Insert Real Name

  • Content Count

  • Joined

  • Last visited

  • Days Won


Insert Real Name last won the day on November 27 2017

Insert Real Name had the most liked content!

Community Reputation

1 Neutral

About Insert Real Name

  • Rank

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. O.K., thanks very much for the explanations. I had set the Behaviour Blocker to auto-resolve, since I could always click on the toaster alert to allow/deny the Behaviour Blocker's decision, but the full Behaviour Blocker alert gives more information and more choices. I've noticed that EAM classifies some programs using the Windows 7 standard file chooser dialogs (e.g. the latest version of DVDStyler) to be "Code Injectors". No doubt these programs may be doing that (perhaps the Windows API they use to handle file chooser dialogs are the origin), but an indication of their code injecting targets in the full alert dialog details section would be very welcome to help make a decision. Maybe there should be a general preference choice: "Display more details in alerts"?
  2. Is there any setting that adds the actual type of suspicious behaviour (e.g. "Code Inject" or "Direct Disk Access") in nice *black* *capitals* (not trendy grey, please!) to the toaster notification produced by the Behaviour Blocker? Often there are programs that legitimately use e.g. direct disk access to check licensing, etc., and knowing the exact type of behaviour detected will help in accepting it or blocking it immediately. Also, should those legitimate program executable behaviours be reported as a false postive, or does the false positive classification not apply to behaviour blocker detections that are resolved by a rule allowing the behaviour?
  3. Quite true! I only used the full HPhosts list because I did not want to do the necessary work to collate narrowly focused lists that just focus on tracking/advertising domains, in addition to the malware domains list already used and updated in EAM. As you say, there are a lot of dead or completely obscure malware domains on that list, and in any case, blocking tracking/advertising domains is not part of EAM's function and too easily disables legitimate websites. Now I'm (mis)using the 2 lists at They are meant to be used with the Unix DNSmasq program, so need to be edited with regular expressions to isolate the domain names, but the combined and sorted list is just over 100K domains, much more reasonable than the HPHosts list. I load the list with "Block and Notify" settings, so that I can easily unblock anything that breaks a website. These seem to be regularly updated and only deal with malware/tracking/advertising domains. I've not seen much site breakage, and the removal of advertising is effective. And the existing Surf Protection list processing and search functions work efficiently with an added list of ~100K domains. I also use an ad-blocking extension in my browser in order to control cross-site requests, but blocking these domains at the DNS level is doing something like 80% of the work the ad-blocker normally does. People may wonder, why go to all this trouble? It's because the big Internet companies (Google & Co.) are obsessed with building profiles of their users by tracking their activities across the Internet, and they make it very difficult to determine how much of this profiling is directly connected to your known identity and to what other commercial parties (e.g. analytics and data brokers) your data may be communicated, as well as the actual profile data that is distributed. If you value privacy, you might want to block such activity (and I'm an old dinosaur who uses the least social media possible anyway...).
  4. Does one need to disable Powershell completely? And is this even desirable or possible on Windows versions greater than 7? On my Windows 7 machine, I started a Powershell console w/administrative privileges and ran Set-Execution-Policy -Scope LocalMachine Restricted which disables running PowerShell scripts execution in any context. Individual Powershell commands are still allowed, of course, so Powershell-powered malware hasn't been entirely neutered, but this is a significant protection I think.
  5. Ask your developers to experiment if there's some way for the host rules to be proccessed into a highly efficient in-memory search data structure for the host matching functions of a2service.exe and, at the same time, be directly shared with the UI process and efficiently traversed to build thehost list and search it.
  6. Thank you. Maybe black text on an *off-white* background will look less bare than just black/white and keep a certain trendy appearance...
  7. Sorry for the delay in timing the appearance of the normal bar cursor in the search field of the Surf Protection panel when started from "Host rules" in EAM's taskbar menu. With the 850,000 hosts added by the files described above in the EAM hosts list (no way of finding out how many duplicated the built-in list), it takes roughly ~40 sec for the hour-glass cursor to disappear and the text bar cursor to start blinking normally; each character typed takes roughly ~5 sec to appear while the list of hosts below the search field is sorted to include just the characters typed. Subsequent use of the menu short cut and the list-box sorting are much much faster (but this may be just in memory caching and not any indication of efficiency). Anyway, I hope it can be made more efficient, I find the feature useful to completely remove all advertising nonsense from webpages in every browser on my system. (To say nothing about the malware or tracking protection.)
  8. I'm rather tired of programs with a UI that uses grey text on white/black blackground, or unsaturated colors generally. Black text on white/near-white background is so much easier to read, especially is the text size in small. Can EAM offer the choice of such a high(er) contrast UI? Shouldn't that huge an amount of programming, surely...
