Leaderboard


Popular Content

Showing content with the highest reputation since 07/17/18 in all areas

  1. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  2. 2 points
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  3. 2 points
    That's an offline ID. Support for it should be added to STOPDecrypter soon, and once that happens it should be possible for you to decrypt your files.
  4. 2 points
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  5. 2 points
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  6. 2 points
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  7. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  8. 2 points
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  9. 2 points
    > Thanks how do I turn off the notification please ? See: Settings - Notifications - Browser Security verifications
  10. 2 points
    Hello, This is legitimate. You can read more about it here: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  11. 2 points
    FYI: https://blog.emsisoft.com/en/32110/emsisoft-anti-malware-2018-9-beta/
  12. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  13. 1 point
    I'll pass this on to the maker of STOPDecrypter, but note that we need to have the MAC addresses of every network adapter on the computer (even if it isn't a normal ethernet adapter). Hopefully the information you provided will be enough to be able to find your decryption key quickly, however please note that we can't make any promises. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  14. 1 point
    Hi Damaxx, can you share the decryptor. Wanted try it will work for my files or not.....
  15. 1 point
    One more case here. Files encrypted over last weekend - .COPAN extension added and as far as I can see no single trace of ransomware software left except ransom notes. Attached ransom notes and two encrypted files. Best regards and thank you. TEHNIČKA PODRŠKA.xlsx.COPAN Tehnički zadatak.docx.COPAN HOW TO DECRYPT FILES.hta HOW TO DECRYPT FILES.txt
  16. 1 point
    Possibly in the future, just give us some time. 😉
  17. 1 point
  18. 1 point
    THANK U VERY MUCH...ALL THE DATA HAS BACK NOW 😍
  19. 1 point
    @kevinliangts I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  20. 1 point
    Yes, Emsisoft Anti-Malware includes protection from Potentially Unwanted Programs (PUPs).
  21. 1 point
    Does Settings -> Advanced -> User-interface language say English or French? (I don't know why it might have changed, but at least you should be able to get French back.)
  22. 1 point
    Only two seats on the license key associated with your workspace appear to have been used, and the third seat doesn't appear to have ever had a device associated with it.
  23. 1 point
    He said that while he did add detection to try to keep people from using keys that are not correct for their encrypted files, he also said that it is technically still possible to get the decrypter to allow you to enter an incorrect key and end up with corrupted files. Nothing is completely foolproof, after all.
  24. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  25. 1 point
    Hallo darktwilight, vielen Dank für die Rückmeldung. Sehr gerne. Alles klar, ich melde mich dann auch gleich noch einmal via privater Nachricht.
  26. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Actually, Demonslay335 told me earlier today that he already helped you, so you should be good to go. If you need anything else, then please let us know.
  27. 1 point
    Hallo Emsisoft und hallo Thomas! Muss das Thema noch einmal aufgreifen: Hatte im letzten Jahr schon meinen Unmut zur Abo-Variante des Lizenzsystems kundgetan. Immerhin war da noch über die Mail von Cleverbridge eine umgehende Kündigung relativ einfach möglich. Vermutlich hat Emsisoft dies auch bemerkt und nun mit dem neuen Abrechnungsdienstleister "2Checkout" auch diese Möglichkeit entfernt. Beim heutigen Kauf der Verlängerung kamen insgesamt drei Mails (1. Bestätigung des Kaufs / 2. Bestätigung der Zahlung / 3. Produkt-/Abonnementinformationen). In keiner dieser Mails ist eine Möglichkeit beschrieben oder verlinkt, die Kündigung des Abos auszuführen. Dieses Geschäftsgebaren hat nichts mehr mit dem bisher üblichen vertrauensvollen Verhältnis und den angenehmen Kontakt bei Fragen zu tun! Kundenbindung wird nicht durch Abos sondern durch gute Produkte (welche Emsisoft nach wie vor fertigt) und vernünftigen Support erreicht. Also: Wie kann ich nun mit einfachen Mitteln das aufgezwungene Abo umgehend kündigen??? - Danke für kurzfristige Antwort und hoffentlich baldige Änderung des Lizenzsystems - Back to the roots! VG Holger
  28. 1 point
    Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.
