Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Lynx

  1. Thanks for the reply and the video, Piotrex44 Well that's 1st time I've seen something like that when EAM is performing Shell Extension scan Can you please send that "search=client_8.exe" (could miss some due to video quality) file residing in the C:\ root to Emsisoft developers? address: [email protected] Create passworded archive (ZIP or RAR) password : "fp" (no quotes) My regards
  2. Hi Piotrex44, welcome to the forum There is not enough info in order to answer your question Have you saved the report of what was detected? Please see this recent thread which can somehow explain at least one of the possible reasons where "files cannot be found" Do you have "Default action for detected objects" set to "Block & quarantine"? and respectively "Action on scan end" as "Quarantine..."? If so - reset those to "Alert" - notify only In this case you can report what was detected in the 1st place so the developers can see ... especially when you are stating that: "The problem occurs quite often with different threats" My regards
  3. Hi Gerald, That definitely does not reduce security provided by Mamutu. You are talking about auto-updates of a Software (browsers in this case), if I got you question correctly. The update process is a new process every time and it has to be monitored by Behavioral Blocker I'm not sure what comer meant, but I assume he/she is talking about excluding program from monitoring Well if the is a browser itself excluded ... again... the update/ clear re-installation/ etc. will be monitored. Moreover, even when the main executable is excluded the child processes create are monitored (say, you may get alerts about plugins container updates or any extension newly installed or updated, if Mamutu consider some danger That's how I see it In addition you may consider at least temporarily set "Paranoid Mode" and most likely you will see several additional Alerts related to what you are concerned about My regards p.s. recently we discussed auto-updates. Many users are never setting Auto-updates (except for some security Software), because those could interfere. There was even MS advice mentioned where unexpected failures can happen during MS patches auto-update if another software is updating as well at the same time,... but that's completely different to what you've asked. Mamutu's security will not be reduced (redundant, but worth being repeated )
  4. Hi Guys, H_D, you are right about the <>.old folder and that issue has to be addressed separately If that is a working folder somehow and browser(s) were opened during the scan – the file could'ev been removed by the system prior to the action by EAM in order to delete the file At the same time re: There is a bug in EAM, where it false-positively detecting Java-cache files. Reinstalling Java is a bit drastic measure.Usually it's necessary just to clean Java cache as described here Anyway it's recommended to do some cleaning before performing such type of a scan as Deep one. CCleaner can be used (all browser sessions should be closed)... that will take care of Java cache as well Cheers!
  5. Hi Jose_Lisbon, I think that is not a bug but rather an “indication issue”, which can be improved Processes window shows currently active processes. It respectively shows (Yes/No) for those Applications where Rules were created if you ever received an Alert from Mamutu and responded respectively or deliberately set a rule without getting an Alert. At the same time I would agree that some indications there are not very comprehensive For example, “No” means “Excluded” if such rule was created by the user, but there are some “NO's” for those Applications that are still being monitored silently or excluded, because say they belong to trusted known Applications. That is definitely not clear and I hope that the developers shed some light on that a side note: Unfortunately there is no Help for Mamutu. Clicking on a “? Help” link will fire up help file for Anti-Malware, where I couldn't find the description of the feature we are discussing now Let's hope that will be fixed as well My regards
  6. Not really... I may say and posting an image as suggested above would've helped us to identify the product. That's fine if that's what you want.… but it's very surprizing (softly speaking) that either of two companies could not resolve such simple matter as registration issue of their purchased Software whether it's “product ID/product KEY/coupon/etc.” That never happened with Emsisoft, for sure as far as I know.
