Jump to content

Insert Real Name

  • Content Count

  • Joined

  • Last visited

  • Days Won


Insert Real Name last won the day on November 27 2017

Insert Real Name had the most liked content!

Community Reputation

1 Neutral

About Insert Real Name

  • Rank

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. O.K., thanks very much for the explanations. I had set the Behaviour Blocker to auto-resolve, since I could always click on the toaster alert to allow/deny the Behaviour Blocker's decision, but the full Behaviour Blocker alert gives more information and more choices. I've noticed that EAM classifies some programs using the Windows 7 standard file chooser dialogs (e.g. the latest version of DVDStyler) to be "Code Injectors". No doubt these programs may be doing that (perhaps the Windows API they use to handle file chooser dialogs are the origin), but an indication of their code injecting t
  2. Is there any setting that adds the actual type of suspicious behaviour (e.g. "Code Inject" or "Direct Disk Access") in nice *black* *capitals* (not trendy grey, please!) to the toaster notification produced by the Behaviour Blocker? Often there are programs that legitimately use e.g. direct disk access to check licensing, etc., and knowing the exact type of behaviour detected will help in accepting it or blocking it immediately. Also, should those legitimate program executable behaviours be reported as a false postive, or does the false positive classification not apply to behaviour
  3. Quite true! I only used the full HPhosts list because I did not want to do the necessary work to collate narrowly focused lists that just focus on tracking/advertising domains, in addition to the malware domains list already used and updated in EAM. As you say, there are a lot of dead or completely obscure malware domains on that list, and in any case, blocking tracking/advertising domains is not part of EAM's function and too easily disables legitimate websites. Now I'm (mis)using the 2 lists at https://github.com/notracking/hosts-blocklists They are meant to be used with the Unix DNSmas
  4. Does one need to disable Powershell completely? And is this even desirable or possible on Windows versions greater than 7? On my Windows 7 machine, I started a Powershell console w/administrative privileges and ran Set-Execution-Policy -Scope LocalMachine Restricted which disables running PowerShell scripts execution in any context. Individual Powershell commands are still allowed, of course, so Powershell-powered malware hasn't been entirely neutered, but this is a significant protection I think.
  5. Ask your developers to experiment if there's some way for the host rules to be proccessed into a highly efficient in-memory search data structure for the host matching functions of a2service.exe and, at the same time, be directly shared with the UI process and efficiently traversed to build thehost list and search it.
  6. Thank you. Maybe black text on an *off-white* background will look less bare than just black/white and keep a certain trendy appearance...
  7. Sorry for the delay in timing the appearance of the normal bar cursor in the search field of the Surf Protection panel when started from "Host rules" in EAM's taskbar menu. With the 850,000 hosts added by the files described above in the EAM hosts list (no way of finding out how many duplicated the built-in list), it takes roughly ~40 sec for the hour-glass cursor to disappear and the text bar cursor to start blinking normally; each character typed takes roughly ~5 sec to appear while the list of hosts below the search field is sorted to include just the characters typed. Subsequent
  8. I'm rather tired of programs with a UI that uses grey text on white/black blackground, or unsaturated colors generally. Black text on white/near-white background is so much easier to read, especially is the text size in small. Can EAM offer the choice of such a high(er) contrast UI? Shouldn't that huge an amount of programming, surely...
  9. I use EAM Surf Protection's Host File Import feature to load the malware hosts list at http://hosts-file.net/?s=Download and the updates at http://hosts-file.net/hphosts-partial.asp These comprise roughly >800,000 host names, and EAM does actually load them without too great a delay. And if I choose randomly a few hosts in that huge list that are not already in the built-in list, EAM does intercept the DNS query and neutralize it. However, when I use the shortcut "Host rules" in EAM's taskbar menu, the EAM Hosts rules window is extremely slow in opening, and visible feedback in typing
  10. Just a piece of personal opinion re. browser ad-blockers: if you are using Firefox, the combination of Ad-Block Plus and RequestPolicy extensions is pretty good. I don't like the distracting intrusive advertising/social-buttons most major websites use now (quite apart from their tracking behaviour), and Ad-Block Plus removes most of them (and the custom blocker dialog called by Ctrl-Shift-F3 can get rid of the rest). The down-side of Ad-Block Plus is that there are literally hundreds of ad-blocking rules, and determining which ones are "breaking" the current page (to create an exception in the
  11. Fabian, I'm wondering if you could provide a short non-technical summary for those of us running OA (in standard mode) + EAM 9 on Windows 8.1 x64 (with all the OS standard protections, e.g. NX, enabled) of which EMET 5.0 mitigations are *actually* going to increase protection against threats that somehow get around OA+EAM and a cautious Internet user? I understand that some of the ROP protections EMET provides are already broken by the more advanced 32/64-bit executable threats, you probably know more about that...
  12. O.K., as an experiment I uninstalled Anti-Malware and installed the latest Internet Security. Some observations: I do all my installations while logged on my regular unprivileged account and assume (unless nothing works) that the installer will ask for elevation at the appropriate point(s) in the process. Once I rebooted my computer after the installation and logged on to my regular account, Internet security had already created a couple of Application Rules, but the issue was the same as my original post: selected rules cannot be edited, nor is the "Add new rule" button activated. (An
  13. No, this is a stand-alone PC. (Sorry for the delay in reply, but I was out of Internet communication.)
  14. I logged out of my usual account (limited user) and logged on an Administrative User (I always work in a limited regular user account) and on the Permissions page all privileges were already ticked for my limited user account. What I then did to attempt to solve the problem was to systematically toggle all of the permissions off/on for that user account. When I logged back into my usual account, all of the greyed-out buttons on the Application Rules and Surf Protection were working correctly when no line entry was selected and when one was selected. There was just one inconsistency: when n
  15. Current fully licensed version of Anti-Malware 9.0, all stable updates as of 11AM EST today. Trial version of Online Armor, with a view to buying a license and then updating (free?) to the latest version of Internet Security (is that scenario possible?). Windows 8.1 Pro x64 (Hyper-V enabled), all MS Updates as of today. See attached screenshot: all action buttons are grayed out, even when one list entry is selected. So I can't add or delete files in the list, I can only edit their entries by double clicking on the file path line. What I expect: at all times the Add button should be ena
  • Create New...