Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      648

    • Content Count

      11444


  2. Kevin Zoll

    Kevin Zoll

    Emsisoft Employee


    • Points

      298

    • Content Count

      18772


  3. Fabian Wosar

    Fabian Wosar

    Emsisoft Employee


    • Points

      298

    • Content Count

      4406


  4. Elise

    Elise

    Emsisoft Employee


    • Points

      256

    • Content Count

      8245



Popular Content

Showing content with the highest reputation since 10/13/09 in all areas

  1. 7 points
    Official word is, "yes". We will give free license extensions to anyone who upgraded to Windows 10 and was unable to use the firewall. Once the issue has been resolved, please either submit a support ticket in our helpdesk system, or send a Private Message on the forums to me (English Support) or Thomas Ott (English/German Sales). Be sure to mention that you would like to have your license extended due to the Windows 10 issues and include in your message any license keys that were in use on a computer with Windows 10. Feel free to link to this forum post if you would like to.
  2. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  3. 4 points
    Guten Tag, Wir haben mittlerweile mehrfach etabliert, dass Emsisoft nicht das Programm Ihrer Wahl ist. Sie haben sich bereits anderweitig ein Antivirus gesucht, dass auch noch dreißig weitere Funktionalitäten mitabdeckt. Fakt ist jedoch, dass viele Leute eben auch ein Antivirenprogramm suchen, dass nicht noch fünfzig Extras mitbringt, die man nicht will oder nicht braucht. Für diese Leute gibt es eben Emsisoft Anti-Malware und die meisten unserer Kunden sind mit der Tatsache, dass es eben 'nur' ein Rundumschutz für den Rechner ist und nicht mehr, zufrieden. Für all die angesprochenen Features - Passwortgenerator, Kinderschutz, etc - gibt es bereits gute Programme, die man sich bei Bedarf installieren kann. Viele Leute haben aber entweder keine Kinder oder wollen diesen den Zugang nicht beschränken, warum sollten wir diesen Leuten einen Kinderschutz mitinstallieren. Einige haben eben auch nicht RAM oder CPU im Überfluß, für diese Leute ist es noch ärgerlichr wenn das RAM durch ein AV belegt ist, dass aufgrund von ungenutzten Features die Ressourcen auffrisst. Fazit: Es gibt viele Antivirenprogramme, die die eierlegende Vollmilchsau sein wollen und versuchen alle Programme in einem zu vereinen. Es gibt User, die diesen Ansatz nicht mögen und nur ein Antivirenprogramm wollen. Nicht mehr. Für diese Leute gibt es, zum Beispiel Emsisoft Anti-Malware. Sie gehören nicht zu dieser Gruppe und das ist ok. Mit freundlichen Grüßen Kathrin
  4. 4 points
    Which for everything related to our core technologies (engine, behavior blocker, cleaning engine) would be me. Hi, nice to meet you! Next time someone looks strange at me for talking to myself I can now point them to this post and tell them you asked me to talk to me . Your argument is that we chose Bitdefender because it is "the best". Both Kaspersky as well as Avira consistently score higher in pure on-demand tests than Bitdefender does. If you consider PUP detection ESET is a superior contender as well. We considered all of them at one point or another but they were discarded for various reasons. The article is based on the submission we got through the "Submit information about detected Malware" option in all our products, which reports back meta data (infection names, number of infected objects) about all infections found by our products.
  5. 4 points
    Actually, there is a system behind it: My workstation computers are named after noble gases, like Krypton or Helium. Computers that I only use temporarily or belong to guests are named after transition metals like Titanium. Non-computer devices like smartphones are named after non-metals like Oxygen. All systems and VMs that are used for malware testing are named after radioactive elements like Uranium. Needless to say my WLAN and local workgroup is called "Periodic Table". And yes, I spent a significant amount of time coming up with that system and I am proud of it .
  6. 3 points
    Link to decrypter download page. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <- Forum post at BleepingComputer.com How do I remove the ransomware? The STOP/Djvu decrypter will stop the ransomware from running so that it can't continue encrypting your files, however it doesn't completely remove the ransomware. Most Anti-Virus software will detect STOP/Djvu if you run a scan for it, however if you don't have Anti-Virus software installed then you can run a Malware Scan with Emsisoft Emergency Kit (free for home/non-commercial use). Note that formatting the hard drive and reinstalling Windows will also remove the infection, however this ransomware is particularly easy to remove, so if a computer is only infected with STOP/Djvu then formatting the drive would be unnecessary. Will removing the infection unlock my files? No. Your files are encrypted. This encryption needs to be reversed (via a process called "decryption") before your files will be usable again. This encryption cannot be removed or undone simply by removing the STOP/Djvu ransomware infection. The decrypter can't decrypt my files? In most cases this means you have an online ID. It could also mean your files were encrypted by a newer variant of STOP/Djvu. See below for explanations. Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. Why is the decrypter stuck on "Starting"? When you run the decrypter, it looks for encrypted files. It will say "Starting" until it is able to find some. If the decrypter remains stuck on "Starting" for a long period of time, then this means it is unable to find any encrypted files. Offline ID. When the ransomware can't connect to its command and control servers while encrypting your files, it uses a built-in encryption key and a built-in ID. Offline ID's generally end in t1 and are usually easy to identify. Since the offline key and ID only change with each variant/extension, everyone who has had their files encrypted by the same variant will have the same ID and the files will be decryptable by the same key (or "private key" in the case of RSA encryption). Online ID. In most cases the ransomware is able to connect to its command and control servers when it encrypts files, and when this happens the servers respond by generating random keys for each infected computer. Since each computer has its own key, you can't use a key from another computer to decrypt your files. The decrypter is capable of working around this with older variants as long as it has some help, however for newer variants there is nothing that can be done to recover files. Old Variants. Old variants were those in distribution until near the end of August, 2019. Our decrypter supports offline ID's for almost all older variants, and can decrypt files for those with offline ID's without needing any help. For online ID's, it's necessary to supply file pairs to our online submission form so that the decrypter can be "trained" how to decrypt your files. A list of extensions from older variants can be found at the bottom of this post. New Variants. These use a more secure form of RSA encryption. Support for some offline ID's has been added to the decrypter for newer variants, and support for new offline ID's will be added as we are able to figure out decryption keys for them. As for online ID's, due to the new form of encryption, there's currently nothing the decrypter can do to help recover files. Will it ever be possible to decrypt new variants with online ID's? That