  7. Hi whtant, welcome to the forum When you purchased the product you should get the activation link & start from there in order to register Please read this thread, which has similar questions, some images & answers, that will hopefully help you Please ask if any further questions In addition you can provide more detailed info re: ID question, including image(s) Did you mean "license code"? Have you got a coupon? In this case go to Configuration > License Tab and use "Convert license code" link at the bottom right My regards
  8. Hi Laurie, 1st, in order to provide more information about your system please follow forum rules Then, have yo saved the report so users & developers we can see what was detected? Was “Action on scan end” set to Quarantine? (It is better to set for Reporting only) Similar apply to Guard's “Default action for detected objects” being set to Alert only. It is hard to provide any help without some additional info , except saying (speculating) that some vital system component(s) was quarantined or deleted. Moreover, we don't know whether any other AV with real-time (“onAccess”) were active during the scan by EAM. In this case, one of those could be responsible My regards p.s. {added} - Since you've tried Last Known Good Configuration and that failed, you may probably consider (or rather end with) using Linux Live CD. In this case it hopefully will be possible to recover Quarantined content if any and try to restore - But before that... Were you able to access BIOS (as a matter of fact) and at least reset/load into 'Fail-Safe' defaults and sure changing boot sequence to CD being 1st? - Many additions to the post above , but worth mentioning – that could be just coincidental hardware/file system corruption. Just a few sources below : boot.ini or HD failure Unmountable Boot Volume other fixing tips... and so on
  9. We are glad that you can use EEK now, Gary. Just for those who are curios - That's how it works when using different archiving utilities (see images attaches) When double-clicking on executable – winRAR will extract everything and create whole (EEK in this case) ) folder structure 1st withing windows temporary directory. Then it will attempt to execute, which works. On the other hand, double-clicking on executable when using 7z, as an example, will extract that particular item only. Sure, the program cannot find anything needed, … except... itself Cheers!
  10. Hi josephwcarrillo, welcome to the forum 1st, there is no such security out there that can protect you 100%. It does not exist & expecting that is a pure utopia Then "boot sector viruses" & poisoning BIOS are pretty much different matters including techniques behind those Antivirus (any), since you asked about "scanning" cannot be considered being the best guardian at all including the matter you've raised At the same time, have a look at the description (and items) stated by EAM's Behavioral Blocker, for example - that's very much more sophisticated and that may protect you, but still you (we) must have an experience in order to react to alerts Say, poisoning BIOS should involve some firmware re-flashing utility to be run I never encountered the malicious one yet, but when running the legit Tool, which I'm using often in order to upgrade BIOS I am Alerted ...IF... EAM or Mamutu is active .... but honestly I would switch off any security when upgrading BIOS, because I do know what I'm doing & where I got the Flash Utility from My regards
  11. Hi guys Gary, please do what ctrlaltdelete suggested as an a side note the said error will indeed occur when you run from withing archive, which is basically never recommended, ..but it may work if you use winRAR. It will not work for sure with winZIP or 7z. (just retested few min ago after reading your post) My regards
  12. Hi again, fedulla That was not a slang - the accounts (e-mail and password) created here in the forum and for the Software registration can be different (therefore, I said "not related") Who sent you a message about "not valid name and mail", the Emsisoft developers? So - you did not get the activation link? The situation as relina described is different as far as I understood the active went fine 1st time Have you tried to contact the developers as suggested in my reply to relina My regards
  13. Hi fedulla, welcome to the forumAs far as I know that is a thing from the past. Currently forum & Software registration are separate/not related My regards
  14. Hi iceman, welcome to the forum If normal Add/Remove uninstallation procedure failed then you can use "Manual Clean Uninstall" Please read this reply My regards
  15. Hi relina, welcome to the forum If your registration was successful, have you tried pressing <<Log In>> button? What happens after that? If that doesn't work, then please contact the developers via Customer Center or send them e-mail with all info about the account that you created. See Contact us page. My regards
  16. Hi elladara, I missed your post 1st, You are using "Windows 7 Black Edition" , which is pirated version as far as I know. Basically - that is where our conversation must end! ============== As a tip for a future - <>.html files are not allowed to be attached here (similar to .DOCs.; PDFs ; etc. ..., which can be poisoned) Finally there are no issues with Fox or any other browser (IE, Chrome; Iron) re: CPU usage It's usually 0-0.77% It may jump to ~around 17-22, sometimes 30% when another executable (Chrome in this case) is fired up but almost immediately will return to ~0-0.7% No issues whether that's XP Pro 32bit or win7 x64 So , again ... despite your statement "computer is virus free" we may talk when the legit version of win 7 is in place Thanks
  17. Thanks for clarifying that, Douglas.You didn't mention “Active Processes” initially and I missed the point, since that part not used by me very often. Cheers!
