Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by dallas7

  1. The EXE Installer for Plugin-based browsers doesn't care about how Firefox is configured. The best practice tho is to close Firefox before running the Flash installer. Speaking of Run Safer, if you haven't already done so you should set plugin-container.exe to run so as well. I've done that for about two years and no problems with Flash, Java and Silverlight on XP and Win7 systems with Firefox and Pale Moon, portables and setup'd. Cheers.
  2. I submit there may be "something" concerning your servers... for logging since 11/27 I have 26 "Automatic Update failed" in History for my desktop (wired) and 12 on my less-used laptop (WiFi). "Check for updates" is set for every 2 hours. I don't use a proxy. They are a mix of these: Description: OA: Cannot process online updates. Please check the internet connection settings or contact the support., , Connection Closed Gracefully. Description: OA: Cannot process online updates. Please check the internet connection settings or contact the support., , Disconnected. Description: OA: Invalid server response. Please try again in a few minutes or contact the support Description: OA: Cannot process online updates. Please check the internet connection settings or contact the support., , Socket Error # 10054, Connection reset by peer. Description: OA: Cannot process online updates. Please check the internet connection settings or contact the support., , Not Connected There is nothing wrong with my connectivity. In my experience with OA over the years, these are rare - but no longer an anomalies as of these recent events. Considering the nature of OA updates, I don't consider this a critical issue. The "Automatic Update successful" entries far outnumber the fails on both systems. No reply expected.
  3. FWIW: I used that application for some time on my XP laptops and saw Threatfire and AVG's bahavior blocker throw up alerts. I don't recall if it ever tried to connect out or if I blocked such in the firewall. While it may be intrusive, I never found it to be malicious. Just allow/remember all the alerts but block/remember any for connections to the Internet. The latter assuming you have "Intercept loopback interface" not checked in Options > Firewall. When I got a Win7 laptop last year, I went with a Sidebar Gadget instead. I like this Battery Monitor... http://www.julien-manici.com/gadgets/ Julien makes some nice Gadgets. Keyloggers (and other behaviors interpreted to be as such) are a quite common way of "doing things" in Windows that are allowable. I also run Zemana AntiLogger and I had to allow five rules for keylogging in perfectly nice apps - one of which is BullGuard Antivirus. That you acknowledge your "pc knowledge is limited" and with your use of OA and Spy Shelter, you have stumbled upon the Fun! associated with behavior blockers, HIPS and outbound filtered packet firewalls. Good luck with that. Cheers.
  4. Just as a point of information, I set Java as RunSafer in Program Guard, i.e. java.exe, javaw,exe, etc. No problems with Java in the browser or with anything else Java that I run. I also set the firewall so if anything Java attempts an outbound, I allow it for the session only. Or block if I deem it so if necessary. I don't know if RunSafer is available in the free version but I know that the firewall granularity is not. Cheers.
  5. I always welcome the opportunity to respectfully request, as I have on many occasions, that Emsisoft develop an emsiclean.exe-like utility for Online Armor. This looks like one of those opportunities. Cheers.
  6. For reference... http://support.emsis...ons/#entry37480 ...where last year I ran OAP on an XP tower and OA++ on a Win7 laptop. Now I run OAP with Win7 on both a new tower and that laptop. "Set Filter" is even in v6.0 still sub-par in its ability to deal with networking apps. There are definitely more than the 10 apps in there that do connectivity in one way or another on my systems - 49 Programs with 78 Ports rules. The screenshot composite from the tower shows one particularly annoying aspect of this definciency in the app chosen for this example: the email notifier, Pop Peeper. (Set filter on the laptop is equally dysfunctional.) I've been using Pop peeper for years, a dozen or more times a day, and it's never shown up Set Filter. When it's not checking my mail, it sits in the systray; not only is the process always running, it's one of those now rare apps actually showing up under the Task Manager Applications tab. And yet in there and not going away is the portable opera.exe which I ran for maybe 45 minutes about three weeks ago. Oh yeah, Internet Explorer isn't showing up in there either. Yes, Enable logging, All activity is set. The nature of the Logging (All, Default, Success...) under the Standard tab in the Firewall rule editor has no effect on this Set filter issue. This behavior occurs regardless of the AV in use - EAM v6, v7beta, v7, RoboScan, and currently BullGuard. I'd like to see this fixed soon or at least where the user can edit the items that show up in Set filter. And make it sizeable - it is too narrow (I've pointed that out in some other posting here a while back). In Premium, of course. Thank you.
  7. In streamlining a revised backup with verify strategy on my tower, I am in the process of deleting as many of the 1500+ non-English language files as I can identify. Remember the ancient proverb: "The cleanup of a 1000 GB partition begins with the first kilobyte." There are 80 in the Online Armor folder. Can I delete those without having them downloaded again at the next update? Can I otherwise just keep deleting them as needed? (I'd set up a CCleaner custom "include" for that.) BTW, which is the one for English? ENA?? Further, can I delete the Vista folder containing only a v4.0.0.1 OAnet.sys file? The same exact file (I could be wrong) is present in the OA root folder. Finally, there's an a2 folder which is apparently OA++ legacy as evidenced by the ancient T3 and v5 E1 engine dlls and ~20MB of sundry files. I've never run OA++ on this system, so it must have been installed by Can the a2 folder be deleted? Thank you!
