowed it.
  33. 1 point
    I was going over the program settings earlier today, and it looks like I was mistaken about the controls for automatic-quarantine having been removed. They appear to have simply been moved somewhere else:
  34. 1 point
    Hallo, Wenn genügend Arbeitsspeicher zur Verfügung steht die Option bitte aktivieren.
  35. 1 point
    Found and reproduced it. You should use foldernames with a trailing '\' In your case d:\test*\ If you add that path in the 'Exclude from Monitoring' grid, the File Guard will detect the files.
  36. 1 point
    You're welcome. Hopefully it won't be long before our developers are able to take a look at the issue.
  37. 1 point
    Hallo, Ich habe mit Emsiclean die Reste entfernt und neu installiert. Nun funktioniert wieder alles.
  38. 1 point
    This only happens when extracting the contents of an archive, or does it happen at other times as well? When extracting archives, many archive managers will extract the files to a TEMP folder first, and then move or copy them to the destination you had specified. When the protection is set to Thorough mode, it will scan files again when they are copied/moved, whereas it won't do that when set to Balanced mode. This would cause repeated alerts for the same file, at least in cases where a file was saved to a TEMP folder and then copied or moved somewhere else.
  39. 1 point
    Enter bestätigt grundsätzlich immer das gerade aktive Steuerelement (Button, Checkbox, etc.). Wenn der Fenster-Fokus daher (zufällig oder nicht) auf dem Button zum Löschen ist, löscht ein Drücken der Enter-Taste natürlich. Mit der Tab-Taste kann man den Fokus von einem Element zum anderen springen lassen. Das Problem hier ist, dass die Liste selbst nicht als aktives Steuerelement angesehen wird und daher die Funktion außerhalb anspringt. Ich werde das als Anregung weitergeben, damit das geändert wird. Vielen Dank!
  40. 1 point
    @Alexstrasza Read AGAIN! I disabled EIS Firewall and tried other options to find out what the problem with EIS STANDALONE is. It's the firewall part. It's having issues.
  41. 1 point
    This is a problem in the old version during unloading on some systems and also happened when you shut down EAM manually (which almost no-one ever does so it never showed up during our public tests). It is fixed in the new version, but since installing the fix isn't possible without shutting down the old version at least once, it's just something we have to go through.
  42. 1 point
    The thing with compatibility is that it outright blocks a whole bunch of features we would like to add. That is why we no longer recommend using EAM alongside any other AV software. At the moment we are still compatible with pretty much all of them and if we can easily work around a conflict we will still do so. However, we no longer consider a degradation of compatibility a blocker for new features.
  43. 1 point
    Dear Captain, Our licensing system allows up to five hardware changes withing every 24 hours. As the generated machine key changes if you change specific hardware components or re-install/upgrade OS our system will count a hardware change in such cases. So you could change hardware or OS up to five time each day without any problems. Please let us know if we can assist any further.
  44. 1 point
    Windows turns Windows Defender off when a third-party anti-virus software is installed, or at least it's supposed to. You can try using a tool such as ShutUp10 to turn off Windows Defender, and see if that resolves the issue.
  45. 1 point
    The Free version is missing: Advanced Mode Online Banking Mode File/Registry Shield Settings Import/Export DNS Spoofing Protection
  46. 1 point
    when they push a new version or some times is normal to see that you can not connect to the download server... just wait... normally the problems solve by itself... it happens to me every time they push a new ver of the product
  47. 1 point
    Everything should be fine now. Unless you are having problems, it is time to do the final steps. Delete the following from your Desktop: (If they exist) AdwCleaner.exe FRST.exe FRST64.exe JRT.exe JRT.txt Anything else I had you use Delete the following folders: (If they exist) C:\AdwCleaner C:\FRST Empty the Recycle Bin Download to your Desktop: - CCleaner Portable UnZip CCleaner Portable to a folder on your Desktop named CCleanerRun CCleanerOpen the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit) The following should be selected by default, if not, please select: Click and choose Uncheck Then go back to and click to run it. Exit CCleaner. Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore. You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Run Windows Update and update your Windows Operating System. Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated. Articles to read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety 10 Sources of Malware Infections That should take care of everything. Safe Surfing!
  48. 1 point
    I have written a cleanup script for OTL (if you need to, you may download OTL from this link) which will tell it how to get rid of the leftover McAfee stuff (note that some of this appears to be related to McAfee drive encryption, so if you used it to encrypt any data then you will need to decrypt it before running this script). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  49. 1 point
    Sorry, I have very ill for the past week. Download ComboFix from one of these locations: Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  50. 1 point
    Online Armor detects keylogger behavior so you may see detections for legitimate software that does not actually record keystrokes. Many programs use these same techniques for legitimate reasons, such as "Hot Keys". As with all of Online Armor's protection, you should simply consider the program that Online Armor is alerting you to and whether you trust it. If Online Armor alerts you to "keylogger behavior" of a program that you know and trust, then you should set the program to Trusted to allow it to function normally.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up