• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Pilis

  1. Pilis

    Firefox Phishing or not

    This came with update 2018.12 and is no phishing but a new browser extension to better prevent phishing: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/ https://help.emsisoft.com/en/1974/emsisoft-browser-security/
  2. Pilis

    Is this legitimate ?

    Still no bloat I would say. The extension is not 100% needed but "only" recommended for EAM users since it adds to the phishing protection. The existing surf protection based on DNS-requests will still be available. (And of course is still needed to block network requests by malware.) The extension is also only ~90KBs. What would be bloat imho and much more invasive is adding some sort of MITM, deep packet inspection, intercepting SSL-certificates in the browser and stuff.
  3. Pilis


    The blog post is online now: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  4. Pilis

    Is this legitimate ?

    Yes, it is legit and from Emsisoft. I guess the blog post annoucing the changes with version 2018.12 has been delayed a bit. Here you can read some more information about it: https://malwaretips.com/threads/emsisoft-browser-security.88869/ (Written by Fabian Wosar who is Emsisoft's CTO.)
  5. Pilis

    CLOSED Build 8555 BB entry

    Just for completeness, not really an issue: There are two other processes which show up as N/A just like the "Memory Compression" process. Registry: Has been introduced with Windows 10 Build 17063 in December last year. So if you have updated to the latest Windows 10 version 1803 (RS4) it will show up in the task-manager. It basically just holds the memory of the registry hives: https://blogs.windows.com/windowsexperience/2017/12/19/announcing-windows-10-insider-preview-build-17063-pc/ (somewhere at the bottom, search for "Registry Process") Secure System: This process only shows up if you enable the Hyper-V feature. It holds the Hyper-V container (VSM). Check here for more infos: https://df-stream.com/2017/08/memory-acquisition-and-virtual-secure/ & https://deploymentresearch.com/Research/Post/490/Enabling-Virtual-Secure-Mode-VSM-in-Windows-10-Enterprise-Build-10130 EDIT: Woops, sorry. Looks like this has been reported already: https://support.emsisoft.com/topic/29477-build-8631-na-entries-in-bb-list/
  6. Pilis

    CLOSED EAM behaviour blocker verifying

    Still valid with 2017.4.0.7424. (I know it's a very minor issue, just mentioning.)
  7. Pilis

    CLOSED EAM behaviour blocker verifying

    This is the process which shows the amount of memory which has been compressed through the memory compression feature introduced in Windows 10. Originally this compressed memory (stored in "compression stores") was located in the "System"-process’s working set. With Win 10 1607 (Anniversary Update) this compressed memory has been split up into a separate process called "Memory Compression" to account for the general confusion why the "System"-process has been so "memory-greedy" compared to Win 8.1. This process is hidden in the default Task Manager. But you can for example show it with an elevated PowerShell (Get-Process -Name "Memory Compression") or using Process Explorer: I'm still on 1607 and for me EAM also hides this process in the Behavior Blocker window. Since you are already on 1703 (Creators Update) it looks like there maybe have been some changes to this process and the exception Emsisoft created doesn't work anymore. Since there is no real executable for this process I guess there's no easy way to actually create hashes of it. Which most probably is the reason why the reputation keeps staying on "Verifying...". Cloud lookups won't work if they don't know the hash of the process. Maybe Microsoft has only changed the name? (from "Memory Compression" to "MemCompression" like your screenshots say) Can you show us the output of "Get-Process -Name "Memory Compression"? (or "Get-Process -Name "MemCompression" respectively) It has always been called "MemCompression". Only third-party tools like Process Explorer or Process Hacker have named it "Memory Compression". (Source) So that's not the issue. Still Emsisoft simply needs to hide it again.
  8. The current status from the submission site is: SHA192CBB4204FB774FCC61342DF2FCF7123B53D8BF5 Detection Status: Under investigation Alert Level: File:a2hooks64.dll For me it currently still gets detected. Excluding the file in Windows Defender should help.
  9. I know it does not fit the topic of this thread but let's just shamelessly convert this to the "new forum-update" feedback thread. Is there an option anywhere to change the date-format? I really don't like the MM/DD/YY format. DD/MM/YY would be great.
  10. Can you please allow us to change this option? I'm suddenly getting tons of mails about threads I have followed. On all these threads I have explicitly chosen not to get mails but only notifications in the forum. But with the forum-update this changed...
  11. My versions are on the left. I do not experience this issue atm. But I also have not yet restarted my computer to enable the new components from the latest EAM update So I guess this incompatibility was introduced with that new version. EDIT: Aaaaaand there we go: http://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-345#post-2561371 As always awesome fast support by the Surfright guys (and Emsisoft of course!).
  12. You have a source for this? Between 43.0 and 43.0.1 I can't find any changes in the pushlog relevant to add-ons.
  13. Pilis

    Cannot update

    You could just hover your mouse cursor above the link and (depending on your webbrowser) you should see the URL appearing on the lower/upper left corner. If you're using touch you could touch and hold to see the URL. This version is outdated. Re-download it again from "https://www.emsisoft.com/en/software/antimalware/". The latest version is
  14. Pilis

    Cannot update

    Seriously? It's just linking to another thread on this forum. Ok then, here's the suggestion:
  15. Pilis