  8. I used the BD TL extension in Firefox and Chrome on an XP and Win7 system for almost a year and on another Win7 system for almost two months with no problems running EAM. Those same systems were running OA Premium and OA++ as well for a year with no problems. I continue to run flawlessly a Mozilla 64 bit browser and the BD TL 0.1.28 extension with my current AV and OAP on two Win7x64 systems. Cheers.
  9. You're welcome. But considering that the Netgear works when OA++ isn't running suggests it's a simple configuration issue and you're not going to get much traction in resolving it without being connected to their LAN. In my experience with many consumer grade software firewalls within commercial and public service LANs, it has always been an issue of elevating trust for a computer or gateway, removing a restriction from a port or allowing an ICMP function. Any support personnel properly trained in their LAN build should be able to effect connectivity within a few minutes. IMHO, next week will be a good time to get your daughter's system up and running with Emisoft Anti-Malware and the Windows firewall. Cheers!
  10. "As you can see from the first link, there were indeed whitelist updates on the 27th and 28th so I'm not sure why you didn't receive them." Since it occurred on both my systems here, there is no doubt my cable modem is at fault. I had been viewing http://www.emsisoft....og/antimalware/ which is how I concluded that until the 9/29 whitelist showed up I hadn't received any updates since 9/26. So, thanks for the link to the OA change log; it'll be much handier now that I'm not using EAM. Cheers!
  11. Well, of course updating wasn't turned off. I knew that: the process was returning an up-to-date status. I was specifically referring to the database and components updates. We'd never get v6.0 Final if it was off! Interestingly, a mere couple of hours after posting this up, the 9/29 a2wl.dat file rolled in after not getting the 9/28 and 9/27 ones. Hmmmmmmm...
  12. Check for updates is set for Every hour and Show update notifications; no Beta updates. OAP is v. The last successful Automatic Update here on both my systems was 09/26. "Update now" from System Status reports "Your Online Armor is up to date" as of this posting. This seems to coincide with the release of the v6.0 Beta. Can one assume no more v5.5 updates until v6.0 Final? Considering the extensive involvement of OAP's components overall, dependency on the daily download of the New threat database and Online Armor components isn't paramount - but they're nice to have. Please advise. Thank you.
  13. While you wrap up the info for Andrey, I'm just gonna jump in here with my 2¢ because I've run into a situations like this. Have your daughter open the Programs screen in OA++, select Hide trusted (at the bottom) and make sure there's nothing in there that's associated with the Netgear stuff for that adapter. Allow and Trust them if there are. Then get together with the university support folks again and with OA++ running have them look at the Trusted states of the items under Firewall > Rules > Interfaces and Firewall > Rules > Computers. Have them look at allow and restricted settings in Firewall > ICMP and Firewall > Restricted Ports. I can't make any suggestions on what to tweak as I have no knowledge of their LAN, but if they can't figure out that relatively simple stuff and get that Netgear online, in no way should you let them do anything else to your daughter's computer. But I think you know that already. Otherwise OA++ with Firewall - off (in System Status) should run OK with Windows Firewall which will allow the Antivirus, Web Shield, Program Guard and Anti-Keylogger to continue on. FYI: OA++ supports ceases at the end of the year; no more AV signature or engine or threat data updates. I'm still weeping over that... Good luck.
  14. In the interest of accuracy, I need to report it wasn't the Intel driver; it just exacerbated the issue. I have to conclude EAM v6 & v7b are will not run on this hardware. AMD, South Bridge, or... ?? Maybe time will tell.
  15. That clears up quite a bit. Fortunately I finally identified an Intel service that's been the cause of all the v6 & v7b a2start issues on my new spec built i7/Z77 box. I stopped it about 36 hours ago and there hasn't been a glitch since. Same service is running on my Gateway/Asus i5/HM65 laptop with no issues, but it's an earlier version dating back to last November. I'll have to keep an eye on it when it goes to v7. Sysinternals' Process Monitor was instrumental in getting that nailed down. Cheers.