  29. 1 point
    You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link: https://kb.gt500.org/stopdecrypter
  30. 1 point
    If you do not know how to find the MAC (physical) address, then look at the screenshot there. Write only the address of the network card you used to access the Internet at the time you received the infection (wired or wireless (W-Fi)). Do not write both addresses! Determine exactly. This is not difficult. It is necessary for you more, than for the developer of STOPDecrypter. Such common errors lead to the fact that files cannot be decrypted.
  31. 1 point
    The cheapest option for you would be the 3-PC license key, even if you only have 2 computers. You're not required to have a 3-PC license key though, so if you prefer to buy two 1-PC license keys (one for each computer) then feel free to do so, however note that the total cost of doing so is usually more than a 3-PC license key.
  32. 1 point
    You can technically just remove all entries from your hosts file using Notepad. Just delete everything except the "127.0.0.1 localhost" entry if there is any. Lines starting with "#" are comments by the way. Pretty much. We are not an ad blocker, no. You use uBlock Origin which is pretty much the best adblocker you can get. So you are well covered in that area already. Correct. When you try to click the link, it will block access to the site. But I do understand that a lot of people would like to know before they click, which is why we consider adding it. Interestingly enough WOT got in trouble for the very same thing that some AVs are doing with their extension. You can always set up your own DNS server locally or in a cheap VPS box online. DNS also can be tunneled via various secure protocols (DNS-over-HTTPS for example). Those use methods that provide k-anonymity. Firefox in addition also sends "fake" requests if I remember correctly so the hoster of the block list does not know whether that was a website you actually surfed to or a random request. If you are so concerned, just host your own VPN. Get a cheap VPS with bitcoin at njal.la for example, host OpenVPN and your own DNS server on it and there will be no link between you and the VPS. It's serious overkill though.
  33. 1 point
    The Behavior Blocker will catch the payload. While it does have some exploit protection, it isn't intended to provide a full range of exploit protection, and thus will only catch certain exploits.
  34. 1 point
    Advanced users can still see if we block something by checking on VirusTotal.For those who don't know what to do with that list, it doesn't need to be there. It's just a type of simplification, so that only custom rules are shown now. Yes, the host rules are still there, they're just not displayed anywhere in the UI anymore. No, that was developed to supplement the Surf Protection, and not to replace it.
  35. 1 point
    https://www.kuketz-blog.de/browser-add-ons-wie-antiviren-hersteller-ihre-nutzer-ausspionieren/ Ein sehr seriöser Blog.
  36. 1 point
    hey, here's the blog post about it: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  37. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  38. 1 point
    Thanks marko. Making AV software bug lists available for the public isn't best practice and might compromise your system. Most bugs are rare and won't be noticeable for most users, no sense to inform everyone about a bug on W7 *32, while most of us run *64 bit sytems. Besides that, the list will contain minor bugs which have low prio and will be fixed in a future releases. When you notice unexpected behavior, like current performance lags, it's good to post such findings here in the beta testers channel so all beta users will be informed, or you can ask me in PM. Sometimes issues are known, sometimes they are not, so its good to post findings here, although in some circumstances such feedback might be obsolete. Cheers
  39. 1 point
    Was soll das bedeuten? Im Zweifel bedeutet das für Server eine andere Software einsetzen und EAM auf en Clients zu halten. Es wirkt eher wie eine verschwurbelte Preiserhöhung. Preis und einfache Oberfläche waren bis jetzt Hauptvorteile von EAM. Die Enterrpriseconsole ist auch kompakt. Komplexität und Featureflut haben wir ja bei der Konkurrenz genug. Preislich ist sicherlich noch etwas Luft, aber wenn jetzt noch eine Schulung für die Preis/Featureliste notwendig wird, dürfte es Akzeptanzprobleme geben. Da bin ich mal gespannt, wie die Spreizung zwischen Enterprise und Privat gestaltet wird. Gerade was Betatests angeht. Die Netzwerkverbindungs-Probleme mit 2018.9. ware da eine interssante Erfahrung.
