Jump to content


  • Posts

  • Joined

  • Days Won


Everything posted by Pilis

  1. This came with update 2018.12 and is no phishing but a new browser extension to better prevent phishing: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/ https://help.emsisoft.com/en/1974/emsisoft-browser-security/
  2. Still no bloat I would say. The extension is not 100% needed but "only" recommended for EAM users since it adds to the phishing protection. The existing surf protection based on DNS-requests will still be available. (And of course is still needed to block network requests by malware.) The extension is also only ~90KBs. What would be bloat imho and much more invasive is adding some sort of MITM, deep packet inspection, intercepting SSL-certificates in the browser and stuff.
  3. The blog post is online now: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  4. Yes, it is legit and from Emsisoft. I guess the blog post annoucing the changes with version 2018.12 has been delayed a bit. Here you can read some more information about it: https://malwaretips.com/threads/emsisoft-browser-security.88869/ (Written by Fabian Wosar who is Emsisoft's CTO.)
  5. Just for completeness, not really an issue: There are two other processes which show up as N/A just like the "Memory Compression" process. Registry: Has been introduced with Windows 10 Build 17063 in December last year. So if you have updated to the latest Windows 10 version 1803 (RS4) it will show up in the task-manager. It basically just holds the memory of the registry hives: https://blogs.windows.com/windowsexperience/2017/12/19/announcing-windows-10-insider-preview-build-17063-pc/ (somewhere at the bottom, search for "Registry Process") Secure System: This process only shows up if you enable the Hyper-V feature. It holds the Hyper-V container (VSM). Check here for more infos: https://df-stream.com/2017/08/memory-acquisition-and-virtual-secure/ & https://deploymentresearch.com/Research/Post/490/Enabling-Virtual-Secure-Mode-VSM-in-Windows-10-Enterprise-Build-10130 EDIT: Woops, sorry. Looks like this has been reported already: https://support.emsisoft.com/topic/29477-build-8631-na-entries-in-bb-list/
  6. Still valid with 2017.4.0.7424. (I know it's a very minor issue, just mentioning.)
  7. This is the process which shows the amount of memory which has been compressed through the memory compression feature introduced in Windows 10. Originally this compressed memory (stored in "compression stores") was located in the "System"-process’s working set. With Win 10 1607 (Anniversary Update) this compressed memory has been split up into a separate process called "Memory Compression" to account for the general confusion why the "System"-process has been so "memory-greedy" compared to Win 8.1. This process is hidden in the default Task Manager. But you can for example show it with an elevated PowerShell (Get-Process -Name "Memory Compression") or using Process Explorer: I'm still on 1607 and for me EAM also hides this process in the Behavior Blocker window. Since you are already on 1703 (Creators Update) it looks like there maybe have been some changes to this process and the exception Emsisoft created doesn't work anymore. Since there is no real executable for this process I guess there's no easy way to actually create hashes of it. Which most probably is the reason why the reputation keeps staying on "Verifying...". Cloud lookups won't work if they don't know the hash of the process. Maybe Microsoft has only changed the name? (from "Memory Compression" to "MemCompression" like your screenshots say) Can you show us the output of "Get-Process -Name "Memory Compression"? (or "Get-Process -Name "MemCompression" respectively) It has always been called "MemCompression". Only third-party tools like Process Explorer or Process Hacker have named it "Memory Compression". (Source) So that's not the issue. Still Emsisoft simply needs to hide it again.
  8. The current status from the submission site is: SHA192CBB4204FB774FCC61342DF2FCF7123B53D8BF5 Detection Status: Under investigation Alert Level: File:a2hooks64.dll For me it currently still gets detected. Excluding the file in Windows Defender should help.
  9. My versions are on the left. I do not experience this issue atm. But I also have not yet restarted my computer to enable the new components from the latest EAM update So I guess this incompatibility was introduced with that new version. EDIT: Aaaaaand there we go: http://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-345#post-2561371 As always awesome fast support by the Surfright guys (and Emsisoft of course!).