depends on whether or not law enforcement is able to catch the criminals who are behind this ransomware. If law enforcement is able to catch them and release their database of keys, then we can add those to our database for decryption. If you would like to report this ransomware incident to law enforcement, then please click here for more information. The more reports law enforcement agencies receive, the more motivation they have to track down the criminals. What is a file pair? This refers to a pair of files that are identical (as in they are the exact same file), except one copy is encrypted and the other is not. Our decryption service can analyze the differences between an encrypted file and an original unencrypted copy of the same file, allowing it to determine how to decrypt that type of file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back. File pairs only work for one type of file. Due to the way encryption works in STOP/Djvu, file pairs can only help the decryption service figure out how to decrypt one type of file. For instance, if you submit a file pair for an MP3 file, then the decrypter will be able to decrypt all of your other MP3 files, however it won't be able to decrypt any other type of file. There are some exceptions to this, such as certain newer Microsoft Office documents (such as DOCX and XLSX) since those files are technically ZIP archives. The decrypter can't decrypt all of my pictures even though I submitted file pairs for them? JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decrypter will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you've obtained those pictures from. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Is there anything I can do to help catch these criminals? The best thing you can do right now is file a report with your country's national law enforcement. There is more information available at the following link: https://www.nomoreransom.org/en/report-a-crime.html Extensions from older variants that the decrypter supports:
  7. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  8. 3 points
    Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Finding the right ransomware sample becomes infinitely more challenging when you deleted the infection and can't provide us with the ransomware. It is okay to disable the infection by disabling any autorun entries pointing to it or by quarantining the infection. However, it is important not to delete it from quarantine or to remove the malicious files right away without a backup. Disable any system optimisation and cleanup software immediately A lot of ransomware will store either itself or necessary files in your temporary files folder. If you do use system cleanup or optimisation tools like CCleaner, BleachBit, Glary Utilities, Clean Master, Advanced SystemCare, Wise Disk/Registry Cleaner, Wise Care, Auslogics BoostSpeed, System Mechanic, or anything comparable, disable those tools immediately and make sure there are no automatic runs scheduled. Otherwise, these applications may remove the infection or necessary ransomware files from your system, which may be required to recover your data. Create a backup of your encrypted files Some ransomware has hidden payloads that will delete and overwrite encrypted files after a certain amount of time. Decrypters may also not be one hundred percent accurate, as ransomware is often updated or simply buggy and may damage files in the recovery process. In those cases, an encrypted backup is better than having no backup at all. So we urge you to create a backup of your encrypted files first, before doing anything else. Server victims: Figure out the point of entry and close it Especially recently we have seen a lot of compromises of servers. The usual way in is by brute-forcing user passwords via RDP/Remote Desktop. We firmly suggest you check your event logs for a large number of login attempts. If you find such entries or if you find your event log to be empty, your server was hacked via RDP. It is crucial that you change all user account passwords immediately. We also suggest to disable RDP if at all possible or at least change the port. Also, it is important to check all the user accounts on the server, to make sure the attackers didn't create any backdoor accounts on their own that would allow them to access the system later. Figure out what ransomware infected you Last but not least it is important to determine what ransomware infected you. Services like VirusTotal, which allows you to scan malicious files, and ID Ransomware, which lets you upload your ransom note and encrypted files to identify the ransomware family, are incredibly useful and we will probably end up asking you for the results of either of these services. So by providing them right away, you can speed up the process of getting back your files. If you struggle with any of these points, please feel free to ask for help. Our ransomware first aid service comes with no-strings-attached and is free for both customers and non-customers.
  9. 3 points
    Please note that Emsisoft Anti-Malware for Windows XP hasn't been updated (as in program updates) in over 2 years, and we never intended on continuing long-term database update support for it. In fact, we discontinued our own database updates for it over a year and a half ago, and those still running Emsisoft Anti-Malware on Windows XP have only been receiving BitDefender database updates. We've decided that it is time to stop redistributing those BitDefender updates for Windows XP, as all they are doing is giving those on Windows XP a false sense of security. In addition, it is extremely dangerous to continue using Windows XP. It has (for several years now) had well-known and major security vulnerabilities that Microsoft will never fix. These vulnerabilities make it trivial to infect a Windows XP system, and there is no security software in the world that is capable of preventing it. We can not, in good conscience, continue to provide any support for this version of Windows, as we announced on December 31st, 2015: https://blog.emsisoft.com/2015/12/02/why-we-believe-its-not-ethical-to-sell-antivirus-software-for-windows-xp-any-longer/ We highly recommend that you upgrade to a newer Operating System that is still supported. It doesn't matter if that's a newer version of Windows, or something free like Linux or BSD, as long as you'll be receiving security updates from whoever makes it. New vulnerabilities are discovered almost every day for every major Operating System (Windows, Linux, BSD, MacOS, Android, etc) so it is absolutely critical that you are able to receive security updates from whoever made the Operating System to help keep you and your data safe.
  10. 3 points
    Wenn alle Features eingebaut würden, die Galaxy wünscht, dann würde ich EAM sofort deinstallieren. Ich mag das Programm so wie es ist und hoffe, das bleibt auch so.
  11. 3 points
    Is this working OK now for everyone else? If it is, then there's no need for any more logs. All we needed was a traceroute to send to our CDN provider to help in identifying the server that was having the issue, and I managed to get one of those the other day.
  12. 3 points
    @achtsam Es wird eher langsam Zeit, dass Du deinen privaten Kreuzzug einstellst. Das nimmt ja wirklich paranoide Züge an.
  13. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  14. 3 points
