Jump to content

Lynx

Member
  • Posts

    2532
  • Joined

  • Last visited

  • Days Won

    19

Posts posted by Lynx

  1. Hi stapp,

    I just copy/ pasted from you latest reply using Opera 11.50

    << If I right-click copy the words 'Thanks Fabian' >>

    No issues whatsoever

    Tested on XP pro 32bit as well

    My regards

    p.s. "latest latest" typo was fixed after uploading image and I got your system's specs so that was edited a well :)

    ... still using Opera 11.50 to send this message (including flash 9 uploader needed for Opera :blink: )

  2. Yes, thanks to Comodo's and OA's forums I now feel at ease (most of the times) configuring applications rules in FWs. But, when I know I have several active connections to other PCs, and even if I'm sure everything is properly set up, I'm always a bit nervous.

    You should not be "nervous" at all when following the rules & as soon as you do - you are fine

    "several active connections" :blink: what that suppose to mean? How many connections (may I ask you) do you have using just searching & visiting sites ? The latter could be indeed dangerous when accessing any given site ...

    , but not downloading stuff using bitTorrent protocol , which is the most reliable concerning security ... hmmm...

    Well... you have to investigate some things "prior to" & then "afterwards" when using P2P, but that is a different matter

    Definitely, nobody would encourage you or anyone else to download illegal content

    My regards

  3. Greetings all

    1) It seems to me that the issue reported by stapp in #16 and further confirmed by me was fixed

    2) No issues whatsoever here with IE9 as Hachi' reported in #19

    3) the avatar problem is still in place , but again - not a biggie

    It's just a matter of having clear note(s) re: accepted images formats / size/ etc. now compare to previous implementation

    Cheers!

  4. Thanks for the reply , bob77

    Sure, it's possible. Here are just a few links below

    Actually, articles supporting the necessity of Turning OFF real-time e-mail scanning can be found by Googling e.g.: “do I need antivirus email scanning”; “disabling email scanning” and alike.

    http://www.oehelp.com/OETips.aspx

    “The Most Common Cause of Corruption” by Tom Koch from Microsoft http://thundercloud....nning/index.htm

    Other quotes&links regarding the subject http://www.eggheadca...r-send-ema.aspx

    Pa Bear’s credentials as a Mail and Security expert

    ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002; AumHa VSOP & Admin http://aumha.net; DTS-L http://dts-l.net/

    Disable email scanning by your anti-virus application. It provides no additional protection, it may be causing the problems, and even Symantec says it's not necessary:

    Disabling Email Scanning does not leave you unprotected against viruses that are distributed as email attachments. Norton AntiVirus Auto-Protect scans incoming files as they are saved to your hard drive, including email and email attachments. Email Scanning is just another layer on top of this. To make sure that Auto-Protect is providing the maximum protection, keep Auto-Protect enabled and run LiveUpdate regularly to ensure that you have the most recent virus definitions.

    ==============

    a side note : In addition to not using AV e-mail scan as a cause of corruption there are advices for Outlook users how to manage Identities and avoiding automatic compacting emails; not using Main InBox and Sent Box as a storage but rather moving messages from there into specially created folders, etc. Here is a very good quote from http://www.vistahead...l-scanning.html

    There is some anecdotal evidence that the newer Windows Live Mail is more resistant to corruption from aggressive antivirus programs, so an alternative for you would be to try it

    More resistant? :) Well done, Live Mail! … but who needs "resistance" here? Why one should wait for the antivirus corrupting email?

    Hope, reading the above would help.

    I'll PM you an excellent article written by H_D, who is a moderator and a great helper here for a long time. The article was posted into Offtopic section in our old forum

    Cheers!

  5. Hi bob77, welcome to the forum

    Real-time e-mail scanning (if that's what you are requesting) is not implemented in EAM, which is good ...

    Real-time e-mail scanning is rather very damaging feature and has to be disabled in any security solution that you are using, despite the option is available - you are basically facing loosing all you e-mails because of that

    There were many discussions re: the matter here in our old forum and "out there"

    If you want, we can provide some links to the articles by e-mail security experts who are encouraging to disable the said feature ASAP

    Just do not click on e-mail links without investigating the source of a link & if you received attachments - just download them into dedicated folder & scan after that with all available AV solutions (chosen as main one with real-time or those that you have as on-demand). Sure that is not 100% bulletproof with any AV, but at least all you existing e-mails are safe.

