Jump to content

Pilis

Member
  • Posts

    129
  • Joined

  • Days Won

    2

Everything posted by Pilis

  1. You could check if the following setting is activated but I'm not sure if it is really needed for scheduled scans:
  2. Quoting the manual: So these files are no longer present on your system but Online Armor still has the rules for them. You can safely delete the rules if you want to.
  3. Awesome! (And finally!) Hopefully this will prevent such issues. Also: THX A LOT for the "Allow once" option when the Surf Protection hits some malicious site. It's so much more convenient when you still want to visit that site (at least once).
  4. As to my understanding you simply build a PE-file with the linker option "/DYNAMICBASE" (and optionally "/HIGHENTROPYVA" for 64-bit files). That's basically it. ASLR has now been "enabled" for that file and Windows knows to load it at a randomized address. I've listed you all of Anti-Malware's PE-files which either have that linker option or don't. I'm not sure what you could "specifically configure" more. The only thing I could think of is using the new Force ASLR feature but that doesn't really make sense since Emsisoft won't just load unknown dlls. Also compatibility. Of course you could use EMET to manually force an executable to use "Mandatory ASLR" (which actually only forces address space randomization on dlls loaded by a process) but I wouldn't recommend that on using it on security software. Better use the supplied list of recommended processes. That way I'm using EMET in combination with Emisoft Anti-Malware since a long time without any issues.
  5. Yep, just found it by myself the very second. Was about to copy-paste it here. The URL is still in my clipboard.
  6. According to Process Explorer and SlopFinder these files have ASLR enabled: BlitzBlank.exe a2acc.dll a2contmenu.dll a2contmenu64.dll a2core32.dll a2core64.dll a2dix86.dll a2engine.dll a2hooks32.dll a2hooks64.dll clean32.dll cleanhlp32.dll evcdiff.dll frme32.dll And those files have not:a2service.exe a2start.exe a2wizard.exe a2cmd.exe a2guard.exe a2HiJackFree.exe a2framework.dll a2mor.dll a2update.dll a2wsc.dll avxdisk.dll bdcore.dll logging.dll quarantine.dll resource.dll a2accx64.sys a2accx86.sys a2ddax64.sys a2ddax86.sys a2dix64.sys a2dix86.sys a2util32.sys a2util64.sys cleanhlp32.sys cleanhlp64.sys I guess the Emsisoft-guys know what they are doing and the most important files which interact with "attacker code" have ASLR enabled. Not sure of the reasons why not also enabling it for the other files though. (Stability? Compatibility?)
  7. Ich könnte dir evtl. mit folgenden zwei Links weiterhelfen: http://www.ipvoid.com/scan/93.114.45.123 http://www.cqcounter.com/rbl_check/?query=93.114.45.123 Letzterer zeigt an, dass die IP wohl doch auf irgendwelchen Blacklists ist/war. Ein paar Dinge, die ich mal kontrollieren würde: - Heißt die Datei wirklich "iexplorer.exe"? Denn die offizielle Internet Explorer Executable heißt "iexplore.exe". Du könntest ja mal abchecken, wo sich die Datei befindet und ob sie von Microsoft digital signiert ist. - Falls es tatsächlich die normale exe ist, vlcht mal die Add-Ons im Internet Explorer überprüfen. Links unten auf "Alle Add-Ons" ändern, alle unklaren Add-Ons deaktivieren (oder aber gleich [sTRG]+[A] und "Alle deaktivieren") und schauen ob das Problem immer noch auftritt.
  8. Das gibt es bereits seit Version 6.5.0.11. Jedoch werden nur alle Warnmeldungen und Pop-Ups unterdrückt; Updates werden trotzdem im Hintergrund getätigt. Auch das ist schon sehr lange Bestandteil von EAM. Es werden neben Keylogger auch einige andere schädliche Verhaltensweisen erkannt und geblockt:
  9. Works for me using Firefox 18.0.1 on Windows 7 x64. Maybe the IE 10 Protected Mode is the issue here. Disable it and try again.
  10. Why do you need Java to watch movies online?
  11. Well, after all it would be interesting to know why Avira still thinks that EAM is installed even though it has been uninstalled. There either must be some leftovers or Avira just remembers it from when EAM was still installed. So maybe you have to tell Avira to scan again for incompatible programs.
  12. Did you reboot twice after you've uninstalled EAM? If that doesn't help I would suggest you to uninstall Avira, reboot, run emsiclean, reinstall Avira and see if the issue remains.