    Today, we've received information that our Dutch team member Rob R. passed away yesterday afternoon, after suffering from an unexpected heart attack last Wednesday. Rob was our lead software tester and we always admired him for his special eye to track down the most tricky bugs. He joined our team more than five years ago by voluntarily sending over a brand new and complete Dutch translation of our software. Shortly after he initiated our efforts in offering physical delivery of our software on CD boxes and USB sticks. He also demonstrated a great interest in testing security software which recently led him to becoming our lead tester for Emsisoft Anti-Malware and Emsisoft Internet Security. Rob will truly live on in our memories as a valued team member and friend.
  15. 3 points
    Hardik587 You are indeed becoming most wearisome. There is an old expression among diehard Texans. "No matter how much you kick a dead horse it won't get up" This is exactly what you are doing.
  16. 3 points
    Hello, please send me your license key via PM (personal message). I will add some days to your key as a sign of goodwill.
  17. 2 points
    @Kevin Zoll @GT500 Just tried using STOP djvu decryptor a while ago and my files were successfully decrypted. Thank you so much Emsisoft Team. 😭
  18. 2 points
    @m2413 and @Juroan24 private keys for offline ID's are added to our database once we are able to find them. Just run the decrypter once every week or two in order to see when we've added the private key for your variant.
  19. 2 points
    We just added the private key for .reha offline ID's on Thursday, which is why it suddenly was able to decrypt your files. Thanks for letting us know that it worked. 👍
  20. 2 points
    @ferko85 Let’s deal with the active malware infection before attempting to recover your files. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt
  21. 2 points
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  22. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  23. 2 points
    > Thanks how do I turn off the notification please ? See: Settings - Notifications - Browser Security verifications
  24. 2 points
    Hello, This is legitimate. You can read more about it here: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  25. 2 points
    Hello RodPaulo! Over the last three months, we gradually rolled out new infrastructure for our behavior blocker as part of the monthly feature updates. We decided to introduce this new tech gradually as to avoid headaches when switching everything at once. In addition, just the infrastructure on its own had major benefits like fixing several long-standing compatibility issues with products like Kaspersky, Avast, AVG and some other products, that rendered systems unusable as no process could be started on systems running both EAM and their product in real-time. The rollout itself was pretty smooth and we didn't see anything unusual in our telemetry or continuous daily testing either. However, it turned out that there was a rare race condition with certain malware obfuscators that caused some 32-bit processes to not be monitored correctly on Windows 10 64-bit systems. AV-C did report the issue to us as part of their normal report at the end of March and we fixed and released it as an update during the 2018.3 lifecycle very shortly after, but by then we already had racked up a couple of misses in the April test period as well. You may also be interested in the AV-C business test series factsheet they just published, available here: https://www.av-comparatives.org/wp-content/uploads/2018/05/avc_biz_2018_03_factsheet_en.pdf
  26. 2 points
    If you’re a regular reader, you’ve probably noticed that something has changed about our blog… That’s right: everything has changed. When we started the original blog more than a decade ago, little did we know how popular it would become. From a few hundred visits per month back in 2004 to more than 100,000 now, the Emsisoft Security blog has become a major destination for people looking for straight-talking security advice from our team of malware and online security experts. Sadly, while the actual articles have progressed in leaps and bounds since the early days, the blog page itself has received little love and was starting to feel inadequate for the breadth of content we are now offering our readers. We decided to change that and embarked on the biggest redesign of our blog ever. After lots of brainstorming and gathering feedback, we are excited to show you what we’ve been working on and hope that it will make discovering, exploring and sharing our content even better. So, go ahead and check out our redesigned security blog now, or read on about the exciting changes you can look forward to. See what’s new Without further ado, below are some key highlights from the many improvements we have made to your Emsisoft Blog experience: Home page Visitors to Emsisoft’s Blog will now be greeted by a clearly structured home page, with a prominent “Featured Article” chosen by the team to highlight the latest insights into online security. The page itself is divided into clear categories with a selection of the latest articles for each, so it’s easy to browse through each section and dive into those that you find most interesting. From the latest videos, to Protection Guides and Enterprise Security, there’s something for every security-conscious reader. Category pages All posts are now grouped into clear categories and can be accessed from any part of the blog using the new category menu. Each main category page has been designed with a clear purpose and provides an intuitive way to browse the most relevant articles. While the Emsisoft News articles are organized in a timeline, the Protection Guides are grouped by topic to allow you to find the most relevant information in one place. Go ahead, have a look around! Readability First and foremost, a blog should be a pleasure to read. Once you’ve found what you’re looking for, reading should be a pleasant, distraction-free experience. We have reduced the clutter around the actual article text and adjusted the layout and typeface, creating the feeling of reading a high-quality book, whether it’s on a desktop or on your mobile phone on the go. Quick Search Find any article in a matter of seconds with our new search function. With hundreds of online security articles published over the years, our completely new search functionality makes finding that one article about ‘ransomware payment methods’ a breeze. Simply click on the magnifying glass in the header to bring up the search box, start typing and results will appears instantly. Sharing Options To achieve our ultimate goal of a malware-free world, it’s critical to share our insights and security advice with as many people as possible. We’ve now made it easier than ever to share articles or even sections of articles via social media or email: simply click on your favorite social network on our new sharing menu on the left-hand side to share the whole article with your friends and colleagues, or select a particularly insightful sentence or paragraph and share it via the new context menu that appears. We want to hear from you This article only touches the surface of all the changes we’ve made for you in our new Emsisoft Security blog, and we plan to continue developing it over the coming months. As excited as we are about the improvements, ultimately we have made them for you, our readers and customers. Let us know what you think about the new design, the functionality and the reading experience. The post Welcome to the all-new Emsisoft Security Blog appeared first on Emsisoft | Security Blog. View the full article
  27. 2 points
