Jump to content

Lynx

Member
  • Posts

    2532
  • Joined

  • Last visited

  • Days Won

    19

Posts posted by Lynx

  1. Thanks for the reply and the video, Piotrex44

    Well that's 1st time I've seen something like that when EAM is performing Shell Extension scan

    Can you please send that "search=client_8.exe" (could miss some due to video quality) file residing in the C:\ root to Emsisoft developers?

    address: [email protected]

    Create passworded archive (ZIP or RAR) password : "fp" (no quotes)

    My regards

  2. Hi Piotrex44, welcome to the forum

    There is not enough info in order to answer your question

    Have you saved the report of what was detected?

    Please see this recent thread which can somehow explain at least one of the possible reasons where "files cannot be found"

    Do you have "Default action for detected objects" set to "Block & quarantine"? and respectively "Action on scan end" as "Quarantine..."?

    If so - reset those to "Alert" - notify only

    In this case you can report what was detected in the 1st place so the developers can see ... especially when you are stating that: "The problem occurs quite often with different threats"

    My regards

  3. Can allowing updates of programs (Do not notify update of this program option) like Web Browsers lessen security in anyway?

    Hi Gerald,

    That definitely does not reduce security provided by Mamutu.

    You are talking about auto-updates of a Software (browsers in this case), if I got you question correctly.

    The update process is a new process every time and it has to be monitored by Behavioral Blocker

    I'm not sure what comer meant, but I assume he/she is talking about excluding program from monitoring

    Well if the is a browser itself excluded ... again... the update/ clear re-installation/ etc. will be monitored.

    Moreover, even when the main executable is excluded the child processes create are monitored (say, you may get alerts about plugins container updates or any extension newly installed or updated, if Mamutu consider some danger

    That's how I see it

    In addition you may consider at least temporarily set "Paranoid Mode" and most likely you will see several additional Alerts related to what you are concerned about

    My regards

    p.s. recently we discussed auto-updates. Many users are never setting Auto-updates (except for some security Software), because those could interfere. There was even MS advice mentioned where unexpected failures can happen during MS patches auto-update if another software is updating as well at the same time,... but that's completely different to what you've asked.

    Mamutu's security will not be reduced (redundant, but worth being repeated :) )

  4. Hi Guys,

    H_D, you are right about the <>.old folder and that issue has to be addressed separately

    If that is a working folder somehow and browser(s) were opened during the scan – the file could'ev been removed by the system prior to the action by EAM in order to delete the file

    At the same time re:

    I have seen similar issues with detections of non-existent files in java sub-folders on several PC's. I usually uninstall Java, manually delete the entire Java folder, then re-install Java.
    There is a bug in EAM, where it false-positively detecting Java-cache files. Reinstalling Java is a bit drastic measure.

    Usually it's necessary just to clean Java cache as described here

    Anyway it's recommended to do some cleaning before performing such type of a scan as Deep one.

    CCleaner can be used (all browser sessions should be closed)... that will take care of Java cache as well

    Cheers!

  5. Hi Jose_Lisbon,

    I think that is not a bug but rather an “indication issue”, which can be improved

    Processes window shows currently active processes.

    It respectively shows (Yes/No) for those Applications where Rules were created if you ever received an Alert from Mamutu and responded respectively or deliberately set a rule without getting an Alert.

    At the same time I would agree that some indications there are not very comprehensive

    For example, “No” means “Excluded” if such rule was created by the user, but there are some “NO's” :) for those Applications that are still being monitored silently or excluded, because say they belong to trusted known Applications.

    That is definitely not clear and I hope that the developers shed some light on that

    a side note: Unfortunately there is no Help for Mamutu. Clicking on a “? Help” link will fire up help file for Anti-Malware, where I couldn't find the description of the feature we are discussing now

    Let's hope that will be fixed as well

    My regards

  6. Anything is possible
    Not really... I may say ;)

    and posting an image as suggested above would've helped us to identify the product.

    I gave up and asked for my money back, which they cheerfully did
    That's fine if that's what you want.

    … but it's very surprizing (softly speaking) that either of two companies could not resolve such simple matter as registration issue of their purchased Software whether it's “product ID/product KEY/coupon/etc.”

    That never happened with Emsisoft, for sure as far as I know.

  7. Hi whtant, welcome to the forum

    When you purchased the product you should get the activation link & start from there in order to register

    Please read this thread, which has similar questions, some images & answers, that will hopefully help you

    Please ask if any further questions

    In addition you can provide more detailed info re: ID question, including image(s)

    Did you mean "license code"? Have you got a coupon?