  16. The v7b a2start.exe is unstable on my system as reported in the Customer Center and emails to [email protected] and [email protected] I have disabled Updates and created to run every 30 minutes a Scheduled Task a2cmd.exe /updatebeta which is documented in /? as "Update Malware signatures (beta)". I found this did a nice job of updating not only the sigs and BDs but the .dat files as well. And I thought this might provide freedom from the hard coded default without notification or user input program update downloads and then alerts for restart/reboot. I decided to run one manually as a2cmd.exe /updatebeta /log=path\name.log at 12:27 PM MST (UTC -7) In the log I found a multitude of lines like this: (Emsisoft URL removed) 7.0 filename.zip Resource Module and descriptors the likes of Main application including scanner and configuration I would attach the file but I haven't fully scrutinized it so don't know how much is specific to my account and system. I have since come to read the on-line docs: "If a2cmd is used as a part of Emsisoft Anti-Malware, only the update function of Emsisoft Anti-Malware should be used." 1) That is confusing; does it mean: a) If EAM is installed, /update (or /updatebeta) is the ONLY a2cmd parameter that should be used or b) if EAM is installed, then only "Update now" in the Security Status UI sould be used? 2) Based on the log above, did I miss a beta update? (An immediate run of "Update now" from Security Status reported as all up-to-date.) 3) Otherwise, does a2cmd.exe /updatebeta update ONLY the signatures and .dat files? 4) Otherwise, if I see in the forum Changelogs a new "Beta updates," can I run an "Update now" from Security Status to apply program updates even though the command line update has been running for a while? 5) Does /log= overwrite or truncate the existing .log file? Thank you!
  17. I need to digress on that. Comparing Malware Domains filters in Adblock Plus and Surf Protection's Hostname lists, they appear to be quite different. I'll be running them both. BTW, ABP protects only the browser it's running in.
  18. Ditto on hackerman1. "Wanting is the root of all needing stuff" - Bob Truman I do believe EAM is the best-there-is and your "all the features you need" evangelicalism is admirable and correct to an extent within a superb "install it and forget it" construct. But for those who want "all the features we want" there is Emsisoft's Online Armor Premium with firewall, HIPS, Banking Mode, RunSafer and so much more. They do have a reason for selling that. Free is A-OK but Premium is a security tweaker's dream come true. I run Malwarebytes Pro for its IP filtering and critically acclaimed Shuriken heuristics engine. And Zemana Anti-Logger for its Anti-SSL Logger technology and their IntelliGuard Cloud system which, if I am not mistaken, is built on SurfRight services. I've been running MBAM and ZAL for about three years and with EAM and OAP since about October, 2011. All that said, if I were forced to pick just one... EAM, of course. Cheers.
  19. @GT500 & Crew I'm sorry I failed to mention I have updates configured daily, every 30 minutes and "Last update" is reporting correctly. I had wanted to create a topic for the no new .sig files, but I thought I should just post in here. Besides, all these seem to be related if xman68 and G-hot have not their updates set to weekly or monthly. ANYHOW... just ten minutes ago 20120905.sig showed up. Cheers!
  20. FWIW: there's a 20120904.sig file in my laptop's OA++ I'm of the opinion that the a2engine sigs aren't updating - if they're supposed to be updating, that is.
  21. My Signatures directory looks like that of Ro-Ma-N's except the latest sig file is 20120903.sig stamped 9/3/2012 2:23 PM MST (UTC -7). I do have an a2vers.dat file dated 9/4 10:40 AM. Since the update to v7beta on 9/3/2012 3:03:11 PM, all updates have been to the BD directory according to Logs:Update. (Except two a2....dat files.) If there have been updates to the .sig files, I haven't been seeing them according to date/time stamps. Or I can't tell as they're not being logged.
  22. It is my understanding according to emails with Support your primary source is the DNS-BH Malware Domain Blocklist and all of them are categorized as "Malware hosts" under the Host Rules tab thus making that the only setting of relevance under the Surf Protection tab. Not that this is a deal breaker; I have for years used DNS-BH in Adblock Plus but I wonder how much of that is devoted to anti-phishing. I run the TrafficLight extension in my browser so I can take advantage of BD's superb feature sets in that arena. It sure would be nice to see it plugged into EAM's Surf Protection. As of July, 2011 Malwarebytes acquired hpHosts which was once used in Emsisoft's Surf Protection. So, in this case, overlap is good as two databases are in use and if both contain WeRphishersOfU.ru, who cares? I have been using EAM and MBAM Pro for the better part of a year and neither one knows of each other's existance - each app is so well behaved it's a joy to behold. However, if you use Adblock Plus in your browser and subscribe to its Malware Domains filter there will most surely be some resources wasted. Cheers.
  23. Well, it looks like my inquiry got burried amongst all that fascinating heavy/light and FP discussion in the EAM v7 Beta new engine topic, so I'll re-post it here. Post #21: "Speaking of Bit Defender, will you be incorporating into Surf Protection their blacklists as currently used, for one, in their TrafficLight browser extension? Or will you continue with the DNS-BH Malware Domain Blocklist? I pray you never return to hpHosts. " It looks like bokkie123 in post #24 also expresses interest in the integration of BD's Web protection as well. And NSG001 agrees with me on hpHosts, post #23, so I think he might be interested, too. Cheers.
  24. Speaking of Bit Defender, will you be incorporating into Surf Protection their blacklists as currently used, for one, in their TrafficLight browser extensions? Or will you continue with the DNS-BH Malware Domain Blocklist? I pray you never return to hpHosts.
  • Create New...