    The holiday season is not only a great opportunity to spend time with loved ones, but also to look back at the year gone by. For us at Emsisoft, we could finally take a brief moment to realize just how busy 2017 has been for the team and the wider security industry: from major ransomware outbreaks that took most (Emsisoft customers excluded) by surprise to constant product evolution to guarantee the best possible malware protection for our customers, this year has been anything but uneventful. Better surf protection: Both online and in the water Prevention is worth a pound of cure, so raising awareness of online security issues has always been close to our hearts. Back in November 2016 we started out with the world’s first surf protection research using drones and high technology drifters, teaming up with Surf Life Saving New Zealand to map currents and further understand threats and dangers that await unsuspecting surfers under the surface. The campaign results exceeded our highest expectations: not only was the project widely covered in media outlets across the country, but the insight gained formed the basis for future projects and was even presented at a conference sponsored by the World Health Organization. As our CEO Christian Mairoll put it: Whether online or in the water, Emsisoft always aims to observe dangerous environments, analyze specific threats and most importantly prevent dangerous situations that surfers suffer from everyday. Ransomware outbreaks take many by surprise Ransomware attacks are nothing new for our team, but the sheer size and speed of two major outbreaks this year caught many off guard. In May, Wannacry ransomware took advantage of the NSA shadow broker exploits to rapidly spread to hundreds of thousands of machines, including major corporations in Europe and beyond. A mere month later, Petya used the same exploits to wreak havoc across high-profile businesses in dozens of countries and exposed, despite repeated warnings from security experts, the general lack of basic protective measures, including up-to-date operating systems, regular backups and the use of reputable anti-malware software. Our customers were safe from these attacks thanks to Emsisoft Anti-Malware’s multi-layered protection. Yet it’s events like these that remind us of the need to constantly improve our technology and awareness to stay one step ahead of cybercriminals. Emsisoft evolves to stay ahead of malware Malware attacks of this nature require an immediate response. Luckily, one of our main advantages over many competitors is our ability to adapt quickly. Starting in January, we introduced a new product versioning scheme that aligns with our development month and laid the foundation to bring protection and usability features to our customers faster than ever, rather than waiting for a major release. Making great protection even better Our customers choose Emsisoft first and foremost for one reason: to be protected from all types of malware threats. It’s a job we take seriously, which is why we have launched a number of improvements throughout 2017. Our personal highlights: We made our Behavior Blocker even more capable, detecting malware and ransomware threats that try to disable antivirus software. We promoted our existing ransomware protection into a dedicated “Anti-Ransomware” layer. We added Double Pulsar exploit mitigation in response to the increase in ransomware outbreaks. This doesn’t include the countless under-the-hood changes to the Surf Guard to detect even more phishing scams and the performance improvements we have launched month after month to ensure your protection does not get in the way of your day. Keeping things simple Simplicity is one of our core values here at Emsisoft, and the product team made it a clear focus to deliver against it in 2017. We looked at all aspects of our software and listened to a lot of customer feedback to learn how we can make things better, faster, and simpler. The result was a raft of new and improved features that we released over the last 12 months, including: a simplified user permissions system based on 2 groups; a brand-new feature to exclude specific programs from scanning and protection; an extended Forensic Log to better reproduce malware-related events on your machine; an auto-resolve mode for the behavior blocker to reduce user-dependencies; email notifications. Merging Emsisoft Internet Security with Emsisoft Anti-Malware But perhaps the biggest change in terms of our product development has been the merging of Emsisoft Internet Security with Emsisoft Anti-Malware in October this year. What may have seemed like a sudden decision was the result of a careful evaluation of our core competencies, the realities of a changing malware landscape and the preparation for things to come. To ensure customers dependent on a firewall would receive a comparable level of protection, we released a Fortification feature for the Windows Firewall to ensure that malware will not be able to tamper with it. Business-grade security that just works As we’ve touched on earlier, this year in particular exposed just how devastating ransomware attacks can be for companies both large and small if they do not have reliable endpoint protection in place. We always believed that sophisticated, enterprise-level endpoint protection does not need to be complex, and we have continued to refine the experience of our business customers, whether that’s enhanced Emsisoft Enterprise Console connection features or new MSI setup files for time-efficient group policy deployment in larger Windows networks. Our efforts did not go unnoticed either, as independent test lab AV-Comparatives praised our business solution for its ease of use, clean design and fast deployment capabilities in this year’s Business Security Report 2017. Combined with a stellar malware protection rate powered by Emsisoft Anti-Malware, we walked away with the “Approved Business Product Award” for the second year running. The feedback that counts: yours While it’s great to get recognized with industry awards for our malware protection performance, it’s the messages we receive from our customers and partners that put a smile on our faces and give us the motivation to get up in the morning to fight the good fight. I wanted to take a moment of your time and let you know that there just isn’t a better anti-malware company than Emsisoft. Your dedication to the world of online protection is the best in the business. I have 100% confidence in Emsisoft to keep me safe on line no matter what. It’s just something I never have to think about. Joel Gardner, Switzerland Emsisoft is about security. Looks good, works good, is light and what is most important, Emsisoft is about trust. My is over 8 years as paid customer, without any single security PC problem. Franky via Twitter Another gold star for Emsisoft! I’ve been with you since a-squared, and it’s always been prompt, professional and excellent service all the way, not to mention the superb software solutions. These days, companies that care are unfortunately few and far between. Douglas Sharp, Germany I own a brick and mortar retail computer repair shop. We have sold hundreds if not thousands of copies of Emsisoft through our retail business. I have to say Emsisoft works so well that I feel like it may be hurting our repair business. Our customers like it and that’s what matters. David Gentry, Lantean Systems LLC, USA What lies ahead in 2018? Ransomware once again dominated the year, and we are expecting this trend to continue into 2018. Wannacry and Petya attacks made sure that even the most technophobic among us have at least