    In this case go to Configuration > License Tab

    and use "Convert license code" link at the bottom right

    My regards

  8. Hi Laurie,

    1st, in order to provide more information about your system please follow forum rules

    Then, have yo saved the report so users & developers we can see what was detected?

    Was “Action on scan end” set to Quarantine? (It is better to set for Reporting only)

    Similar apply to Guard's “Default action for detected objects” being set to Alert only.

    It is hard to provide any help without some additional info , except saying (speculating) that some vital system component(s) was quarantined or deleted.

    Moreover, we don't know whether any other AV with real-time (“onAccess”) were active during the scan by EAM. In this case, one of those could be responsible

    My regards

    p.s. {added}

    - Since you've tried Last Known Good Configuration and that failed,

    you may probably consider (or rather end with) using Linux Live CD. In this case it hopefully will be possible to recover Quarantined content if any and try to restore

    - But before that... Were you able to access BIOS (as a matter of fact) and at least reset/load into 'Fail-Safe' defaults and sure changing boot sequence to CD being 1st?

    - Many additions to the post above :), but worth mentioning – that could be just coincidental hardware/file system corruption. Just a few sources below :

    boot.ini or HD failure

    Unmountable Boot Volume

    other fixing tips... and so on

  9. We are glad that you can use EEK now, Gary.

    Just for those who are curios - That's how it works when using different archiving utilities (see images attaches)

    When double-clicking on executable – winRAR will extract everything and create whole (EEK in this case) ) folder structure 1st withing windows temporary directory. Then it will attempt to execute, which works.

    On the other hand, double-clicking on executable when using 7z, as an example, will extract that particular item only. Sure, the program cannot find anything needed, … except... itself :)

    Cheers!

  10. Hi josephwcarrillo, welcome to the forum

    1st, there is no such security out there that can protect you 100%.

    It does not exist & expecting that is a pure utopia

    Then "boot sector viruses" & poisoning BIOS are pretty much different matters including techniques behind those

    Antivirus (any), since you asked about "scanning" cannot be considered being the best guardian at all including the matter you've raised

    At the same time, have a look at the description (and items) stated by EAM's Behavioral Blocker, for example - that's very much more sophisticated and that may protect you, but still you (we) must have an experience in order to react to alerts

    Say, poisoning BIOS should involve some firmware re-flashing utility to be run

    I never encountered the malicious one yet, but when running the legit Tool, which I'm using often in order to upgrade BIOS I am Alerted ...IF... EAM or Mamutu is active

    .... but honestly I would switch off any security when upgrading BIOS, because I do know what I'm doing & where I got the Flash Utility from ;)

    My regards

  11. Hi guys

    Gary, please do what ctrlaltdelete suggested

    as an a side note the said error will indeed occur when you run from withing archive, which is basically never recommended,

    ..but it may work if you use winRAR. It will not work for sure with winZIP or 7z. (just retested few min ago after reading your post)

    My regards

    Gary Evans,

    Please extract the files first in a new folder before running EEK.

  12. Hi again, fedulla

    That was not a slang ;) - the accounts (e-mail and password) created here in the forum and for the Software registration can be different (therefore, I said "not related")

    Who sent you a message about "not valid name and mail", the Emsisoft developers?

    So - you did not get the activation link?

    The situation as relina described is different as far as I understood the active went fine 1st time

    Have you tried to contact the developers as suggested in my reply to relina

    My regards

  13. Hi elladara,

    I missed your post

    1st, You are using "Windows 7 Black Edition"

    thumb_9494083Win7Black.png , which is pirated version as far as I know.

    Basically - that is where our conversation must end!

    ==============

    As a tip for a future - <>.html files are not allowed to be attached here (similar to .DOCs.; PDFs ; etc. ..., which can be poisoned)

    Finally there are no issues with Fox or any other browser (IE, Chrome; Iron) re: CPU usage

    It's usually 0-0.77%

    thumb_4695710Mamutu_CPU__1.png

    It may jump to ~around 17-22, sometimes 30% when another executable (Chrome in this case) is fired up

    thumb_7340442Mamutu_CPU__2.png

    but almost immediately will return to ~0-0.7%

    No issues whether that's XP Pro 32bit or win7 x64

    So , again ... despite your statement "computer is virus free" we may talk when the legit version of win 7 is in place

    Thanks

  14. Greetings, guys!

    The tests were so that you could make sure a second instance of Chrome worked fine. There was actually quite a lot of sense to Lynx's response
    Thanks, H_D

    Here are expected Alerts, when existing rules were removed:

    thumb_3283018MamutuChromeAlert__1.png please pay attention to “Advanced settings” as well

    thumb_7378446MamutuChromeAlert__2.png

    ...Chrome (yes, version 12) is being blocked by Mamutu, and I'm not getting any alert.