    Cannot update

    Try this suggestion by Christian. Worked for me. I was getting the same messages and was not able to update since the last six hours ("Unknown update error"). After disabling encryption the update went through. Not sure though if these issues are serverside or because of some connection issues on the way to the update server.
  16. Trying to figure out if this is some sort of bot using procedural generation to create new sentences or just Google Translate mixed with not so excellent English...
  17. Isn't that what this Temp-directory (%USERPROFILE%\AppData\Local\Temp or %TEMP%) is for? A place where third-party programs can store their temporary files. Many many other programs temporarily store some files in there. There are all sorts of log-files getting created during installation or while updating a software. I'm not sure what's the reason to "manage" those files other than regularly deleting the content of that folder (or letting Windows do that job for you). Edit: You were faster, JeremyNicoll.
  18. Yep, you got it fixed. The 30s wait is gone and "a2service.exe" doesn't run into a timeout. Looks like everythings back to normal. (At least over here.) Awesome customer service on a weekend!
  19. @Lode: It's not that difficult actually: Download the Windows Software Development Kit (SDK) (only if you're using Windows 8.1) You need the Windows Performance Tools (WPT) which is part of the SDK, so during the installation only pick this one. (The installation should look mostly like this.) Make sure to reboot afterwards and then use this guide to create a boot trace. Yes, that's a huge post but actually you only need the first few paragraphs: You simply open an elevated command prompt and enter the first command mentioned on that post. This will shutdown and reboot your system. You have to wait for the countdown to finish. Inside the "C:\TEMP" folder you should now find an "etl"-file which you can share with Fabian so he can analyse it.
  20. I have to agree that the update today (getting updated from the last stable to the one released today didn't went as smooth as before: EAM (not EIS as in your reports) updated after I turned the PC on and I saw the message on the lower right. Then I noticed the shield stayed orange so I opened EAM and saw "Surf Protection" and "Behaviour Blocking" being disabled. I tried to re-enable both but that didn't work (the application didn't freeze and was still usable, it simply didn't do anything after clicking). So I thought "Ok, usually EAM needs a reboot if some dll/exe get updated, so let's just try that." But after I clicked on rebooting (through the start menu) nothing happend. "Guess something, maybe EAM, is using up most CPU ressources, let's check task manager." Tried that but the task manager didn't want to come up. Which sort of indicates something's ****** up and blocking up some queue in the system. So I went on and hard reset the system. The next reboot took way longer than usual (about 3min, before it was much faster). Next strange thing: HitmanPro.Alert didn't show up anymore on the systray. Usually it was one of the first icons to appear with EAM usually only appearing about 10s after the taskbar appears. HitmanPro.Alert was still loaded (two processes running and the service started), I also could open the GUI by manually executing "hmpalert.exe" from it's installation directory. The last update of HitmanPro.Alert was on July 7th btw. "So how about another reboot?" Same situation: Slower boot time and the icon of HitmanPro.Alert still won't show up. So I shut down (not reboot) the computer after reading this thread to measure the time it takes to boot. Suddenly the HitmanPro.Alert icon does show up again and the boot time is around 45s (~28s till I see the desktop, including entering the password) with all icons loaded and no more spinning circle-cursor. I can't actually say if the boot time atm is still slower than before the update since I didn't measure the time then. I don't want to pinpoint this issue to HitmanPro.Alert but maybe some changes in the EAM update did introduce incompatibilities with it.
  21. I wasn't really planing to do that test since I don't think hardik587 will provide said instructions or other substantial proof. It was merely an idea to bring this constant back and forth to an end.
  22. hardik587, can you please provide us with instructions on how to see the false-positives on a freshly installed Windows 7 or 8 so everyone can verify it for themselves? By instructions I mean something like this: install Windows 7 or 8 with default settings update Windows through Windows Update restart install and update EAM/EIS restart start a Malware Scan get false-positives To quote yourself:
  23. Pilis

    Number of threads

    Have you considered detecting the system disk type and configuring the thread value depending on if it's a hard disc drive or a SSD? For example: fast SSD --> number of threads = number of cores + 3 slow HDD --> number of threads = number of cores - 1 Of course only if the improvements are worth it and consistent. And maybe only for "Quick Scan" and "Malware Scan" which afaik mostly only scan the system partition (at least if you don't move %ProgramFiles%, %AppData%, etc. to other discs).
  24. Am I the only one getting this Runtime Error on the following page of the re-launched site? http://www.isthisfilesafe.com/company/Microsoft%20Corporation_details.aspx Tried from my mobile network too, same message. A bit strange since the following URLs for example work for me without an issue (also using blank and other special characters): http://www.isthisfilesafe.com/company/@Pekalongan-Community.com_details.aspx http://www.isthisfilesafe.com/company/eTranslator%20Corp_details.aspx http://www.isthisfilesafe.com/company/Destiny%20Media_details.aspx http://www.isthisfilesafe.com/company/iMesh%20Inc_details.aspx http://www.isthisfilesafe.com/company/http://yourfile-downloader.com_details.aspx http://www.isthisfilesafe.com/company/Jared%20Breland%20(Modified%20by%20gora)_details.aspx http://www.isthisfilesafe.com/company/Piriform%20Ltd_details.aspx http://www.isthisfilesafe.com/company/Avanquest%20Software_details.aspx
  25. Aaaaand now it does for me too. Still I guess there were some connectivity issues on Emsisoft's side since the RSS-reader (which is a webservice: inoreader.com) couldn't connect too.