Lynx

Hello guys!

{XP Pro, SP3; EAM 6.0.0 56 beta}

There were several reports in addition to this one regarding hanging scans including the answer from the developers http://support.emsis...dpost__p__42114

I performed several Scheduled Scans in a row today using new beta (0.56), because unfortunately hangings were reintroduced after my last report and successful runs with previous betas (starting from 0.53).

I do have images but they may not help a lot.

I may just mention that the progress shown is usually 85-90% (6 of 6 stages).

The only suspicion I have currently after running 5 consecutive Scheduled Scans – the scan will most likely stall forever after PC went into Sleep Mode and then being waken up (2 cases).

During the other 3 tests I was keeping PC active & the same scans ended perfectly.

My regards

Greetings!

{XP Pro, SP3; EAM 6.0.0.56 beta}

There were definite FP detections during Scheduled Scans tests performed this morning :

C:\WINDOWS\system32\notepad.exe detected: Virus.Win32.Virut!E2
C:\WINDOWS\ServicePackFiles\i386\notepad.exe   detected: Virus.Win32.Virut!E2

The thing is – if you would scan the said suspicious files having the same/current EAM signatures using Shell Extension scan - no detections are yelled by EAM when you scan \system32\notepad.exe,

but …\i386\notepad.exe happens to be detected as above

Respectively:

SHA256: 865f34fe7ba81e9622ddbdfc511547d190367bbf3dad21ceb6da3eec621044f5

SHA256: 19b2602b2ff52d358b8c86589f4524e8c762609fd5f483ac22d2fb5a319e0121

My regards

Hi francois,

1^st , as far as I know from your reply here you’ve upgraded to 0.54 already

I’m not sure what the developers have done, but the news from here:

I’m using Scheduled (Smart Scan) very rarely (basically for the testing purposes) & I practically never Custom scanning drive G: (purely my data partition) , but since the described abnormalities occurred I’ve tested few times with 0.53 beta, and today after reading your post here with 0.54 beta

All went fine without a hitch

Cheers!

Thanks Fabian,

Sorry for the delayed answer

I know about scanning process (es), on a “different” drive. Say, I do have one usually running from D:\, but that triggers scanning just that executable from D:\ which is not included into the Custom Scan – not the whole D: drive

Additionally there are no processes running from G: (purely data partition)

As for Traces I was always sure that only Registry scan is involved. I’ve never noticed scanning files. Traces could be found whether associated files exist or not.

I don’t know details about Rootkit scan

Anyway, good news is -I re-tested the same Custom Scan with the new version (0.53 beta) and all possible combinations of the “Objects” options.

All went well without even touching, not saying scanning whole G: drive

My regards

Greetings!

Recently (5 days ago) I’ve posted FP request , which was ignored as several other enquiries

Fine. I can live with that

At the same time, today I created a copy of the said text file (see the link above) & just renamed it changing a typo (Polocies to Policies) & removing <>.txt additional extension.

After simple file renaming I’ve got “OnExecution” Alert (see attached image)

Why?

The file was opened/accessed/the name was changed, but I’ve never used “onAccess” option since it was introduced by EAM and never will.

Sure my response was - “Allow”/& No for creating any rule

What kind of execution was that ?

Any clue? TIA

Hi scottls1,

As I posted above the detection/or FP has nothing to do with scan freezing enquirey here

My regards

Hi

Today similar hanging appeared during scanning drive G:

I had to stop the scan

This time it was simple <>.Doc file. Nothing wrong reported when the said file was re-scanned later using Shell Extension

Image Attached. Please do not pay attention to FP note – that was prepared for different request

My regards

Hi Guys,

{XP Pro; SP3; EAM v6.0.0.52 beta}

I was performing Custom Scan of USB Stick. See attached settings screen.

All of a sudden EAM “jumped over” drive G:\ (partition on a second physical hard drive)

The scan eventually hanged (I posted into another thread),

but the question here - why would EAM even consider scanning another drive, when it’s not stated in Custom settings?

My regards

1st, Happy New Year 2 everybody!