  10. You have a source for this? Between 43.0 and 43.0.1 I can't find any changes in the pushlog relevant to add-ons.
  11. You could just hover your mouse cursor above the link and (depending on your webbrowser) you should see the URL appearing on the lower/upper left corner. If you're using touch you could touch and hold to see the URL. This version is outdated. Re-download it again from "https://www.emsisoft.com/en/software/antimalware/". The latest version is
  12. Seriously? It's just linking to another thread on this forum. Ok then, here's the suggestion:
  13. Try this suggestion by Christian. Worked for me. I was getting the same messages and was not able to update since the last six hours ("Unknown update error"). After disabling encryption the update went through. Not sure though if these issues are serverside or because of some connection issues on the way to the update server.
  14. Isn't that what this Temp-directory (%USERPROFILE%\AppData\Local\Temp or %TEMP%) is for? A place where third-party programs can store their temporary files. Many many other programs temporarily store some files in there. There are all sorts of log-files getting created during installation or while updating a software. I'm not sure what's the reason to "manage" those files other than regularly deleting the content of that folder (or letting Windows do that job for you). Edit: You were faster, JeremyNicoll.
  15. Yep, you got it fixed. The 30s wait is gone and "a2service.exe" doesn't run into a timeout. Looks like everythings back to normal. (At least over here.) Awesome customer service on a weekend!
  16. @Lode: It's not that difficult actually: Download the Windows Software Development Kit (SDK) (only if you're using Windows 8.1) You need the Windows Performance Tools (WPT) which is part of the SDK, so during the installation only pick this one. (The installation should look mostly like this.) Make sure to reboot afterwards and then use this guide to create a boot trace. Yes, that's a huge post but actually you only need the first few paragraphs: You simply open an elevated command prompt and enter the first command mentioned on that post. This will shutdown and reboot your system. You have to wait for the countdown to finish. Inside the "C:\TEMP" folder you should now find an "etl"-file which you can share with Fabian so he can analyse it.
  17. I have to agree that the update today (getting updated from the last stable to the one released today didn't went as smooth as before: EAM (not EIS as in your reports) updated after I turned the PC on and I saw the message on the lower right. Then I noticed the shield stayed orange so I opened EAM and saw "Surf Protection" and "Behaviour Blocking" being disabled. I tried to re-enable both but that didn't work (the application didn't freeze and was still usable, it simply didn't do anything after clicking). So I thought "Ok, usually EAM needs a reboot if some dll/exe get updated, so let's just try that." But after I clicked on rebooting (through the start menu) nothing happend. "Guess something, maybe EAM, is using up most CPU ressources, let's check task manager." Tried that but the task manager didn't want to come up. Which sort of indicates something's ****** up and blocking up some queue in the system. So I went on and hard reset the system. The next reboot took way longer than usual (about 3min, before it was much faster). Next strange thing: HitmanPro.Alert didn't show up anymore on the systray. Usually it was one of the first icons to appear with EAM usually only appearing about 10s after the taskbar appears. HitmanPro.Alert was still loaded (two processes running and the service started), I also could open the GUI by manually executing "hmpalert.exe" from it's installation directory. The last update of HitmanPro.Alert was on July 7th btw. "So how about another reboot?" Same situation: Slower boot time and the icon of HitmanPro.Alert still won't show up. So I shut down (not reboot) the computer after reading this thread to measure the time it takes to boot. Suddenly the HitmanPro.Alert icon does show up again and the boot time is around 45s (~28s till I see the desktop, including entering the password) with all icons loaded and no more spinning circle-cursor. I can't actually say if the boot time atm is still slower than before the update since I didn't measure the time then. I don't want to pinpoint this issue to HitmanPro.Alert but maybe some changes in the EAM update did introduce incompatibilities with it.