  18. Greetings, guys! Thanks, H_DHere are expected Alerts, when existing rules were removed: please pay attention to “Advanced settings” as well 1st, “yes version 12” is not enough – I specifically posted the exact version and asked to correct me if I'm wrong. If the precise(!) number is different “just a bit” our tests – mean nothing (stressing) As for the “silent rule creation” you may consider the following settings: which disables any Automatic Rule creation (sure, you may not want “Paranoid mode” in place as stated above – that's your choice) Good! … as expected … and further in order to shorten the quote....As in previous reply and what was confirmed by H_D: If you are Monitoring and even Excluding specific executable that does not mean that any Child process, created by the Parent will not be picked up by Mamutu upon execution if found suspicious - you will be alerted. PlugIns as an example <--Click & that is why (whether it did not make sense, as you stated) I've mentioned the test without PlugIns … many dots … My regards p.s. the community rules and suggested settings were mentioned above, but honestly I do not understand what you mean by “right-click on Chrome.exe” & what is an "exception list" in Mamutu? Right-clicking where? ...probably I had too much coffee this morning Cheers!
  19. Hi Douglas, welcome to the forum The latest Chrome stable version is 12.0.742.122 (correct me if I'm wrong) I was working with Chrome this morning on Win7 x64 and everything was fine Few suggestions in order to test: - Without uninstalling your Chrome you can download portable version and run it from USB Stick or you may even install it on hard drive. Use any directory. Removing it - is just deleting installation folder you system/registry/etc. are not “touched”, so to speak Point is , you can start another instance of Chrome. Since it;'s different Application (& different location) you have to be Alerted in the 1st place especially when you run Mamutu in Paranoid mode. In any case just check the rules and exclude if you want (I have it being "monitored") Then you can test it with no extensions installed as a matter of fact. - Another things to try is running Chrome without Sandbox and/or PlugIns. There were problems with sandboxing in the past ,which were fixed by Chrome developers, but anyway worth checking (separately) So, just find shortcut and add the following parameters to the Target: after ...\chrome.exe “--no-sandbox” or ”--no-process-plugins” (no quotes but double-dash is important) My regards p.s. I cannot tell anything about “wowhelper“, but the issue seems to be unrelated to Chrome. And then despite, it is standalone exe, from what I read I cannot test it, since Win7 PC is not available here at the moment
  20. Hi, T Mike welcome to the forum Please add all information required as in here . For example, even some “General” info is missing Then, be more specific about your firewall A the right under HIPS you stated: “windows7firewall ”; Further you wrote: “free copy of Vista7Firewall” If you mean Windows native firewall it does not include HIPS, but if you are using some 3rd party “addition/or enhancements” to the native Vista firewall – that has HIPS, please let us know. State all components of Avast that are in place and active in real-time Mamutu does not check any net traffic, so that should not cause surfing slowdowns At the same time, please test alternative browser(s) other than IE9 I know that I can run IE9/Firefox(with many Add-ons)/Chrome/Iron (even all together simultaneously ) whether it's XP or Win7 x64 – no issues whatsoever “...Task mng will not open...” is a bigger concern. Check System event logged (if any) at the time that take place. In any case the rule of thumb and 1st thing to do – revise all Rules in all involved Security and make mutual exclusions, so they are not monitoring each other Please try that and with the additional info provided I hope it will be easier for the developers and users here to assist you My regards
  21. Not a problem at all as we do that for many years already The problem is a "black screen" for 20 seconds delay reported by the Original Poster No way that's ever happening here after all amendments I've made to the system as posted above. ~70 or more services are disabled, most of which are MS Services, that are still considered being security risks ... no matter what As you know, Mamutu & EAM (both full packages / whether stable or beta) were and are tested thoroughly on XP and on Win7 x64 There is never "black screen" and 20sec delay - that must be a big concern indeed The latest reboots: Win 7 x64 with EAM internal beta v6 - practically no time before the "password screen" appears ; XP Pro, whether it's EAM or Mamutu: - 7sec before "Welcome Screen"; - 10- max 13sec & all icons are in place, including the fact that I'm using XP with many Vista/Win7 appearances tweaks; - sure, there are another ~5- seconds before Compdo Firewall/EAM/AVG icons appear in the SysTray, but there is no "black screen" & I can start RocketDock/Firefox/Outlook Express way before that My regards
  22. Hi elladara, welcome to the forum I'm using Firefox as a main browser for ages including the latest v5.0.1 & about 40 Plug-Ins / Extensions No lagging whatsoever whether it is XP Pro 32bit or Win7 x64 In addition, saying "Comodo" is not enough - is it full CIS or just Firewall? a side note: Mamutu is not HIPS - it is a Behavioural Blocker , which is pretty much different The Defense+ by Comodo is HIPS So, please be more precise about your system setup Then, have you established mutual exclusions? ... at least you must do that My regards p.s. what do you mean by - that is completely incomprehensible (do not get me wrong and/or do not be offended by that).Please clarify what did you mean by posting that?