  40. 1 point
    Kurzes Update zum Thema Datenschutzerklaerung: Wir haben das ganze Dokument nun mit weiterfuehrenden Informationen ergaenzt und gehen am Ende im Bereich Haeufige Fragen auf einige Punkte noch gesondert ein: https://www.emsisoft.com/de/company/privacy/
  41. 1 point
    Is this issue fixed in the latest beta update? https://blog.emsisoft.com/en/32158/emsisoft-anti-malware-2018-9-1-beta/ Here's instructions for installing it: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Updates in the menu at the top. On the left, in the Updates section, look for Update feed. Click on the box to the right of where it says Update feed, and select Beta from the list. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Select Update now from the list.
  42. 1 point
    Is Windows configured to show all icons in the Notification Area? If it tries to automatically hide icons, then it may move them into other positions when it unhides them.
  43. 1 point
    I'm having the same issue with Steam, Win 7 x64. But I wanted to add that along with Steam I also cannot check my controller settings unless Emsisoft is shutdown. The controller is an xbox 360 wired, and trying to open the Game Controller from Devices nothing happens unless I fully exit Emsisoft.
  44. 1 point
    OK, I'll make sure Frank is aware of this.
  45. 1 point
    There's no /h or /r in the documentation. As for the rest, only /a would be useful when scanning a single file. /pup and /n cause a2cmd.exe to scan other things on the system. The reason none of them are working is due to their location in the command. Everything after & is considered another command, and won't be passed to a2cmd.exe. It's also outside of the trailing double-quote, and cmd.exe more than likely would not have processed it at all due to that.
  46. 1 point
  47. 1 point
    Those are recently changed strings and you just have to wait for the author of the translation to update the language file. If it is made in-house, it should be updated soon with other languages. You can also check the current state of the translation here http://tasks.emsisoft.com/a2/translationstats/default.aspx?lng=es-es.lng
  48. 1 point
    Upgrade was smooth. I'm using W8.1, 64bit. In the layout on the Overview screen, when one hasn't clicked on the top-left menu icon, it's still possible to click on the mini icons down the lefhand side, but hard to know what they do. I mean... quarantine is possibly meant to look liek something in a cage, but looks to me more like a washing-machine... Maybe these mini icons should produce tooltips? The Support screen talks about getting help from the "?" at the top right, but it's no longer there. Thank-you for - finally - making the About option easier to find, and taking away the problems that clicking on "Emsisoft" could previously cause... but I see one still can't copy the current version number out of the About display. Now would be a fine time to add that facility!
  49. 1 point
    Interesting. Our Support Manager looked at the PowerShell command, and told me that the followed worked on his system (I would believe Windows 10): PowerShell.exe -Command Start-Process -FilePath 'C:\Windows\System32\cmd.exe' -ArgumentList '/K \"C:\Program Files\Emsisoft Anti-Malware\a2cmd.exe\" /s /f="C:\Users\David\Desktop\Emsisoft mit PsExec.txt"' -Verb RunAs It looks like he only escaped the double quotes in the path to a2cmd.exe, and not in the path to the log file. I imagine that would prevent the log from being saved at the full path, however I can't be 100% certain without trying it myself. Note that his command won't work with EEK due to the /s parameter, which the version of a2cmd.exe that comes bundled with EEK doesn't support.
  50. 1 point
    Guten Tag, Der Verschlüsseler löscht sich in der Regel selbst nach getaner Arbeit um ein Entschlüsseln schwieriger zu machen. Könnten Sie uns einmal eine verschlüsselte Datei zu kommen lassen, damit wir prüfen können um welche Ransomware es sich handelt? Hängen Sie die Datei bitte hier an oder schicken Sie sie an [email protected] mit einem Verweis auf dieses Forenthema. Mit freundlichen Grüßen Kathrin
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up