  18. I wasn't really planing to do that test since I don't think hardik587 will provide said instructions or other substantial proof. It was merely an idea to bring this constant back and forth to an end.
  19. hardik587, can you please provide us with instructions on how to see the false-positives on a freshly installed Windows 7 or 8 so everyone can verify it for themselves? By instructions I mean something like this: install Windows 7 or 8 with default settings update Windows through Windows Update restart install and update EAM/EIS restart start a Malware Scan get false-positives To quote yourself:
  20. Have you considered detecting the system disk type and configuring the thread value depending on if it's a hard disc drive or a SSD? For example: fast SSD --> number of threads = number of cores + 3 slow HDD --> number of threads = number of cores - 1 Of course only if the improvements are worth it and consistent. And maybe only for "Quick Scan" and "Malware Scan" which afaik mostly only scan the system partition (at least if you don't move %ProgramFiles%, %AppData%, etc. to other discs).
  21. Actually EAM is an "antivirus"-program as well. Quoting from the FAQ: (Also this blogpost can help you in your decision.) Of course you can use EAM (but not EIS!) alongside another security suite - question is if it's really necessary. I think it should be enough to either use KIS or EAM (or EIS if you really need a personal firewall) but that's for you to decide. As for performance issues: There are no known issues in combination with KIS (afaik) but I would just give it a try. Every system is different and imo it's always better to gain your own experiences. Also it´s recommended to use mutual exclusions so that both programs ignore each others processes. (Here's a tutorial on how-to. It's from an older version of EAM but should be mostly the same.)
  22. Ich nutze Version 10 zwar noch nicht, denke aber, dass das im ersten Bild kein Bug ist. Die einzelnen Striche stehen für die Wochentage. In deinem Fall sind die beiden geplanten Scans "Eigener Scan" und "Smart Scan" so konfiguriert, dass sie jeden Freitag zur angegebenen Uhrzeit starten.
  23. Eben auf die aktualisiert, durchgetestet und es funktioniert wunderbar! Zumindest mit den Google und Microsoft Diensten. Das vereinfacht das Supporten als Familien-Admin ungemein. Möge die Malware kommen! (Oder auch nicht...)
  24. Gibt es mittlerweile Neuigkeiten hierzu? Die meisten Freemail-Anbieter erlauben es ja nicht mehr, sich unverschlüsselt am SMTP-Server anzumelden. Von daher wird es immer schwieriger diese Funktion überhaupt nutzen zu können...
  25. Hallo zusammen, ich habe eben versucht die E-Mail-Benachrichtigungen in EAM zum Laufen zu bekommen, doch es will nicht funktionieren. Ich hab dabei einen Gmail-Account als Absenderadresse und eine E-Mail-Adresse meiner eigenen Domain als Empfängeradresse konfiguriert. Nur um mich im Voraus abzusichern: Ja, der E-Mail Versand klappt per Thunderbird Portable mit genau den angegebenen SMTP-Daten von Google. Und ja, ich kann mich auch mit telnet auf Googles SMTP-Server verbinden. Sollte also ja grundsätzlich klappen. Tut es nur eben leider nicht. Ich hab spaßeshalber mal alle Möglichkeiten durchprobiert (wobei eig nur die fett-markierten wirklich funktionieren sollten): ("Less secure apps" habe ich in meinen Google-Account auch bereits aktiviert, sonst hätte es mit Thunderbird ja auch nicht funktioniert. Warum eine Authentifizierung mit OAuth 2.0 so viel sicherer als IMAP mitsamt SSL/TLS oder STARTTLS sein soll, versteh ich dabei aber nicht so wirklich...) Kann es sein, dass EAM gar keine verschlüsselten Verbindungen zum E-Mail Versand unterstützt? Falls nein, wäre es wirklich höchste Zeit. Daran kommt man heutzutage (sinnvollerweise) nicht mehr wirklich vorbei. (Sollte ja eig nicht allzu aufwendig sein, genügend Libraries gibt es ja: VMime, POCO, cryptlib, Catalyst, libquickmail, ...) EDIT: Ohje... mal Wireshark angeworfen und tatsächlich: Ihr schickt ein "AUTH LOGIN" bevor dem benötigten "STARTTLS". Und die Fehlerbehandlung ist auch nicht wirklich korrekt: Bei "Port 587 mit Authentifizierung" sollte aktuell auch "Must issue a STARTTLS command first." erscheinen. Ob der "Benutzername oder Passwort ungültig." ist kann zu dem Moment ja noch gar nicht überprüft werden.
  • Create New...