a basic level of awareness. But they also laid bare the ample opportunities for cyber crime as too many business still don’t have credible security strategies in place. We covered the emergence and increasing sophistication of Ransomware-as-a-Service (RaaS) business models, allowing anyone with malicious intentions to execute their own ransomware attack and share the ill-gotten gains with the RaaS creators. Given the ease of using these services and the proliferation of cryptocurrencies, we at Emsisoft expect the ransomware campaigns to continue unabated into the new year. The other trend to keep an eye on is also connected to the rise of digital currencies: Cryptomining. Online criminals and even some „legitimate“ websites are experimenting with the use of crypto-miners to extract revenue from users. Whether it will evolve into a legitimate alternative to the established ad model or remain mostly a tactic by malware authors remains to be seen. Whatever the outcome, as long as cryptocurrencies continue to rise, we expect to come across increasingly sophisticated variants. But what will Emsisoft look like in 2018? We plan to continue our efforts to declutter Emsisoft Anti-Malware to make it the easiest to use protection software on the market. Our Malware Lab is working relentlessly on a new malware detection and protection system that is going to raise the bar in the industry. In addition, our product development teams have started working on a major project a couple of months ago that is expected to be launched no earlier than mid 2018. We can’t wait to share more details as we get closer to the actual release and to hear what you think. But until then, you can count on Emsisoft to protect you from all the current and future threats that may lurk out there. Malware never sleeps, and nor do we. Have a brilliant, malware-free 2018! View the full article
  28. 2 points
    If you change the setting (for Malware hosts) on that screen (eg to Block silently) then all instances of malware-host alerts would become silent. That's not necessarily sensible - yes, fewer alerts, but also you'd be less aware of sites that maybe you shouldn't trust so much. If you see alerts for that specific malware host frequently, you could add a rule to treat it differently eg just silently blocking it. But again, you'd then not be warned that such sites had embeded links to that host. Is that wise?
  29. 2 points
    You don't need an account on the website; you just copy & paste the licence code into the application. Keep the details in case you need them again.
  30. 2 points
    Starting 1 October 2017, Emsisoft Internet Security will be merged with Emsisoft Anti-Malware. While this may come as a bit of a surprise, there are many factors that have prompted this decision, and I would like to use this as an opportunity to share our reasoning: A common base Technically, both products have shared the same code base and even the same file feeds for online updates for the last couple of years. From a branding perspective, Emsisoft Internet Security has kind of been framed as an extended feature set edition of Emsisoft Anti-Malware. The only difference between the two products is Emsisoft Internet Security’s built-in firewall component, which is responsible for its slightly higher price tag. While Emsisoft Internet Security was definitely a valuable product in years gone by, we believe that whatever protective advantages desktop firewalls once had over Windows Firewall are now minimal, if not negligible. The job of firewalls The main purpose of a desktop firewall is to shield your computer from attacks from the Internet. It does so by interrupting network communications initiated by foreign computers when they attempt to connect to a program that listens for input on your computer. However, there are two things to consider here: Most attack attempts from the outside are made impossible by the use of NAT routers (which includes just about every modern DSL modem), as they separate your inside network (LAN) from the Internet. The built-in Firewall in Windows 7, 8 and 10 already does a pretty good job of blocking connection attempts from potentially dangerous computers that reside in the same network (e.g. in public WiFi) or on the Internet. Malware and firewalls We see our main job as protecting your computer from malware – and today’s malware is generally quite unimpressed by firewalls. Connection attempts from the outside in are blocked by the Windows Firewall by default, and connections from the inside out are prevented by Emsisoft’s multi-layer real time protection, and the Behavior Blocker in particular. Emsisoft Firewall vs Windows Firewall When Microsoft introduced the Windows Firewall in a late Windows XP Service Pack update, it was a bit of an embarrassing performance and the software could not be taken too seriously, which led us to build a stronger alternative. But with the release of Windows 7, the Windows Firewall started to do its job much more effectively, and the latest Windows 10 version pretty much does everything you could expect from a desktop firewall. Its only architectural flaw is that its settings (and firewall rules) can be freely edited by anyone or anything that attains the required permission level. In other words, if malware manages to run on the PC, it’s able to allow itself to get through the firewall. That was one of the main reasons for us to maintain our own firewall component. A better approach: Fortifying the Windows Firewall Emsisoft Internet Security has always been highly configurable. While some of our more technically minded users might have appreciated the freedom to tweak settings to their heart’s content, it has to be said the majority of our customers are (understandably!) not familiar with the technical intricacies of firewalls and were not always confident when using the software. This was problematic given the fact that a wrong configuration can potentially cause a lot of damage when it comes to malware protection. So, in the interests of protecting our customers, we thought it would be most beneficial if, moving forward, we simply rely on the Windows Firewall and use our software to cover its blind spot and ensure its settings can’t be manipulated by malware from the inside. How are we going to do that? Well, one of Emsisoft’s key strengths is creating Behavior Blocking technology that works. It allows us to detect and intercept malicious actions from active programs in real time before they can cause any damage. This technology now allows us to define behavior patterns that indicate illegitimate manipulations of Windows Firewall rules. We make sure Windows Firewall is as safe to use as our own firewall, so we can remove the redundancy of building and maintaining our own firewall code. Therefore, we decided to end the product life-cycle of Emsisoft Internet Security and merge it with Emsisoft Anti-Malware, which receives the Windows Firewall fortifying enhancements in the version 2017.8 release. Timeline September 1st, 2017: The new Windows Firewall Fortify feature will be part of the version 2017.8 release of Emsisoft Anti-Malware. October 1st, 2017: Existing Emsisoft Internet Security software will directly update to Emsisoft Anti-Malware version 2017.9 and the remaining license period will be extended as described below. No manual actions required. Advantages for Emsisoft Internet Security customers We appreciate that the decision and swift merging will come as a surprise to our loyal customers, so apart from the additional features already mentioned that ensure capable