  13. According to KrebsOnSecurity there is an exploit even for the latest released version "1.7.0_11-b21". So actually, none version of Java 6 or 7 is safe to use in a browser environment atm. And if you take into consideration how many Java vulnerabilities we got the last months it's not fatuous to assume there are more around, either hidden in preparation to add to some exploit kit after another Java update or buried in this big mess of code they call Java. So better uninstall Java or disable the browser plugins if you still need to use it locally.
  14. Wow. I'm impressed to see some malware really bypassing Online-Armor. After the fixed OA version is released could you elaborate on the reason why this slipped through OA's defenses? Because of some clever/yet unknown way or because of some wrong implementation/bug by OA? Edit: Found some more info by myself: 1, 2. Looks like OA wasn't the only product which this baddie managed to bypass.
  15. On the "Restricted Ports" tab you can restrict ports globally, for your whole computer. The Ports under "Rules" are to restrict or allow individual programs from connecting to the Internet. So, which protocols which direction and which ports they are allowed to use. You can read more in the https://www.emsisoft.com/en/info/oa/Firewall.shtml'>Online Amor Help.
  16. You can use the cleaner tool to completely remove Emsisoft Anti-Malware. I'm just gonna quote Fabian:
  17. I can't give you detailed advise since that's up to GT500 to decide. But as it looks now the only thing you can do is to provide Emsisoft with more information about your issue. Since they can't reproduce it on their side they need to analyze it on your computer. Meaning: You could either get the needed debug information by yourself (using DebugView to collect the debug information of EAM and Fiddler to collect the network traffic). Mainly this would go like this: Change a setting so that EAM outputs debug information, start DebugView and Fiddler, reproduce your issue, save the data DebugView and Fiddler have collected and send it to Emsisoft. The other possiblity could be to allow Emsisoft to use some remote access tool to analyze the issue on your side and collect the needed information by themselves.
  18. Thanks for the detailed explanation. I was also considering adding Zemana to my security setup. But besides the original poster strictly speaking I was considering http://www.zemana.com/product/antilogger-free/overview/'>Zemana AntiLogger Free since the paid version includes many features which are already covered by Online Armor's HIPS. I thought that the keystroke scrambling of Zemana could help protect me from malware which went through AM+OA's radar. So my question is: In such a scenario do you think a "keystroke scrambling" feature is reasonable to prevent keyloggers from getting the correct credentials? (I know the software is still in beta, but got http://www.zemana.com/WhatsNew.aspx?ProductID=6'>many updates lately.)
  19. Zwecks deinem englischen Satz: Hab eben in die deutsche Sprachdatei auf meiner Platte geschaut ("de-de.lng" im Unterordner "Languages"). Dort ist der Satz bei mir übersetzt. Suche dazu nach "msgNotAllFilesSubmited" (ja, ohne zweites "t"). Sollte zweimal vorhanden sein - der zweite Treffer ist dein genannter Satz. Die letzte Änderung an der deutschen Sprachdatei ist vom 27.09.2012, also schon ne ganze Weile her. Aktiviere mal unter "Einstellungen" --> "Update Einstellungen" den Haken bei "Zusätzliche Sprachen updaten" und führe ein Update durch. Wenn das nicht hilft evtl. mal unter "Einstellungen" --> "Allgemein" die Sprache auf "English" ändern und dann nochmal updaten.
  20. Auch das hier ist nicht mehr wirklich aktuell und könnte ersetzt werden.
  21. Diese Info könnte man ja eig. abpinnen bzw. mit einer News bezüglich dem Release von Version 6 ersetzen.
  22. Das jeweilige Programm beenden. Hierher navigieren: "Firewall" --> "Regeln" --> "Programme" Die jeweilige Datei des Programms, welche blockiert wurde, in der Liste suchen und die Zeile löschen. Das Programm neustarten und Online Armor sollte die Meldung erneut anzeigen. Alternativ die Datei aus der Liste unter dem Haupt-Menüpunkt "Programme" löschen. Damit werden alle gespeicherten Regeln und Verhaltensweisen bezüglich der Datei gelöscht und Online Armor behandelt die Datei wieder als würde es sie nicht kennen.
  23. Rightclick anywhere in the "Programs" list and choose "Add".
×
×
  • Create New...