{XP Pro; SP3 32bit; EAM v6.0.0.52 beta}

EAM scheduled scan was performed today & got stuck forever on System.Device.ni.dll, (immage attached), which belongs to Microsoft® .NET Framework

Recent updates for .NET(s) were issued by MS today (consider offset time zone)

I'd just closed EAM & carried on with my work ... sure that is a bug

To devs: please tell if any additional info required

Thanks

Basically, it is not a major bug as far as I can see it currently, but still…

You’ve created an entry in the whitelist. It could be malware or trace name/file/folder/process

When the user returns to the whitelist he/she can easily (deliberately or accidentally) edit the Type, say from malware name to folder or whatever is in the list currently. After that the only option is pressing OK.

No check is performed by the Software.

It seems like the Scanner/File Guard/BB check-boxes settings will prevail

Unfortunately I don’t have time at the moment in order to find whether there could be any bad implications that we cannot see yet, but in any case I find the described as being a design flaw. It’s at least misleading & confusing

{added} Then, the content of the Item column can be edited without any check by the Software, therefore non-existent items can be created

My regards

Hi AaLF,

Go Scan PC > Manage whitelist link > in the 1st column ("Type") hit the tick > choose "Folder" option from the list

Then when you click the second column - which is ("Item") you'll get the common "3 dots" button > click > set the needed folder

Cheers!

Hi Guys , welcome to the forum

Ron L,

Please use this page as a start in order to get help in case the forum is not enough

Especially pay attention to “Customer Center"

(white) Emsisoft sign at the left top of the forum is a link. Please click

Then you have all pages/info available including “Support” Tab & the respective link provided by me above

Cheers!

p.s. Marcelle McMillen, That was 1^st time I've seen the address posted by you … it could be legit , but it is always better to deal with this forum and with Emsisoft developers/support team.

My regards

Thanks for the reply dallas7,

We all do know that Ashampoo is using EAM's engine(s)

At the same time I am not aware whether they are using the new one that was introduced in v6 of EAM

I'm just hoping that developers will reply regarding the matter

Anyway, as far as I am concerned, that is about signatures only

As for BB - EAM's BB is the best on the market you can have at this stage

Between us when nobody listening - I rely only on EAM's BB I do not and did not run any signature related Software for 5 or more years since EAM was developed, except rare cases where users reporting some weird detections & / or suspected bugs

I never used newly introduced "onAccess" options by EAM . My choice always was is and will be -"onExecution" only & BB - perfect combination!

As for OA++ please read this forum - there will not be any development for OA++ including incorporating new engines any more.

So, stick with current OA whether you consider choosing Free or Premium. OA (not OA++) and EAM is one of the best security combination currently on the market

Cheers!

Hi dallas7,

Settings for Behavioural Blocker (BB) and File Guard (FG) a separate because the detection technique is completely different

As you correctly pointed in #3) FG is a signature related detection. So, unless you disable FG you will have those detection alive whether it is just “onExecution” and/or a combination of “onExecution” (only executables are scanned) and “onAccess” (any files involved are scanned) based on current signatures

Disabling BB has nothing to do with FG.

And yes, as in #1 & #2 - when you disable BB currently created Application Rules are irrelevant – no Monitoring/no Alerts until re-enabling BB (rules are preserved).

Unfortunately in the existing Help File (7.1 Application Rules) there is no clear statement that Application Rules belong to BB

My regards

p.s. as a simple test please

- disable BB and leave FG

- execute Eicar.exe or TrojanSimulator - you will get FG Alert (based on signatures)

No problems with updates here whatsoever

Cheers!

The following two issues were migrated from v5 into current beta v6

1) User can just “remove all” from the initial Custom Scan list without further adding any drives/folders & then hit Next – EAM will perform simple Quick Scan

Similar if the scanset was saved and/or used as Scheduled Scan

Produced report will identify that Custom Scan was performed. Yes it was, but ...

That is at least a bit confusing

Probably either the list should not be allowed to be empty or user should be notified about Quick Scan as a result;

2) A bit offTopic here, but anyway... another minor bug reported earlier concerning Custom Scheduled Scan.

Similarly, the Quick Scan will be performed if “Scan Settings File” does not exist (moved / line was incorrectly edited/ etc.)

