Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by dallas7

  1. It's never been apparent from those MRG tests if those missed by Ikarus T3 (and what will be missed by BD) were caught by a2engine, the Behavior Blocker or Surf Protection - not that it matters in the grand scheme of their tests. But, I've often wondered why you Emsisofters think you need another engine at all. Looking forward to upgrading when the non-beta is released. Cheers.
  2. After this morning's update to from I was prompted to restart EAM and I thought, "How nice. I don't have to reboot." Then for the next two .sig updates I was again prompted to restart EAM for each one. I noticed that both of those were for 20120618.sig which was in the 6.6 update as well. So I decided to (What else?) reboot. I was greeted by an "End Program EAM 6.5" count-down dialogue which returned a "not responding" for which I clicked "end now." Then I watched and did the same exact thing for the "End Program EAM 6.6" and my system rebooted. While poking around in the EAM UI, I got the ubiquitous Emsisoft "the memory could not be written" - this time for a2start.exe. (I should note that in the years since I built this XP system in 2008, Emsisoft software is the ONLY software that evokes a memory fail and a quick Web search will reveal this has been going on for years for lots of users.) I rebooted. As I have previously posted up here, your updater needs to be split into two schemes: one for signatures and one for product where in the latter the user can choose between automatic/background AND notify/manual. In this way there will be some control over your historically dysfunction and flawed product update process which is forced down my throat and I'm so sick and tired of that. Fully aware of the needs to address the masses, I suggest a Configuration : Automatic Updates tab which presents a message like "Everything is updated automatically and we'll popup an announcement when anything of the sort happens." An Advanced Settings option which will change that tab to where SEPARATE signature and engine/product updates can be configured. As of this posting, another en-us.lng and the 20120618.sig have updated without the need for a restart. And no other memory crashes. Hopefully EAM is protecting as it should and will plug along smoothly. Until the next product update, that is... Cheers.
  3. I have been for the better part of a few weeks of troubleshooting not only an increasing and persistent slow Web page loading, but slow Web everything (Thunderbird, Pop Peeper, FTP, app updates...) unique to my WinXP tower. Two other systems on this LAN as well as streaming media to my Smart TV have no speed issues whatsoever. It finally boiled down to OA Premium 1557 and into 1616. I had been noticing the preponderance of these in the firewall log: 01/06/12 10:36:03 UDP ->, (DNS server IP address):53, C:\WINDOWS\system32\svchost.exe(908/0) Passed by rule: "UDP, --> svchost.exe, [53], +(*)" 01/06/12 10:36:07 ICMP -> Destination unreachable(Network unreachable error) (DNS server IP address) Blocked by ICMP rule Allowing the ICMP rule merely changed the log entry from red to green... 01/06/12 10:49:26 ICMP -> Destination unreachable(Network unreachable error) (DNS server IP address) Passed by ICMP rule When I first perceived the slowdown, the destination unreachable entries were few and far between whereas at this point in time they number in the dozens upon dozens. Site like CNN and DrudgeReport which will normally render in the blink of an eye now can take up to a minute and can often stall without completing. When using Pop Peeper to check my four email accounts, the process normally takes about five seconds; with this current OAP issue it's almost two minutes - again with dozens of unreachable entries. I'm going to attempt an un-install and re-install of OAP 1616 later today or over the weekend. I am not looking forward to that tedious and all-too-often dysfunctional process. I hope that will resolve the issue.
  4. Is June 30th, 2012 still the target for OA++ end of signature support? "We guarantee the continued provision of signature updates for Online Armor++ until at least June 30th, 2012." (Reference https://www.online-armor.com/FAQ.php) Thank you.
  5. Prior to the 4/25 update, Mamutu did not alert to restart for updates to a2wl and a2trust. I am merely connecting the dots and consider the "Mamutu needs restarted every night" behavior as a match to the near-daily a2wl update timeline. As for emsiclean, a Help or readme file or Web page with a description and instructions. Your mention of "check all entries in the removal tool" implies your cleaner is somewhat more user involved than those of other developers (i.e. AVG, Malwarebytes). Targeted for one specific application, you run the cleanwhatever.exe and watch helplessly as a bunch of CLI windows or dialogues fly by and your system restarts. I am just curious as to how yours works. Sorry for going off-topic.