and secure firewall protection, we are sweetening the transition for existing Emsisoft Internet Security license holders: By switching to Emsisoft Anti-Malware, your annual software license fee gets about 20% cheaper. To compensate for the already paid higher product price, we will extend all active Emsisoft Internet Security license periods by 50%. E.g. if you have 1 year left on your license, it will change to 1.5 years for free. Malware protection capabilities of Emsisoft Anti-Malware will be improved due to less interference with firewall code. Your Emsisoft protection software will get lighter on the system and there will be fewer incompatibilities with other products. Less risk of misconfiguring the protection features. We hope you think this is a fair deal and will make the transition to our flagship product as smooth as possible. Should you still be unhappy with the upcoming changes, we’re happy to do partial refunds for your remaining license period. As the cybersecurity landscape continues to evolve, we are continuing our mission towards a safer digital world for everyone. Today we have taken an important step in this journey, and we are excited to continue to improve our protection services for our customers. Have a great, malware-free day! View the full article
  31. 2 points
    Hello to you all, l don't know how some of you are going to react to my post but the end is what matters. On Friday morning we (company) where infected from the Cry36 Virus(Ransom). Our Server 2008R2 was with anti-virus and with Windows Update.. up to date.. At the time we had a external Hard drive connected to the server (the only one we had) since we didn't have a duplicate due the second one failed on us. Due to hard times here in Greece we thought that one hard drive was enough. Since our server was under repair with a raid problem we had an live backup. All our files where encrypted.. Most you will probably understand. We called local Police, Internet Crime Center Greece and Interpol. We had support for a number o techs, antivirus profs in Greece and around the world. We had no choice but to gamble with the hackers. They asked for $800 in bit coin. We had nearly every day email exchange with them. The process to obtain bit coin was a long and stressing time. The amount of money we where loosing day by day was nightmare. After 8 days we had the bit coin, we transferred them to the people responsible and in 15min we had the unlock.exe we our ID and a password from Greece to US. They even gave us instructions and warnings not to damage the files. We got all our files back!!!!!!!!!!!!!! Yes we did the wrong thing and payed. In the end we lost a lot of money and lived 10 days of hell!!!!! The virus was infected from a personal email...
  32. 2 points
    I believe everyone here are all frustrated that we still can't recover our file back. So am I. I'm also thinking the possibility to pay to the terrorists to get my file saved. But I still have some hope that Emsisoft Team can make the decryptor . I hate cry36.
  33. 2 points
    It doesn't matter if it is securely transmitted or not. Your browser decrypts the HTTPS traffic when it is received, so the file would be saved in its original form, and our protection would catch it either way. HTTPS (secure connections) are only intended to keep information being exchanged over the Internet private. For instance, if you do a search on your favorite search engine, and the connection to their website uses HTTPS (and thus is secure), then when the NSA records the data that is sent from your computer to the search engine tell it what you want to search for, that data is encrypted, and thus the NSA can't actually tell what you searched for if they were to review the data they had collected (obviously they may have other ways of finding out, but at least they can't get it from the HTTPS traffic). Of course, I'm using the NSA as an example due to the various leaks revealing that they record everything that is transmitted across the Internet. The original purpose of HTTPS was to secure online purchases and other information you submit to websites from criminals snooping on data sent across the Internet. If malware is downloaded over a secure connection, then all it really does is keep anyone from snooping on your Internet traffic (or government agencies recording everything you do online) from seeing what you downloaded. That sort of thing would generally be done either with malicious extensions, or some sort of malicious program on your computer. If there is something malicious on your computer, then everything is compromised, and not just a single tab. Note that most modern browsers (except maybe Firefox) have a sandbox for each tab in the browser, which should isolate the tabs from each other. I have never saw these words before and do not know what they are . ClassicShell is a program for Windows 8, Windows 8.1, and Windows 10 that adds the classic Windows 7 Start Menu to these newer versions of Windows. AmmyAdmin is a remote access software similar to TeamViewer. There are testing organizations/companies that will test websites for security problems periodically, and some website owners will sign up for those services to ensure their websites are secure. With paid services the website owners are usually allowed to put some sort of graphic on their website that links back to the latest test results to allow visitors to verify whether or not the website is secure. If you see one of those graphics on a page, and can click on it to verify that it is valid, then the website is more than likely secure. If there is no such graphic on a website, then there will be no publicly available way to verify the website is secure, however this does not mean the website unsafe. As an example, GT500.org doesn't have a graphic/button/etc. that you can click on to see if the website has been tested, however it is tested weekly for security vulnerabilities by Beyond Security and is almost always given the highest possible score (when it isn't, any security issues are dealt with quickly).
  34. 2 points
    Browser Integration (assuming you mean browser extensions) - This sort of thing is generally used to generate revenue by hijacking your browser search settings, or tracking your browsing habits. Since we have no interest in doing such things, and a browser extension wouldn't provide any real increase in security beyond our Surf Protection, File Guard, and Behavior Blocker we don't feel that browser extensions should be bundled with our products. Pop-Up Blocker - Pretty much every modern browser already has a built-in pop-up blocker, so such a feature would just be a gimmick used to drive sales rather than something really useful for our users. Beyond that, there are already popular and safe extensions that supplement web browser pop-up protection, with included ad blocking, that do a rather good job and we tend to recommend those to our users. Password Manager - There are so many password managers these days that any attempt by us to make one would just be a gimmick to drive sales. These days you can use LastPass for free on multiple devices, and sure beats needing to get used to a new password manager when you change your anti-virus software. And if you don't like LastPass, there are others that are just as good, and even one that is open source (although I would believe it lacks an official browser extension). Encryption / Safes (assuming you mean encrypted storage) - Windows has had a built-in encryption tool called BitLocker for about 10 years, although I would believe