My regards

Thanks for fixing that

My regards

Thanks for the reply, you are welcome

It seems that EAM has a bug re : the matter you've raised

I can access both sites mentioned with no issues using multiple browsers ( Firefox, Chrome , Iron, Opera, IE8/9)

Systems – XPpro 32 bit & win 7 x64

What I mean - there sites are accessible despite the recent hpHosts indeed has both sites blocked (hope you've downloaded it and checked as suggested above)

At the same time if you search EAM's “Built in List” at the moment for www.mediafire.com or www.gamespot.com you cannot find it

You have to rise at Support Ticket & I'm sure the developers will reply

a side note : EAM stable v5.1.0.16 on XP & EAM RC v6 beta were tested ... I don't need to edit any rules currently since both sites are accessible & working fine

Cheers!

Hi Guys,

wagesoffear, even if you scheduled another scan , say by AVG, after EAM's scan - you have (rather that's highly recommended) to disable other residents during the scan by any given scanner as H_D pointed. Since "onAccess" is active you are scanning every each file twice or 3 times (including SB).

Sure that will increase time of scanning dramatically , could be ~3-4 times longer

Another point is clashes can occur during the scanning if several residents are active

... not saying - what is the point to run AVG scan afterwards , when all files were scanned by AVG already ?

My regards

Greetings all!

Previously, users/guests visiting the forum could access EmsiSoft site when clicking on the logo, which was quite useful & convenient

That was lost “few forum layout updates ago”, but fixed within minutes after my request.

I've noticed (unfortunately just now) that the said functionality is missing again and clicking on the logo means “back to the forum's home page”

Was that done deliberately this time?

or

that can that be changed? , which is according to my my personal opinion, would be preferable

Cheers!

Hi kenpachizero, welcome to the forum

Surf protection is based on hpHosts file

mediafire.com was blocked there for a long time already

There are indeed some new blockings added re: gamespot.com

Before that was only trax.gamespot.com, but now there are more (download & check recent hpHosts)

If you personally considering the sites as trusted - just change the respective rules in EAM

My regards

Hi bob77,

That combo should work perfectly

In addition to what hackerman1 posted already

Just keep in mind that EAM has Behavioral Blocker and OA has HIPS component.

They are not conflicting but some users prefer having just one of such layers of protection

You may need to create mutual exclusions rules.

Helpers/developers will definitely assist you if you'll have any questions when trying mentioned combo

You can search the forum and find a lot of helpful info regarding the matter.

For example, here is one of the threads from OA section: http://support.emsis...t-anti-malware/

... actually hackerman1 was active participant & helper there

My regards

Hi bob77,

Basically, from my experience of many years using "beta updates" within available version (currently v5) was (is) pretty much safe.

At the same time, since you are new user it would be better:

- to stick to the stable version;

- check requests/ report issues if any;

- be aware of "Changelogs"

Sometimes you may be advised to test things which are currently in beta , but not yet merged into the stable release,

but again that is your personal choice ... any betas potentially may bring some instabilities

As for v6 - that is not public beta release yet. Wait for official announcement

Cheers!

...I discovered that I can copy and paste but only if I make sure that the right-click dialog popup is positioned on top of the flashing cursor where pasted words are to be placed....

...It is not really important as I now the workaround now.

If you are happy with "workaround" - fine ... but I never needed any workaround

Basically I'm never using right-click for copy/paste for ages .... just simple Ctrl+C / Ctrl+V

This time I tested right-click - no issues as a result

I'm not really sure what do you mean by "on top of the flashing cursor" ?

I just never had any flashing cursor whether I would highlight few words or just double-click on a single word in order to highlight it

Anyway , if you are saying that it's not really important - we can forget about it

Cheers!

... i have just purchased Emsisoft anti-malware, please can you recommend settings for best security?

Congratulation! That's wise decision

At the same time it's highly advisable to create new request regarding different issue(s)

This thread was about real-time e-mail scanning

It is not appropriate & impossible to handle "all matters" within one thread

======== Please review & test all available options starting from defaults

My personal advice - never use auto-quarantine/ auto-delete using any security (EAM included)

I will refrain myself from any further comments regarding any new questions here . If you have any - you'll get answers & assistance in newly created thread(s)

Thanks for understanding. Cheers!