Jump to content

Insert Real Name

  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Insert Real Name

  1. O.K., thanks very much for the explanations. I had set the Behaviour Blocker to auto-resolve, since I could always click on the toaster alert to allow/deny the Behaviour Blocker's decision, but the full Behaviour Blocker alert gives more information and more choices. I've noticed that EAM classifies some programs using the Windows 7 standard file chooser dialogs (e.g. the latest version of DVDStyler) to be "Code Injectors". No doubt these programs may be doing that (perhaps the Windows API they use to handle file chooser dialogs are the origin), but an indication of their code injecting t
  2. Is there any setting that adds the actual type of suspicious behaviour (e.g. "Code Inject" or "Direct Disk Access") in nice *black* *capitals* (not trendy grey, please!) to the toaster notification produced by the Behaviour Blocker? Often there are programs that legitimately use e.g. direct disk access to check licensing, etc., and knowing the exact type of behaviour detected will help in accepting it or blocking it immediately. Also, should those legitimate program executable behaviours be reported as a false postive, or does the false positive classification not apply to behaviour
  3. Quite true! I only used the full HPhosts list because I did not want to do the necessary work to collate narrowly focused lists that just focus on tracking/advertising domains, in addition to the malware domains list already used and updated in EAM. As you say, there are a lot of dead or completely obscure malware domains on that list, and in any case, blocking tracking/advertising domains is not part of EAM's function and too easily disables legitimate websites. Now I'm (mis)using the 2 lists at https://github.com/notracking/hosts-blocklists They are meant to be used with the Unix DNSmas
  4. Does one need to disable Powershell completely? And is this even desirable or possible on Windows versions greater than 7? On my Windows 7 machine, I started a Powershell console w/administrative privileges and ran Set-Execution-Policy -Scope LocalMachine Restricted which disables running PowerShell scripts execution in any context. Individual Powershell commands are still allowed, of course, so Powershell-powered malware hasn't been entirely neutered, but this is a significant protection I think.
  5. Ask your developers to experiment if there's some way for the host rules to be proccessed into a highly efficient in-memory search data structure for the host matching functions of a2service.exe and, at the same time, be directly shared with the UI process and efficiently traversed to build thehost list and search it.
  6. Thank you. Maybe black text on an *off-white* background will look less bare than just black/white and keep a certain trendy appearance...
  7. Sorry for the delay in timing the appearance of the normal bar cursor in the search field of the Surf Protection panel when started from "Host rules" in EAM's taskbar menu. With the 850,000 hosts added by the files described above in the EAM hosts list (no way of finding out how many duplicated the built-in list), it takes roughly ~40 sec for the hour-glass cursor to disappear and the text bar cursor to start blinking normally; each character typed takes roughly ~5 sec to appear while the list of hosts below the search field is sorted to include just the characters typed. Subsequent
  8. I'm rather tired of programs with a UI that uses grey text on white/black blackground, or unsaturated colors generally. Black text on white/near-white background is so much easier to read, especially is the text size in small. Can EAM offer the choice of such a high(er) contrast UI? Shouldn't that huge an amount of programming, surely...
  9. I use EAM Surf Protection's Host File Import feature to load the malware hosts list at http://hosts-file.net/?s=Download and the updates at http://hosts-file.net/hphosts-partial.asp These comprise roughly >800,000 host names, and EAM does actually load them without too great a delay. And if I choose randomly a few hosts in that huge list that are not already in the built-in list, EAM does intercept the DNS query and neutralize it. However, when I use the shortcut "Host rules" in EAM's taskbar menu, the EAM Hosts rules window is extremely slow in opening, and visible feedback in typing
  10. Just a piece of personal opinion re. browser ad-blockers: if you are using Firefox, the combination of Ad-Block Plus and RequestPolicy extensions is pretty good. I don't like the distracting intrusive advertising/social-buttons most major websites use now (quite apart from their tracking behaviour), and Ad-Block Plus removes most of them (and the custom blocker dialog called by Ctrl-Shift-F3 can get rid of the rest). The down-side of Ad-Block Plus is that there are literally hundreds of ad-blocking rules, and determining which ones are "breaking" the current page (to create an exception in the
  11. Fabian, I'm wondering if you could provide a short non-technical summary for those of us running OA (in standard mode) + EAM 9 on Windows 8.1 x64 (with all the OS standard protections, e.g. NX, enabled) of which EMET 5.0 mitigations are *actually* going to increase protection against threats that somehow get around OA+EAM and a cautious Internet user? I understand that some of the ROP protections EMET provides are already broken by the more advanced 32/64-bit executable threats, you probably know more about that...
  12. O.K., as an experiment I uninstalled Anti-Malware and installed the latest Internet Security. Some observations: I do all my installations while logged on my regular unprivileged account and assume (unless nothing works) that the installer will ask for elevation at the appropriate point(s) in the process. Once I rebooted my computer after the installation and logged on to my regular account, Internet security had already created a couple of Application Rules, but the issue was the same as my original post: selected rules cannot be edited, nor is the "Add new rule" button activated. (An
  13. No, this is a stand-alone PC. (Sorry for the delay in reply, but I was out of Internet communication.)