it is restricted to only certain editions of Windows. In cases where users don't have BitLocker, or simply don't like it, there are free tools such as CipherShed and VeraCrypt (both are updated versions of TrueCrypt) that should fulfill that role reasonably well. Adding such a feature to our own software would also be nothing more than a gimmick. I know I'm starting to sound like a broken record with the word "gimmick", but trying to re-create all of these features that other people already do for free (and do rather well) is really just something anti-virus software vendors do to make their software stand out in the crowd. If they can't drive sales with superior protection, then at least they can wow potential customers in a store with a bunch of extra bullet points on the box. My biggest recommendation is uBlock Origin for your browser, and if it is also available then uBlock Origin Extras. You can also try things like Ghostery if privacy is a major concern for you. We don't generally recommend extra software with real-time protection in addition to our own, however if you feel it is necessary then we recommend no more than two softwares with real-time protection be installed at the same time. If you want on-demand scanners (Malwarebytes Anti-Malware, Hitman Pro, etc) then those should be OK. We issue license keys, similar to a "serial key". They'll be in the form AAA-BBB-CCC-123 (for reference only, that is not a valid license key). I'll have to ask one of our sales representatives about any available discounts, however you may want to take a look at this information about how to get free license time. Spyware and Adware are malicious software, and thus are classified as "malware" (as are viruses, trojans, ransomware, etc). Our software provides protection against all of these as part of its normal functionality through its File Guard and Behavior Blocker. The only thing you will see separate settings for are Potentially Unwanted Programs (PUPs), since these are not real threats we make detection of them optional. There are known compatibility issues with our software and anti-virus software from both Kaspersky and AVG. I recommend avoiding anything from those vendors that includes real-time protection. All I really know about MBAM these days is that it isn't going to detect droppers (trojans that install another infection) for Locky since they are JavaScript, and not executable files. Beyond that, I know very little about its effectiveness or functionality. I'm not familiar with software from Heimdal, so I can't say whether it would be any help with security.
  35. 2 points
    Zum AV-C Test: Bei dem Test gab es ein Problem mit dem Testsetup. Es ist nicht ganz klar ob entweder das automatische Testsystem von AV-C oder EAM versagt hat. Allerdings gab es 13 Samples die als nicht erkannt klassifiziert wurden. Weder AV-C noch wir konnten das Problem reproduzieren, weshalb nach einem Nachtest alle "misses" in "user decisions" umgeklariert wurden. Allerdings ist auch die Klassifizierung irrefuehrend. Das Problem ist, dass unsere Cloud die meisten Anfragen automatisch haette beantworten koennen. Allerdings wurden alle Nachtests ohne Cloud durchgefuehrt, weil wir halt schummeln und alle Dateien in der Cloud haetten Blacklisten koennen und AV-C keine Moeglichkeit hat, unsere Cloud zum Zeitpunkt des Originaltests zurueck zu drehen. Fehlalarme wurden durch Setups verursacht die Double Signed sind. EAM hatte in dem Fall Probleme die digitalen Signaturen korrekt zu erkennen. Das Problem wurde mittlerweile allerdings behoben.
  36. 2 points
    Thanks, works great, thanks for all the feedback in this thread and for getting it sorted.
  37. 2 points
    Yes, this is normal. It's possible that there may be something we can do to prevent the extra notification, so I'll talk to our QA team and see what they think about this.
  38. 2 points
    Generell basiert der Mechanismus des Quarantaene Rescans darauf, dass wir Elemente in der Quarantaene nach jedem Update neu scannen. Sollte eine Datei dann ploetzlich nicht laenger erkannt sein, gehen wir davon aus, dass es sich um einen Fehlalarm handelte. Wir justieren Erkennungen konstant. Entsprechend kann es vorkommen, dass insbesondere bei Erkennungen, die von generischen Signaturen ausgeloest wurden, selbst kleine Modifikationen dazu fuehren, dass ein bestimmtes Sample einer Malware Familie nicht laenger erkannt wird. Falls man generell nicht moechte, dass EAM oder EIS die Quarantaene bei jedem Update neu scanned, dann kann man unter Einstellungen/Allgemein den Quarantaene-Scan von "Automatisch" auf "Kein erneutes Scannen" aendern. Haette sie definitiv. Tesla ist im Grunde nicht wirklich neu. Die ersten Versionen gehen auf Mai diesen Jahres zurueck. Das hier wuerde passieren, wenn man versucht TeslaCrypt auf einem von EAM or EIS geschuetzten PC auszufuehren: Sollte man die Cloud Unterstuetzung deaktiviert haben oder in dem unwahrscheinlichen Falle, dass die Cloud das Sample noch nicht kennt, dann bekommt man folgende Warnungen zu sehen: Erst nachdem man jede dieser Warnhinweise ignoriert und die weitere Ausfuehrung erlaubt hat, wird ueberhaupt irgendeine Datei auf dem PC verschluesselt.
  39. 2 points
    I know, that is why I only counted signature updates. Whenever you see an exact signature count in the change log above, one of our signatures was updated. Sorry, what you ask is impossible. It should be obvious to anyone, that if you have a scan engine that already detects 95% of all malware out there, that the other engine can't suddenly detect more than that without causing gross redundancy. In general we can choose to waste hundreds of megabytes of RAM on hundreds of thousands of systems to keep duplicate signatures around so you feel validated in your purchase, or we can choose not to do that, not to waste everyone's resources. To be honest, that's not even a choice really.
  40. 2 points
    Upgrade from EIS 10.0.0.5735 to EIS 11.0.0.5847 (Beta) I currently have for the 'Advanced Firewall Settings' to "Ask" to allow incoming/outgoing firewall rules. (all 4 options are set to Ask) Application Rules did not Update after Upgrade ----------------------------------------------------------- After the upgrade/restart i deleted the custom rules to allow ports 80/443 and yet it still allowed the connection even after restarting firefox and did not prompt me to allow it again either. So I went to Settings -> "Factory Defaults" this seemed to do the trick, and this time asked me to allow the port connections 80 / 443. Real-Time Firewall Blocking ------------------------------------ At first I allowed port 80 / 443, and then tried adding a BLOCK TCP/UDP 0-65535 (below to the first rule) i could still browse successfully (where before in v10, 0-65535 was over-riding everything) However then i removed the rules, then tried this time to "block" the connections, except it was still allowing the connection, even though 80 / 443 were blocked. It wasn't until I restarted firefox that the blocking rule took effect. so it appears real-time firewall blocking of the application is not quite working. Real-time Application Blocking (or Suggestion) ------------------------------------------------------------------- Another issue ,prevalent in v10 also, is when you block an application in Application Rules or Behaviour Blocker, it does not close the application once blocked, it just prevents it from running the next time. Where in v9 i remember it used to close the application immediately once blocked. Automatic Custom Montioring (Suggestion) ------------------------------------------------------------------- Even