    Other than that - any attempts to "accidentally" run something because of that in case you were not taking suggested precautions, will be handled by "onExecution" scan by EAM or it's Behavioural Blocker

    My regards

  6. Hi stapp,

    I'm trying to reproduce what you are saying <--- "what you are saying" was not intended to be "strike through"

    ... and yes <<Toggle edit mode>>> fixed that

    More over, if you switch to "More edit options", all controls are dimmed & unavailable ... unless somehow you would click on dimmed <<Toggle edit mode>> again and that will work

    Cheers!

  7. My avatar looks stretched :o . Can you turn it back anyway?

    Hi Ray,

    Mine was stretched too , but you can go trough editing profile & adjust cropping

    It will be better , but still will not look like it was before

    Your JPG was 97x75 mine was 61x90

    It seems like GIFs , which are even bigger (say 90x90) will be accepted properly and look as "unchanged"

    I'm not sure yet why and haven't converted mine into GIF , which is not an issue at all but, honestly not a big deal ;)

    Cheers!

  8. Greetings all!

    This layout definitely looks much better & clearer

    Small suggestion at the moment:

    "Terms of Use" better be set as another Tab at the top, so everyone (basically guests in mind) can see/click/read it

    At the moment the lil-grey-link is pretty much hidden at the bottom right of forum's page

    Cheers!

  9. Hi Guys,

    Sorry for intervening :) There are few things to consider/ask.

    Hi mdakins , welcome to the forum

    1) re:

    I recently became aware that it is actually scanning twice a day; once at midnight and again at whatever time I set it to scan at.
    Probably I'm misinterpreting, but “...and again at whatever time I set it to scan at...” means that you set “Interval” as well?

    If not

    2) where you setting up just scheduled scan or “Custom Scheduled scan” , where “Scan Settings File” was entered? Why I am asking – there is a bug , which I posted to the developers already :

    If scanset <>.a2s path is incorrect (several reasons can be named) or disk/folder for the scheduled scan doesn't exist (say, moved/ removed, etc) you can face another “unscheduled”, so to speak, scan(s).

    Therefore that particular area has to be checked as well

    My regards

    P.S. An a side note : there is no need to wait and staying up at midnight ;) … unless that particular time frame is a suspect.

    Just set the needed scan time / interval / custom scheduling / etc. to the closest time when you can test being near the PC. You always can wait until scan end or you can stop the scan and see if an unexpected / "undesired" one will be fired. Cheers!

  10. You are welcome, Jose

    I hope you set it up correctly re: security

    Well, as far as I know, you had comprehensive tutorials concerning µTorrent for Comodo F-wall

    reading µTorrent & Comodo forums

    In the nearest past here on my PCs and including many users that I know and who are still using OA at the moment - µTorrent was & is working fine

    There are no questions at all currently running µTorrent extensively here in conjunction with Mamutu and EAM on both 32bit XP & win 7 x64

    Cheers!

  11. So there is no way around the fact?

    The choice is either MAMUTU or ADMUNCHER?

    Hi tempnexus, welcome to the forum

    Why are you saying that?

    Have you received my PM after posting similar request in OA section with the reference to this thread,

    then tried what Fabian Wosar suggested above here and that failed?

    We are still waiting for the reply from Stevet, but from you answer it seems like that didn't work.

    That is not clear and we should not guess ;)

    Please tell us what was the result of the said exclusion rule(s) that you created?

    My regards

  12. Hi Jose,

    You should not see any Alerts if Mamutu is in “Normal Mode” (we talking about µTorrent client now)

    But you should receive 4 Alerts only if Mamutu is in “Paranoid Mode”, which I allowed and respective rule was created.

    Alerts (not a precise quotes):

    - ”... Backdoor … ”

    - ”... Auto- Start ...”

    - ”... Hidden transfer from Internet ...”

    ”.... invisibly send data to Internet”

    , which is correct - all that is going on in the background

    - you are sending requests in order to find different peers / trackers ;

    - you are downloading from many different locations (through one forwarded port though in µTorrent)

    - when you are seeding, different files (pieces) being uploaded from your shared directory depending on current demand by other users out there

    As a result the following rule is correctly reflecting the situation (see attached image)plus there is Modify Autorun down below ,... which can be disabled when you are not running µTorrent on system's startup (some users do)

    That's how I see it

    My regards

  13. Hi quietquest, welcome to the forum

    When you were installing EAM you should've got a message about updating the Signatures. How that went after confirmation?

    What's shown under Configuration > License Tab at the moment?

    Is it “30 trial” or “Free”? In any case, can you manually update?