    1st, “yes version 12” is not enough – I specifically posted the exact version and asked to correct me if I'm wrong. If the precise(!) number is different “just a bit” our tests – mean nothing (stressing)

    As for the “silent rule creation” you may consider the following settings:

    thumb_2854146No_Automatic_Rule_Creation.png which disables any Automatic Rule creation (sure, you may not want “Paranoid mode” in place as stated above – that's your choice)

    now I put both to be monitored, but I allow everything. Now it's working.
    Good! … as expected :thumbs:
    I don't feel ok to allow Chrome to do everything in my computer...
    … and further in order to shorten the quote....

    As in previous reply and what was confirmed by H_D: If you are Monitoring and even Excluding specific executable that does not mean that any Child process, created by the Parent will not be picked up by Mamutu upon execution if found suspicious - you will be alerted.

    PlugIns as an example thumb_2810918PlugInsAlert.png<--Click & that is why (whether it did not make sense, as you stated) I've mentioned the test without PlugIns … many dots … ;)

    My regards

    p.s.

    Actually I excluded Chrome from the protection (exceptions list) because that was the suggestion from the community. When you right-click on Chrome exe and go to Request suggestion.
    the community rules and suggested settings were mentioned above, but honestly I do not understand what you mean by “right-click on Chrome.exe” & what is an "exception list" in Mamutu? Right-clicking where? ...probably I had too much coffee this morning :rolleyes: Cheers!
  15. Hi Douglas, welcome to the forum

    The latest Chrome stable version is 12.0.742.122 (correct me if I'm wrong)

    I was working with Chrome this morning on Win7 x64 and everything was fine

    Few suggestions in order to test:

    - Without uninstalling your Chrome you can download portable version and run it from USB Stick or you may even install it on hard drive. Use any directory. Removing it - is just deleting installation folder you system/registry/etc. are not “touched”, so to speak

    Point is , you can start another instance of Chrome. Since it;'s different Application (& different location) you have to be Alerted in the 1st place especially when you run Mamutu in Paranoid mode.

    In any case just check the rules and exclude if you want (I have it being "monitored")

    Then you can test it with no extensions installed as a matter of fact.

    - Another things to try is running Chrome without Sandbox and/or PlugIns. There were problems with sandboxing in the past ,which were fixed by Chrome developers, but anyway worth checking (separately)

    So, just find shortcut and add the following parameters to the Target: after ...\chrome.exe

    --no-sandbox” or ”--no-process-plugins” (no quotes but double-dash is important)

    My regards

    p.s. I cannot tell anything about “wowhelper“, but the issue seems to be unrelated to Chrome.

    And then despite, it is standalone exe, from what I read I cannot test it, since Win7 PC is not available here at the moment

  16. Hi, T Mike welcome to the forum

    Please add all information required as in here . For example, even some “General” info is missing

    Then, be more specific about your firewall

    A the right under HIPS you stated: “windows7firewall ”;

    Further you wrote: “free copy of Vista7Firewall”

    If you mean Windows native firewall it does not include HIPS, but if you are using some 3rd party “addition/or enhancements” to the native Vista firewall – that has HIPS, please let us know.

    State all components of Avast that are in place and active in real-time

    Mamutu does not check any net traffic, so that should not cause surfing slowdowns

    At the same time, please test alternative browser(s) other than IE9

    I know that I can run IE9/Firefox(with many Add-ons)/Chrome/Iron (even all together simultaneously ) whether it's XP or Win7 x64 – no issues whatsoever

    “...Task mng will not open...” is a bigger concern. Check System event logged (if any) at the time that take place.

    In any case the rule of thumb and 1st thing to do – revise all Rules in all involved Security and make mutual exclusions, so they are not monitoring each other

    Please try that and with the additional info provided I hope it will be easier for the developers and users here to assist you

    My regards

  17. [Edit] Lynx and I were typing at the same time... again...

    Not a problem at all as we do that for many years already :P

    The problem is a "black screen" for 20 seconds delay reported by the Original Poster

    No way that's ever happening here after all amendments I've made to the system as posted above.

