Jump to content

hackerman1

Member
  • Content Count

    219
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by hackerman1

  1. Thanks for the info.

    I noticed that you are using EAM 11.0.0.5984.

    I´m running EAM 11.0.0.5911 on that computer, which might explain the different behaviour.

     

    I assume that you did exactly as i did, right-clicked on a folder ?

    Not a "Custom Scan" ?

     

    I´m going to install 11.0.0.5984 and see what happens....

    Downloading right now...

     

    Update: In case someone wonders, the latest version is 11.0.0.5958.....

  2. Some users are experiencing EAM related crashed when COMODO's firewall/Internet Security is installed. It may only happen with the latest version of COMODO's software, however most users have not specifically stated what version they are using.

     

    This sounds familiar...

    When i tested CIS 8 i had problems not only with CIS itself, but also with EAM crashing / not starting.

    CIS 8 was released september 2014, so those users probably have CIS 8....

    Tell them to use CIS 7 instead....

  3. Today i noticed something really weird: when scanning a folder EAM does not scan the files in the folder !?

     

    Fx. when i right-click on a folder and select "Scan with EAM" , the scanning finishes in 2 seconds.

    Scanning 7 GB in 2 seconds !?

    Must be the worlds fastest scanning...

     

    But if i open the folder, mark all files and start a scan, then all files are scanned.

     

    This must be a BIG bug !?

     

    Or is this a "feature" which gives extremely fast scanning by providing false results...?

    Of course all the files in a folder should be scanned when a folder is selected, what else should we expect ?

     

    I´ve used EAM for many years and i have never seen this before, scanning a folder has always scanned the files within the folder.

    So it must be new....

     

    I´m using Total Commander, but the same thing happens also with Explorer, so Total Commander can´t be blamed...

     

    Using EAM 11.0.0.5911.

  4. EAM 11 & CIS 7 works well together, with mutual exclusions.

     

    CIS 8 is acting weird though, it hangs and seems to "block itself", i can open it´s  main window, but clicking on any link like fx. "Update" and it hangs.

     

    A correction: I made a mistake, that computer had not been updated to EAM 11 yet.

    The problems i described above is with EAM 10 & CIS 8.

    But since it probably has nothing to do with EAM i expect the same problem when using EAM 11.

     

    I updated to EAM v11 15-11-20 , and i can now confirm that EAM 11 & CIS 7 (7.0.317799.4142) works well together,

    with mutual exclusions.

     

    I have not tested CIS 8 yet....

     

    Note: I´m only using the HIPS in CIS.

  5. EAM 11 & CIS 7 works well together, with mutual exclusions.

     

    CIS 8 is acting weird though, it hangs and seems to "block itself", i can open it´s  main window, but clicking on any link like fx. "Update" and it hangs.

    If i disable HIPS first then it might work, but it might even require a restart of CIS before opening the main window.

    When finished with CIS (main window) i can enable it´s HIPS again.

     

    I tested 3 different versions of CIS 8 yesterday, and all of them behaved like described above.

    CIS 8 behaves like that even if all EAM-components are disabled.

    So if you experience something like that, you should probably not blame EAM....

     

    Send me a pm and i can give you links to older CIS-versions...

  6. "Acting a bit weird" means making the computer unresponsive and then after a few minutes freezing completely.

    I had to do a "hard reset", power off and remove battery from the laptop.

     

    I never intended to "stick to an old version", i only wanted to test another (older) version in order to identify the latest working version,

    so that i could tell you when the problem started (which version).

     

    Anyway, today i installed the latest available version (10.0.0.5735).

    Everything is working normally, problem solved...

    You can close the thread now.

  7. Yes of course...

     

    EAM crashing today,

     

     

    But since no one else has reported any problem i assume it wasn´t caused by EAM.

    System commands revealed a lot of errors so the computer has now been restored from a systembackup, so there is no need to investigate this further.

    EAM is now working normally again.

    Problem solved.

  8. EAM crashing today, with the following errormessage:

     

    Problemsignatur:
      Problemhändelsens namn:    APPCRASH
      Programnamn:    a2start.exe
      Programversion:    10.0.0.5532
      Programtidsstämpel:    559d5637
      Namn på felmodul:    StackHash_432b
      Modulens version:    0.0.0.0
      Tidsstämpel för felmodul:    00000000
      Undantagskod:    c000001d
      Undantagsförskjutning:    00000000
      OS-version:    6.1.7601.2.1.0.768.3
      Språkvariant-ID:    1053
      Ytterligare information 1:    432b
      Ytterligare information 2:    432b07386bea55fd5675b33ddd62767e
      Ytterligare information 3:    a38c
      Ytterligare information 4:    a38c518d7df9f8d1cc7914fa43b0b2e6

    Läs vår sekretesspolicy online:
      http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x041d

    Om sekretesspolicyn online inte är tillgänglig kan du läsa vår sekretesspolicy offline:
      C:\Windows\system32\sv-SE\erofflps.txt
     

     

    All 3 EAM-processes (a2guard, a2service and a2start) crashes when i try to start them manually.

     

     

    I suspect it might have something to do with an EAM-update on friday.

    However, the computer worked normally after the update.

    But today it crashes, and it has not been used since friday.

     

    Have anyone else had any problems with crashes since friday ?

  9. I just ran the wizard again.

    The recommended setting in EMET 4.1 is everythinh checked for both a2guard & a2service.

    But then EMET block EAM....

    I get a notification from EMET: SimExecFlow mitigation for a2guard....

    Now I remember that being the primary reason for unchecking everything.

    So a list of the settings or a screenshot are appreciated.