  9. I use EAM Surf Protection's Host File Import feature to load the malware hosts list at and the updates at These comprise roughly >800,000 host names, and EAM does actually load them without too great a delay. And if I choose randomly a few hosts in that huge list that are not already in the built-in list, EAM does intercept the DNS query and neutralize it. However, when I use the shortcut "Host rules" in EAM's taskbar menu, the EAM Hosts rules window is extremely slow in opening, and visible feedback in typing any text in the search field of that window is also extremely slow. Likewise changing the rule for any individual listed host is very slow--such a large list occasionally blocks hosts that are necessary for correct page display. I realize a list of 800,000 hosts was probably not in your specification for the Surf Protection feature, but it *is* very effective: on the rare occasion when I use the MS IE 11 browser on my Windows 7 SP1 x64 laptop (Sandy Bridge i7 processor, so relatively fast), the ad and tracker blocking is almost as good as when I use my regular browser with the uBlock Origin add-on, both in terms of speeding up web page display and eliminating distractions, a.k.a. advertisements. Can you change the internals of this feature so it uses a more efficient data structure to accommodate very large user-added host lists, with improved lookup and management response? Perhaps also to reduce the memory footprint of a2service.exe (~400MB physical memory private working set, ~500MB private bytes virtual memory)?
  10. Just a piece of personal opinion re. browser ad-blockers: if you are using Firefox, the combination of Ad-Block Plus and RequestPolicy extensions is pretty good. I don't like the distracting intrusive advertising/social-buttons most major websites use now (quite apart from their tracking behaviour), and Ad-Block Plus removes most of them (and the custom blocker dialog called by Ctrl-Shift-F3 can get rid of the rest). The down-side of Ad-Block Plus is that there are literally hundreds of ad-blocking rules, and determining which ones are "breaking" the current page (to create an exception in the rules) can be a bit of a mystery! The RequestPolicy extension gives you an easy oversight of exactly which 3rd party websites the current website is requesting content from, and you can then choose which of them to allow/deny on the current website. It has a default deny list of advertising/social 3rd party websites that you can customize, so there's very little tweaking you need to do when you begin using it. It partly overlaps the effect of Ad-Block but is still a useful complement.
  11. Fabian, I'm wondering if you could provide a short non-technical summary for those of us running OA (in standard mode) + EAM 9 on Windows 8.1 x64 (with all the OS standard protections, e.g. NX, enabled) of which EMET 5.0 mitigations are *actually* going to increase protection against threats that somehow get around OA+EAM and a cautious Internet user? I understand that some of the ROP protections EMET provides are already broken by the more advanced 32/64-bit executable threats, you probably know more about that...
  12. O.K., as an experiment I uninstalled Anti-Malware and installed the latest Internet Security. Some observations: I do all my installations while logged on my regular unprivileged account and assume (unless nothing works) that the installer will ask for elevation at the appropriate point(s) in the process. Once I rebooted my computer after the installation and logged on to my regular account, Internet security had already created a couple of Application Rules, but the issue was the same as my original post: selected rules cannot be edited, nor is the "Add new rule" button activated. (And maybe there were anomalies on other application screens, I did not check everything.) I then exited my usual account and loggon onto my administrative account, in order to check the Permissions screen for my regular account. Every permission was check-marked by default. I made no changes. Finally, I returned to my regular account and lo-and-behold: the Application Rules screen now actually worked correctly, i.e "Edit rule" and ""Remove rule" were active only if a rule was selected, and "Add new rule" was active by default. So it seems that at least one explicit log-on by an administrative user is required on my machine before the installation process fully concludes and the Internet Security defaults are entirely active. Maybe this whole thing is unique to my environment (but I haven't do any special tweaks to Windows 8.1, it's all pretty vanilla), however this kind of thing might frustrate a lot of potential users if it happened to them. UPDATE: Just read the thread and I think I might be not entirely alone on this issue. Maybe something extra is needed in the installation process, or perhaps additional per-user sanity checking when the application UI starts at log-on.
  13. No, this is a stand-alone PC. (Sorry for the delay in reply, but I was out of Internet communication.)
  14. I logged out of my usual account (limited user) and logged on an Administrative User (I always work in a limited regular user account) and on the Permissions page all privileges were already ticked for my limited user account. What I then did to attempt to solve the problem was to systematically toggle all of the permissions off/on for that user account. When I logged back into my usual account, all of the greyed-out buttons on the Application Rules and Surf Protection were working correctly when no line entry was selected and when one was selected. There was just one inconsistency: when no Surf Protection line was selected, the "Add new rule" button was still grey. So the problem could be solved by the toggle procedure, but it suggests something needs review in the UI<-->action code for those pages.
  15. Current fully licensed version of Anti-Malware 9.0, all stable updates as of 11AM EST today. Trial version of Online Armor, with a view to buying a license and then updating (free?) to the latest version of Internet Security (is that scenario possible?). Windows 8.1 Pro x64 (Hyper-V enabled), all MS Updates as of today. See attached screenshot: all action buttons are grayed out, even when one list entry is selected. So I can't add or delete files in the list, I can only edit their entries by double clicking on the file path line. What I expect: at all times the Add button should be enabled (even when a list entry is highlighted); the Edit and Remove button should be enabled when a line is highlighted. Keyboard accelerators should be similarly available: INS at all times for adding a file, and ENTER or DELETE to Edit or Remove a highlighted file entry.