    ~70 or more services are disabled, most of which are MS Services, that are still considered being security risks ... no matter what

    As you know, Mamutu & EAM (both full packages / whether stable or beta) were and are tested thoroughly on XP and on Win7 x64

    There is never "black screen" and 20sec delay - that must be a big concern indeed

    The latest reboots:

    Win 7 x64 with EAM internal beta v6 - practically no time before the "password screen" appears ;

    XP Pro, whether it's EAM or Mamutu:

    - 7sec before "Welcome Screen";

    - 10- max 13sec & all icons are in place, including the fact that I'm using XP with many Vista/Win7 appearances tweaks;

    - sure, there are another ~5- seconds before Compdo Firewall/EAM/AVG icons appear in the SysTray, but there is no "black screen" & I can start RocketDock/Firefox/Outlook Express way before that

    My regards

  18. Hi elladara, welcome to the forum

    I'm using Firefox as a main browser for ages including the latest v5.0.1 & about 40 Plug-Ins / Extensions

    No lagging whatsoever whether it is XP Pro 32bit or Win7 x64

    In addition, saying "Comodo" is not enough - is it full CIS or just Firewall?

    a side note: Mamutu is not HIPS - it is a Behavioural Blocker , which is pretty much different

    The Defense+ by Comodo is HIPS

    So, please be more precise about your system setup

    Then, have you established mutual exclusions? ... at least you must do that

    My regards

    p.s. what do you mean by

    ...REPORT FOR EVYRYTHING IN MY COMPUTER

    Download report for EVERYTHING about my computer

    - that is completely incomprehensible (do not get me wrong and/or do not be offended by that).

    Please clarify what did you mean by posting that?

  19. 1st –

    what's the windows explorer integregation?
    If checked, an additional Right-Click menu option will be added to ("integrated" with) Windows Explorer, which allows you to scan separate folders/files whenever you want to.

    ======= Returning to the original post and the issue.

    You stated that the issue emerged after EAM's installation

    Basically, replying “let's just say it's neither COMODO or Emsisoft's problem...” cannot lead us to the solution, since we cannot afford any assumptions in this business.

    Therefore, there were few questions that were not answered

    What about Safe Mode?

    What about reinstalling EAM as Admin and then trying to logg-in as Administrator?

    Then in EAM you may try as experiments (one by one):

    - uncheck “Enable EAM on srartup” & Reboot. Sill having such delay?

    - Guard > FileGuard > uncheck “Protect PC even no user is logged on”. Any improvements?

    =======

    Other than that it may relate to your system settings that we don't know … like:

    - try to reduce any additional processes that set as running on startup

    Do not use MSCofig for that. Use Utility like Autoruns ;

    - you can obviously ease the load at the Reboot by “Disabling” or setting to “Manual” dozens of unneeded services that are set as “Automatic”

    Have a look at this site and follow the instructions. In your case choose an appropriate link for XP , meaning that you did not stated Service Pack (2 or 3?). Be attentive, patient and do it one by one;

    - another great Utility that you can use in addition is XP-AntiSpy

    - Irrespectively whether you will consider going trough the above or not - disable “Fast User Switching” service. Nothing except troubles are coming with this service … unless... you do know for sure that you need it & why

    My regards

  20. Thanks for the reply, Green Bay Packers

    At this stage I did not ask about your downloading habits , neither I suspected any malware present ... yet ;), so don't worry.

    We just want to find out what is wrong when you are "logging into my user account"

    Thanks for confirming that and the fact that MBAM is "on-demand only"

    At the same time you did not answer the question about Safe Mode

    Plus thanks again for confirming using other security in the past

    I'm using Comodo (firewall only ...old version though, see my signature)

    Well, it is a known fact that Comodo as many other Security may not be uninstalled perfectly and most of them need (and have) special Removal Utilities

    In the past I personally was involved in finding bugs regarding the mater communicating with Comodo developers.

    Therefore, I would suggest to check that thoroughly - there many be leftovers that can interfere

    Look into devices in the 1st place (use View > "Show hidden..." > Non-Plug and Play Drivers)

    My regards

  21. Hi Green Bay Packers, welcome to the forum

    Can you please be more specific about “upon installing it” and then “every time I log in to my account”. That is not clear

    1) did the installation ended normally, including the offer to perform on-line update?

    or

    installation failed somehow? Any Error messages from the Software (EAM) or from the System? … In addition have a look into the Events logged by the System during the installation

    2) As for “log in to my account”. Do you mean PC startup after Reboot with your User Account with limited rights?

    3) Have you disabled MBAM real-time before the installation of EAM?

    4) Have you installed EAM as Administrator? (which is recommended)

    5)What would happen if you Reboot into Safe Mode. Would you still encounter similar delay?

    6) Finally, at this stage, did you have any Security previously installed and not mentioned?

    My regards

×
×
  • Create New...