    Then, have you revised rules in OA? Are there any regarding EAM?

    If so, you may try to remove them and recreate appropriately next time (when & if) you are alerted, including setting EAM as trusted

    Do you have any other security in place in addition to what is stated?

    My regards

    p.s. You may consider posting an image depicting the message received when activating EAM

    Sure please hide/dim any personal details like e-mail or coupon code

  14. ... If you wish to get dedicated Emsisoft support for this issue your best bet is to open a support ticket by logging into your personalised customer care page, and choose the option to 'Ask a question' on the left-hand side of the page.
    Exactly!

    That's what I was going to posts … but H_D usually hacking my thoughts :thumbs:

    That's definitely your personal right if you committed using Ad Muncher and the issue must be resolved

    As it was pointed above that's most likely a problem involving both companies in order to be fixed (not the 1st time)

    If you are not satisfied with all free available Add-ons, which are doing similar and much better job (according to my opinion) than Muncher - you have to be patient & wait a bit.

    I'm sure that will be fixed eventually

    Cheers!

  15. You are welcome, templar

    I have moved the file to quarantine and can probably delete it but am I correct in assuming anything placed in quarantine is unable to perform malicious actions? I.e. Has malware ever been known to escape quarantine?
    That's impossible. EAM keeps jailed files in \Quarantine\ folder

    See files named like 38253096AB9883064A781E9331EC1A280EBAC792.A2Q

    and quarantined items inside are encrypted.

    In addition quarantined items are rescanned within quarantine after an update. See the respective options. If the False Positive detections were found, the item(s) can be restored either silently or after the notification

    I use EAM free and these threats were labelled Medium and Low risk; I'm no expert but I assume keyloggers have to run in memory and processes must be running in order for it to capture keystrokes. Now I know EAM free has no realtime-protection but if this was malicious and I had run a quick scan while these processes were running would EAM have warned me?
    Free version has on-demand scanner only. Sure, when you are running Quick Scan all processes running at that particular moment (important) will be analyzed, based on current scanner's knowledge, so to speak (its' signatures) … no more than that.

    Definitely, EAM has a very high rate of detection (one of the best if not the best on the market for years), but none of the existing “pure AV” solutions can protect you 100%

    You are right: real-time protection components/layers of protection available in full EAM Suite, especially its Behaviour Blocker are very much needed if you want to be protected constantly against potential dangers, since every process is monitored as soon as it's activated/executed.

    Again – that is not ever 100% but that dramatically increases a chance of catching new/0-days suspects

    Cheers!

  16. Hi templar, welcome to the forum

    Your saved report correctly reflecting what was done - 1 File and 1 Trace were quarantined

    The Riskware was a file indeed physically present

    The Traces are entries in the Registry. It may happen in many cases that those are representing Registry entries only, which are leftovers.

    EAM did not warn you about any detection of the file named “[email protected]@@k.dll” compare to "[email protected]@@k.DLL"

    The leftovers can be present in the Registry though. Say, you may'ev uninstalled the Software , but the uninstall procedures sometimes are not necessarily implemented correctly , so the Registry entries are still in place. Then, some users are deleting the Software or files without using Add/Remove. In this case many Registry entries can be present , but there are no associated files in the system anymore. The Registry Cleaning procedure should be performed afterwards if such actions took place

    Those were just few scenarios re: Traces

    Now, you can run just a Quick Scan (QS) in order to be sure that quarantined Traces are not present anymore . QS always checks for all known Registry Traces

    .. and/or in addition you can perform Registry Search in order to be convinced that specific entries are not present any more

    You can use RegScanner by NirSoft - very fast & reliable

    My regards

  17. ... in EAM 6 beta, this problem does not occur...
    Thanks Piotrex44,

    True - no issues (detection/quarantining/deletion) when testing with the latest beta 6 on win7 x64

    My test as above confirming a problem was performed on XP Pro 32bit with EAM v5.1.0.16

    My regards

  18. Hi Stevet,

    There were similar requests

    as an example please see this one

    Please provide more detailed info about your System Environment ; other security in place, etc. as in Forum Posting Rules

    If you search for “Ad Muncher” you will find other discussions, say regarding OA firewall

    I'm sure that the developers will shed some light re: Mamutu in particular

    It looks very similar to the matter discussed in this thread and please see the answer #31 by Fabian Wosar.