  6. FWIW, I have noticed ever since the 4/25 update (a2hooks, a2core, etc.) Mamutu insists upon a restart for every update including the plain old a2wl update. Thankfully it's just an application restart, not a system restart. I'm not concerned as it is for now just a minor annoyance and I soon plan on moving my OA++/Mamutu setup to EAM/OAP. With that in mind, where is there more information about your "new cleaning utility"? Thank you.
  7. The firewall programs/ports listing bugs continues to plague OA++ and OAP on both my systems. I have since my September posting of this thread experienced the consistent failure of plugin-container.exe in several versions of Firefox and the Mozilla-based Pale Moon. I'll create loopback and port 53, 80 and 443 rules for it and the browser and 100% of the time plugin-container.exe will fail to appear under the programs and ports tabs while firefox.exe or palemoon.exe might appear but will eventually vanish. Or not. Further, it is not uncommon for other programs to exhibit the same beahvior. Yesteday I tried Hitman Pro on both my systems creating rules as promted. And on both systems, well, the screenshots from the XP box tells it all. I can assure you I pay strict attention to the checks when I create the rules as this bug has brow beaten me into doing so. I sure wish this would get fixed. http://support.emsisoft.com/topic/6633-vanishing-rules-unacceptable-automatic-decision/page__view__findpost__p__40075
  8. Fixed in version 5.5 Works great now. Thanks!
  9. See the bottom line of my signature for version info. I hadn't been on the Win7 system since posting last night, but just now the update (s) were successful including T3. Thanks.
  10. From the History... Created: 2/15/2012 7:29:31 PM Summary: Virus signatures update failed Description: Failed to update the AV module. Event type: Auto update(11) Event action: None(1) I'm thinking this is a failure to update the T3/E2 engine. Please, how to fix? Thank you.
  11. When I completed the reboot on my Win7 OA++ for 1543 > 1545 I later went to my XP box and it was then I noticed for the first time that since the 5.1 > 5.5 update the day before that system's OAP had been experiencing the OA: Cannot process online updates issue. Installing the 1545 OnlineArmorSetup.exe on top of 1543 didn't resolve it so I did an uninstall, a clean install and restored my settings and all is OK. Will my 1545 OA++ and OAP recognize when the next updated build is available and perform the update through the online update when that time comes? Thank you.
  12. Your conflict with Rubenking is unfortunate for all involved and while sympathetic to that situation it does not dissuade my interest in how EAM6 would fare. Inarguably, the probative value of copying right-now URLs from the malware sites and pasting them into a browser address bar has right-now merit, my reference to monkeys simply pertains to the skill set needed to do so. Enough said.
  13. Thanks again for an honest and detailed response. Interesting about that AV-Test; too bad they couldn't take it out just one more time. I know Neil isn't a testing institute - hence my referral as a "review venue." He is highly regarded in some circles especially if his methods are compared to those used by the yoot toob monkeys. BTW, I'm hoping you'll continue at VB100 (I buy their PDFs). With no respect to their arguable but understandable heavy-handed pass/fail criteria, EAM's detection metrics have historically been outstanding. Those metrics in December's report were impressive, to say the least, disregarding their operational struggles with v6.0.0.42. You've done considerable work since then as evidenced by the Changelogs. I'm looking forward to the next round. Good luck.
  14. Which of those file names is "weird"? svchost.exe is not weird and a simple google would have clarified that for you. But Paint Shop Pro 4, now that's weird. Just to put that in perspective, the latest version is 14 from Corel who bought it in 2004. At least you're not running a version for Windows 3.11. PSP can snag svchost.exe up to six times from my recollections. And you'll note the alert states "...could result in...gaining access to the internet..." Key word, could. And "access to the internet" is subject to interpretation; the internet is not necessarily the World Wide Web which correctly is the Internet. That said, the alert is propper in light of more complicated detail, the bane of HIPS alerts. You already have the tools you need to answer your "could they be malware?" Run scans from AVG and Malwarebytes on the PSP folder. If no red flags from them, allow each pop-up from Online Armor without checking off Remember, Trust, Terminate or whatever and let OA's Oasis component do its job. If PSP opens without further alarms, you should be good to go. Next time you run it, trust the OA pop-ups. Cheers!