though I have automatic firewall settings set to "Ask" about trustworthy applications, the behaviour blocker still sets everything to "All Allowed", so each time I do say.. a Factory Reset or new install, I have to reset each application to "Custom Monitoring" if I want to be confronted with potential behavioural threats. The behavioural blocking is the pride and joy of EIS, so I think it should be an option in "Advanced Firewall Settings" to set "All Allowed" to "Custom Monitoring" by default. Which will warn you about code injection and such. Automatic Behavior Blocking Template(Suggestion) ----------------------------------------------------- Also think you should be able to create something like a Template that applies to all applications by default, for example.. "Block Backdoor Related Activity" "Block Spyware Related Activity" could be set by default, based on your template you created. More Detailed Information About Intrusions (Suggestion) ---------------------------------------------------------------------------------- I mentioned in the previous suggestion about behavioural blocking, and how it warns you about code injection and potential intrusions. These errors can come from system applications, for example... when changing personalize settings, a message appears saying Explorer.exe wants to change something, or when Firefox tries to run a program from the downloads menu, it will say something along the lines that Firefox is acting like a trojan or something to that nature. These are scenarios where it was likely a false detection, but was warning of a potential problem, which is great! However, there are also scenarios where Explorer.exe or Firefox.exe may be doing something it shouldn't, and yet the options are to Allow something potentially bad, or Block, which closes the application, not really knowing what you just blocked. So what i'd really love to see.... is the offending command, i believe v9 had it right... when it popped up the behaviour, it gave you much more verbose input, like Explorer.exe -> Shell32.dll -> hotdog.dll -> somethingweird.exe then i could tell the difference between, a simple desktop entry being modified, or of an actual threat that needs to be dealt with. So would really really love to see an option in "Advanced rule settings" for [ X ] verbose behaviour messages Application Rules & Behavior Rules Merging (Suggestion) ---------------------------------------------------------------------- I think v9 also had it right in this case.... all of the application rules were all in one neat tidy window, maybe i'm a little daft, but i don't quite understand why these two are seperated, and why some applications will show up in Behavior Blocker and not in Application Rules, and if i want one in the other, i have to create the rule myself. Then tediously set everything to Custom Monitored, to get it to monitor its behavior. Theming (Suggestion) ---------------------------- I know i've said this before, but i'll say it again... i'd love to have an option to theme/skin the EIS application, maybe to something with more neutral colors. Insights ---------- If everything gets automatically allowed, then its only passively protecting the system for the sake of letting Windows run smoothly, The goal here is easy to use security, i think its important not to let security take a back seat for the sake of making it easy to use. In the Blog you make mention that everything should be kind of behind the scenes without much intervention and fiddling around with settings, however I think a lot of people don't really mind the extra popups as long as they know their system is actually being protected. Special Thanks -------------------- I'd like to thank the emsisoft team for their dedication and hard work on this amazing application. I hope everything i've said has not been discouraging but has inspired you to keep working to make this program even better. Keep up the good work, and please tell Santa about everything on my wish list.
  41. 2 points
    Dear nine9s, Thank you for contacting our support. If you change hardware when your license key is still active our system will make no troubles if you simply install Emsisoft Anti-Malware on the new computer and activate it with your existing license key. If the old system should still be in use at this point you would need to remove Emsisoft Anti-Malware from the old computer before you use your existing license key to unlock the full version on the new system, otherwise no additional actions would be necessary. Thank you for using our software solutions! Should you have any further questions, please just let us know.
  42. 2 points
    Good morning. Can we expect to get a fix for the updates not working soon, please? Having to disable the firewall to get updates seems an important bug to me. Thanks in advance and best regards, François
  43. 2 points
    As long as you restart the guard process after it crashed, it shouldn't make a difference.
  44. 2 points
    It appears you are mixing up Malwarebytes Anti-Malware (current version is 2.0.2.1012) and Emsisoft Anti-Malware (current version is 9.0.0.4142). Since Malwarebytes and Emsisoft are entirely different companies, the license keys aren't interchangeable. However, if you want I can send you a free 1 year license of our product .
  45. 2 points
    In general the behavior blocker ignores most scripting hosts, as it is not possible to distinguish which actions are triggered by the script and which are triggered by the scripting host. The File Guard however does trigger when trying to execute the scripts you uploaded.
  46. 2 points
    Nee, alles in Ordnung Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm. Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten starte den Rechner einfach neu. Dies sollte das Problem beheben.
  47. 2 points
    Online Armor covers all these applications except the "Behavior Blocker" part. Behavior blockers and HIPS in the same product are pretty much mutually exclusive. They essentially both refer to the same underlying technology. The only difference is the way decisions are made on whether or not to allow a certain action. A HIPS will ask the user, while a behavior blocker tries to figure everything out on its own. Given that it should be obvious why those modes are mutually exclusive and why running both at the same time makes little sense: You can't both ask a user about everything and not asking him and figuring it out internally on your own at the same time. You can install two different products (one HIPS, one behavior blocker) at the same time, but the only thing you achieve will be that you have to allow things twice. So either go with a HIPS or with a behavior blocker. But not both.
  48. 2 points
    Hello, please take a look in the Registryeditor for the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxNetFlt and remove it. If you have any more questions or problems, just let me know.
  49. 2 points
    This isn't really an issue in our case as we only use the Bitdefender scan engine and signatures and added all our improvements like anti-rootkit technology, behavior blocking, the Emsisoft scan engine etc. on top of it. So even if malware authors patch Bitdefender detections, it doesn't mean one of our other detection layers won't catch it. To get an idea on how efficient our added technology actually is just take a look here:
  50. 2 points
    Here are the reports. Also, received error report that C:\$mft is corrupt
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up