  10. No. Default means the settings you get after running the wizard and choosing "Use recommended settings". We do not test how certain a EMET mitigation effect any of our own processes, but we do make sure that we don't interfere with protections put in place by EMET in other processes that we monitor as well, as EMET and our behavior blocker use very similar techniques to intercept code flow that often result in incompatibilities.

    We always test with the latest stable release which is version 5.1.

     

    That was the reason for asking, as i thought there might be Incompatibilities between EAM & EMET.

    I did run the wizard when I installed EMET, but since I wasn´t sure that those mitigations really should be checked, I unchecked all of them.

    And I didn´t save the recommended settings because I was hoping to get the needed information from Emsisoft....

     

    But, what exactly are the "default" settings ?

    To make sure we all get it right, It would be very nice if you could post a screenshot of the correct "default" settings.

     

    Could you please list the settings or post a screenshot ?

  11. We only test EMET with default settings. If you want to tinker with its settings, you are on your own. All Emsisoft components support DEP and ASLR since version 9.0.

     

    Thank you.

    But, what exactly are the "default" settings ?

    Do you mean everything checked for both a2guard.exe & a2service.exe ?

    And, are we talking about EMET 4.1 or 5 (5.1) ?

    To make sure we all get it right, It would be very nice if you could post a screenshot of the correct "default" settings.

  12. The main issue is, that a lot of our executable files are not built using the Microsoft tool chain (Visual Studio). So it is not as easy as adding "/DYNAMICBASE" simply because that parameter doesn't exist in development tools outside of Visual Studio. All files that are built using the Microsoft tool chain have both DEP and ASLR already enabled. The files that don't have DEP or ASLR enabled are files that are built with a tool chain that does not officially support DEP or ASLR.

    Thanks.

     

    I have been using EMET together with EAM for months and I have not noticed any problems.

    I tried to find information about configuring EMET for EAM, but since I could not find any I decided to instruct EMET to ignore EAM.

    I see no reason to let EMET mess with EAM´s processes (a2guard.exe & a2service.exe)....

    And I have also added exceptions for EMET in EAM.

     

    I know that EMET is not created by Emsisoft, but do you have any recommendations for how EMET should be configured ?

    Should it ignore a2guard.exe & a2service.exe ?

    And should it be configured for any other EAM-files ?

     

    And since your post above is from April 2014, and newer versions of EAM has been released since then, has there been any change regarding DEP & ASLR in those versions ?

    AV-test.org published a report about the use of DEP & ASLR in antivirus software on 2014-11-25

    Self-Protection for Antivirus Software: http://www.av-test.org/en/news/news-single-view/self-protection-for-antivirus-software/

     

    Unfortunately EAM is not included is that report, so it would be very interesting to hear about EAM´s use of DEP & ASLR.

  13. You uninstall EAM the same way as other programs: Control Panel → Programs and Features, rightclick on EAM, select uninstall.

    As far as I know there should not be any "leftovers" causing problems.

    However there is a cleaning tool you can use, Emsiclean: https://dl.emsisoft.com/Emsiclean.zip

  14. Thank you.

    Yes I was also thinking the same, that Behaviour Blocker would alert.

     

    After having activated "File guard" yesterday while using my own USER-account I swtiched to the ADMIN-account,

    and to my BIG surprise I once again noticed an orange EAM-icon in the taskbar !?

     

    I waited several minutes, and it remained orange.

    I logged out from the ADMIN-account, and then logged in to all the other USER-accounts (I know all passwords since I installed the O/S and created the system),

    and the EAM-icon was green on all accounts, with "File guard" enabled.

    I logged in to the ADMIN-account again, and the EAM -icon was still orange, with "File guard" disabled !?

    But after a few minutes it changed to green, with "File guard" enabled.

    Weird....

     

    But it gets even more weird, I switched back to the owners USER-account, doublechecked the EAM-icon and the settings, everything was OK.

    I shutdown the computer.

     

    About 30 minutes later I restarted the computer (cold start !), logged in to the owners USER-account to show her what I had previously discovered,

    and now the EAM-icon was once again orange !?

    I checked the settings and once again "File guard" was disabled !?

    I tried to enable the "File guard" but it did not enable, and instead of a green icon it was an empty (colourless) icon with a yellow dot (star) in the lower right corner.

    Something very weird is going on....

     

    btw. I asked the owner if she had used the ADMIN-account, she said no.

     

    Could this be caused by upgrading from v8 to v9 instead of doing a clean install ?

  15. Hi !

     

    Yesterday i started to do maintenance on a friends computer.

    I noticed the EAM taskbaricon was orange so i rightclicked it to check the settings, and noticed that "File guard" was disabled !

    All guards were enabled last time i did maintenance.

     

    This computer has multiple useraccounts.

    I installed EAM v8 on this computer myself about a year ago, the settings are locked on all accounts except for the ADMIN-account and my own useraccount which I use for maintenance.

     

    Only two persons know the ADMIN-password, the owner (of course) and myself.

    But I am the only one who knows the password to my useraccount, not even the owner knows it.

     

    I have instructed the owner never to use the ADMIN-account for normal work, only her own USER-account (standard).

    So unless she has used the ADMIN-account and disabled "File guard" herself,

    I suspect the "File guard" has been disabled since the upgrade to v9 almost a month ago.

     

    Have anyone else noticed any problems with EAM changing settings after the upgrade ?

     

    How serious is this securityproblem ?

     

    I have done a full scan and EAM has not detected anything.

    To doublecheck I have also scanned with MBAM and Comodo Antivirus, and they also have nothing to report.

     

×
×
  • Create New...