  23. 1st – If checked, an additional Right-Click menu option will be added to ("integrated" with) Windows Explorer, which allows you to scan separate folders/files whenever you want to.======= Returning to the original post and the issue. You stated that the issue emerged after EAM's installation Basically, replying “let's just say it's neither COMODO or Emsisoft's problem...” cannot lead us to the solution, since we cannot afford any assumptions in this business. Therefore, there were few questions that were not answered What about Safe Mode? What about reinstalling EAM as Admin and then trying to logg-in as Administrator? Then in EAM you may try as experiments (one by one): - uncheck “Enable EAM on srartup” & Reboot. Sill having such delay? - Guard > FileGuard > uncheck “Protect PC even no user is logged on”. Any improvements? ======= Other than that it may relate to your system settings that we don't know … like: - try to reduce any additional processes that set as running on startup Do not use MSCofig for that. Use Utility like Autoruns ; - you can obviously ease the load at the Reboot by “Disabling” or setting to “Manual” dozens of unneeded services that are set as “Automatic” Have a look at this site and follow the instructions. In your case choose an appropriate link for XP , meaning that you did not stated Service Pack (2 or 3?). Be attentive, patient and do it one by one; - another great Utility that you can use in addition is XP-AntiSpy - Irrespectively whether you will consider going trough the above or not - disable “Fast User Switching” service. Nothing except troubles are coming with this service … unless... you do know for sure that you need it & why My regards
  24. Thanks for the reply, Green Bay Packers At this stage I did not ask about your downloading habits , neither I suspected any malware present ... yet , so don't worry. We just want to find out what is wrong when you are "logging into my user account" Thanks for confirming that and the fact that MBAM is "on-demand only" At the same time you did not answer the question about Safe Mode Plus thanks again for confirming using other security in the past I'm using Comodo (firewall only ...old version though, see my signature) Well, it is a known fact that Comodo as many other Security may not be uninstalled perfectly and most of them need (and have) special Removal Utilities In the past I personally was involved in finding bugs regarding the mater communicating with Comodo developers. Therefore, I would suggest to check that thoroughly - there many be leftovers that can interfere Look into devices in the 1st place (use View > "Show hidden..." > Non-Plug and Play Drivers) My regards
  25. Hi Green Bay Packers, welcome to the forum Can you please be more specific about “upon installing it” and then “every time I log in to my account”. That is not clear 1) did the installation ended normally, including the offer to perform on-line update? or installation failed somehow? Any Error messages from the Software (EAM) or from the System? … In addition have a look into the Events logged by the System during the installation 2) As for “log in to my account”. Do you mean PC startup after Reboot with your User Account with limited rights? 3) Have you disabled MBAM real-time before the installation of EAM? 4) Have you installed EAM as Administrator? (which is recommended) 5)What would happen if you Reboot into Safe Mode. Would you still encounter similar delay? 6) Finally, at this stage, did you have any Security previously installed and not mentioned? My regards
  • Create New...