  14. I logged out of my usual account (limited user) and logged on an Administrative User (I always work in a limited regular user account) and on the Permissions page all privileges were already ticked for my limited user account. What I then did to attempt to solve the problem was to systematically toggle all of the permissions off/on for that user account. When I logged back into my usual account, all of the greyed-out buttons on the Application Rules and Surf Protection were working correctly when no line entry was selected and when one was selected. There was just one inconsistency: when n
  15. Current fully licensed version of Anti-Malware 9.0, all stable updates as of 11AM EST today. Trial version of Online Armor, with a view to buying a license and then updating (free?) to the latest version of Internet Security (is that scenario possible?). Windows 8.1 Pro x64 (Hyper-V enabled), all MS Updates as of today. See attached screenshot: all action buttons are grayed out, even when one list entry is selected. So I can't add or delete files in the list, I can only edit their entries by double clicking on the file path line. What I expect: at all times the Add button should be ena
  16. Thanks for the answer re. Microsoft EMET. EMET was something I was using with Microsoft's MSE before I switched to Anti-Malware (MSE's detection rates have really gone down in the last two years), so I just wanted to know how many protections they had in common, based on Microsoft's published documentation, and if they would tangle each other up... Maybe I'll try a test.
  17. I'd like Emsisoft tech support to also address the related question of the compatibility of running Microsoft's "Enhanced Mitigation Experience Toolkit 4.1" with Emsisoft's Anti-Malware. This Microsoft software allows the user to opt-in potentially exploitable software (e.g. that access the Internet) to an extended range of enhanced anti-malware protections (ASLR, DEP, heap spray, anti-detours, etc.) and it does this by injecting itself into the running programs and by monitoring and limiting the hooking of system APIs. I'd be really happy if the Emsisoft developers would take some time t
  18. Do EAM's Internet protections fully cover IPv6 traffic of Internet browsers and other Internet connected programs on the PC? I'm assuming that a packet filtering setup would capture it all, no matter what kind of Internet addressing is used--is this correct? I'm a former Online-Armor (OA) customer who stopped using it when my ISP upgraded to dual-stack IPv4/IPv6 Internet service (OA dosen't handle IPv6). As things stand now, I connect to many web sites via IPv6, some 100% (e.g. many Google domains). The IPv6 peering of my ISP doesn't seem any slower than their IPv4 peering. Now I'm thi
  19. That's what I do, but the Google Boys are always changing their installers, so OA quite rightly wants your permission before they run. (In fact, Google installs a large number of updating software: in my case, with Google Earth and Google Talk installed, two Google Update services are running, as well as a couple of start-up and login items. It's like a California style beach party: you invite a few Google programs, and they bring all their friends with them.) My solution to this would be to be able to designate (in OA's "Advanced" mode) certain code-signing certificates as "Trusted", in the
  20. Emsisoft asked me earlier this week in reply to my bug report, to install the latest bug fix beta (, and the Banking Mode embedded learning browser now works correctly with MS IE9. Problem solved!
  21. Emsisoft acquired TallEmu's "Online Armor" product line, in which OA++ was the product that offered anti-virus protection, initially provided by the Kaspersky AV engine, and then--when Kaspersky discontinued that line of AV services--by the combined Emsisoft/Ikarus AV engine. Sorting out features in acquired products is always a bit difficult: long-time customers of the acquired products don't necessarily want to be forced to move to an improved united product line. My renewal of OA++ is coming up in a few months time, and certainly I'll be evaluating if the OA+EAM combo offers anything that
  22. Thank you for looking into it! I've checked the learn function several times (and just a moment ago before making this note), and while in basic or advanced mode, the embedded "learn" browser does not add domain names to the trusted category in the domains list. Like most serious banks today, the bank domain I added to the protected category immediately redirects from htrtp://www.bank.com to https://www.bank.com and fetches all page text, images and other media from HTTPS sources, no mixed secure/insecure pages. I'm referring Emsisoft Support to this forum thread in my bug report.
  23. Yes, this Banking Mode permitted sites learning process did work correctly on IE8 (which is the version installed by default on Windows 7), but no longer worked when I installed IE9. I'm not reverting to IE8, however: I find the combination of the Windows RSS platform (where RSS subscriptions are downloaded automatically by background threads) and IE9's new Tracking Protection Lists & per-site ActiveX permissions very useful as a simple and functional RSS reader, even if I do most web browsing in Firefox by default.
  24. Firefox is my default browser, and OA++ is my only security software installed. I always am using a "limited" regular Windows user account. The problem occurs while in "basic" or "advanced" mode, when I use the embedded IE9 browser in OA++'s learning process that monitors which websites should be added to the "Trusted" category when browsing a "protected" website, in preparation for a future use of "banking" mode on the protected website.
  25. Hello, Long-time user of OA++ (now at ver. on Windows 7 Ult. x64 SP1). Used to use Banking Mode with MS IE 7/8, which I configured using the usual procedure of using the "Learn" context menu point that invokes an embedded browser on the bank website listed as "protected" on the Domains page while still in Basic/Advanced mode. Trusted websites were automatically added. Using Learning with IE 9 (Release version) fails to add any websites to the Domains list, hence Banking Mocde no longer can be configured (it still blocks net connections very thoroughly, though). Is this a known bu
  • Create New...