    Interestingly enough in the reply #34 the fix for EAM was mentioned as well. Since Mamutu is a part of EAM it suppose to be implemented in Mamutu ..., but definitely the developers know better ;) & will reply

    My regards

  19. Good morning,Piotrex44

    I received the file, thanks

    As a matter of fact, yesterday I did not see an image that you posted as a part of the initial request. The site was blocked & even a picture placeholder wasn't there :blink: I allowed the site this morning

    I can confirm that EAM will flag the file with the same “side-effect” (image attached)

    Few things to add:

    - you may consider following the advice as in the message after attempting to quarantine and visit Malware Removal section;

    - This file is flagged by many including AVG here. I never have auto-quarantine /auto-delete option set by any security, but I tested and file was perfectly removed by AVG when I changed the said setting. File was gone and EAM's detection list was empty;

    - Was Avast real-time resident active during the scan and what are the respective settings as mentioned above?

    Anyway I'm sure we'll get an explanation from the developers

    Cheers!

  20. You are welcome

    Instead of uninstalling, which you can do any time, at the moment you can leave another AV as on-demand scanner only if you wish, and know how to maintain its updates and avoid clashes. That's all a matter of experience, which you definitely will get being persistent and willing to learn

    Cheers!

  21. ...The Java issue is with Sophos...

    Hello H_D,

    I'm not sure what do you mean by that?

    I would rather say : the issue can be with Sophos as well, but there is a definite loooong time going bug in EAM regarding incorrectly flagging Java cache files. See many cases in Malware Removal

    I would've had that all the time if I would ever scan without prior cleaning, but I figured that out long ago (and posted to developers) after that there were and still are numerous cases again and again regarding the matter - Bug in EAM!

    ... I have had to do this with 3 PC's on my domain at work and does not take any time at all.
    To do what? Reinstalling Java or just cleaning the cache
    I'm not sure how it works but no one is logged on when the scan commences (it is done overnight). I was wondering if the scanner was unpacking the files to the folder and scanning them? Does the scanner delete them after scanning or does the Java process that has been initiated remove them?
    The scanner (which one you are taking about?) will definitely attempt to delete "after scanning & detecting", but if the browser(s) are alive during the scan the cache can be cleared way before the security's attempt to remove those False Positives (we must not forget that)

    I never had any doubts that those Java-Cache are FPs and I never scan without prior cleaning.

    What I've posted in previous reply and some other threads regarding the matter, including multiple posts by Shadow in "Malware Removal" is my understanding, but we never heard from the developers yet...

    Cheers and confused beers!
    Have a couple of those too, man - you deserve it :D

    p.s. {added}forgot to mention

    I'm still with you re: your note about <>.old folder. That is definitely very interesting & could be something else

  22. Thanks for your reply as well, Kano

    The rule of thumb - you must not allow any security automatically quarantine/delete anything that being flagged. Period!

    There is no way that ESET does not have options to disable such behaviour

    Correct me if I'm wrong, but I've never met such security ... except MSE. Last time I tested it - it will quarantine anything what's suspected as "hi risk" therefore - it's not allowed on any PC.

    You have to go through Preferences / Options / sometimes Advanced/ etc.,

    Those could be "spread" there and you have to know your security well enough in order to disable those features

    a side note: it would be "overdone" security setup if you have both EAM & ESET with real-times active - that is not recommended

    Otherwise, please follow the advice by ctrlaltdelete:

    Kano,

    What are your settings in EAM File Guard?

    There are several options, see also this section of the EAM 5 Tutorial

    and set "Additionally scan all files when they are created or modified"

    I'm not using that option for the reasons explained. My setting is "OnExecution" only, but probably you may consider and test it.

    My regards

  23. Hi Kano, welcome to the forum

    Usually when you are downloading something you are saving the file whether it's an archive or executable. No dangers yet. It is just a file. You are not executing it yet.

    Then, you can (or rather must) scan it and if current signatures (important) will recognize the danger then you will be alerted and investigate further

    Checking/scanning when downloading - "Automatic detection" as you called is just simple waste of time.

    Moreover, you will never know whether the detection was False Positive (FP) or not. What's the point?

    That mainly apply to any security and "onAccess" scanning

    Different story when & if you would try to execute downloaded content:

    - 1st "onExecution" scan will kick in (again it's not efficient in all cases because of signatures- related, so 0-days can be missed);

    - but if you have Behavioral Blocker(BB) - that will most likely catch the suspect;

    - speaking of internet downloads same (regarding BB) apply if you accidentally hit "drive by download" / execution without your knowledge & consent

    My regards

×
×
  • Create New...