  15. Are you sure about that? And isn't Emsisoft a "their clients"? About a month ago I emailed Neil Rubenking at PC Magazine to ask when he might be testing EAM considering he last did so in May, 2010 for where it didn't fare well. He replied, "Emsisoft is unwilling to be tested." I also inquired on Jan. 27 to AV-TEST as to EAM and the reply came in this morning: "Which products are included into the tests depends also from the test option choosen by the supplier. Please consider, that we mainly test security suites and freeware - here mainly the most common products. And, as said, what is requested by vendors." While 5.1 didn't shine in the July/Aug 2011 test, it did great in the 5.1/6.0 composite, Sep/Oct 2011. That 6.0 alone wasn't included in Nov/Dec 2011 is sad. It's not that I need validation of EAM's protection. But it would be nice to see it run neck and neck with the big shots while soundly trouncing all others in these two high profile review venues as it does over at Malware Research Group and Virus Bulletin. IMHO, EAM's absence from AV-Comparatives' Whole Product Dynamic Test is equally distressing for us Emsisoft devotees. Cheers.
  16. The Emsisoft Emergency Kit (EEK) is not "something like on-demand." It is on-demand. Further, EEK doesn't care about licensing. It's a stand-alone application. While it uses the same Ikarus T3 engine used by Emsisoft Anti-Malware (EAM) version 6, EEK uses the version 5 Emsisoft engine.dll and not EAM's latest A2engine.dll. Databases are identical. If you are using EAM, EEK is indeed redundant. While the latter is behind in the Emsisoft engine, it is my understanding on-demand detection is not compramised in any way. Cheers.
  17. This was an exercise in "what if?" A wholesale global block of such a pervasive network was not my goal as it would be as detrimental as blocking Akamai or Amazon servers. I've managed to muzzle some of google's unecessary 1e100 psychosis on my system by some carefully targeted rules in Adblock Plus. But if a reboot or service toggle is necessary to kick start a new Blocked entry in Domains, that needs a redesign. If I have the time, I'll play with another Blocked network and a reboot and post up here. Otherwise the information I presented in #1 above for that instance is clear evidence the issue exists. But as a matter of curiosity: Is there something a little less involved than a system reboot? Like restarting the service (OAsrv.exe)? Cheers.
  18. Thank you! I was sure that was the case but wanted to make sure there was really "no way out." Fortunately, I only use the app for one file and I only occasionally update it. Slightly off topic but worthy of note, there are similar mutlitple interactions with the A program wants to run Pop-ups for the many whatever.tmp files unpacked when a Windows installer (msi) is run. Fortunately again those are becoming a rarity. No reply expected. Cheers.
  19. Thank you. Setting Locknote.exe to Installer did not change the behavior for the STG••.tmp handling I described in my previous posts. I know this deals with two OAP modules (File Shield, Program Guard) and I don't know how that confuses matters nor how this could have been split into two separate threads. Please specify your question to receive further support. I have re-read my postings and I don't know how I could possibly clarify matters with any more exactitude and detail than I already have.
  20. I've been trying to tame google's influence on my surfing especially by limiting the amount of connecticvity to their 1e100 network. However, it's now become so pervasive that on even the most simplest of Web sites, 80-90% of the usual 20-75 outbound port 80 connections go to any of a number of whatever.1e100.net servers. And that's even if one culprit, Safe Browsing, is disabled in Firefox and Chrome. I thought I would see what the results would be if I blocked all connectivity to that network using OAP Domains. Except that OAP isn't blocking it. See the side-by-side screenshot; the window on the left is Sysinternals' TCPView for Firefox port 80 outbounds. Just to be sure, pings to that 1e100 subdomain were successful. This is with Ignore Online Armor Domains List enabled (checked) under the Domains Options tab. This is on my XP box. What is it that I'm missing here? Thank you.
  21. Thomas, no problem on the my TempUser1 variable; it's not something you'd normally see as my XP system is highly configured to my own standards. But I did need to comment on it in my post #1 as it related to the logs entries I pasted there. Yes, the rules I built have ended the popups as reported within this thread. Since I have no intention of de-activating the File Shield under the options tab, I'm not considering it a problem and I'll take a pass on offering up debug logs. Getting back to the Program Guard interplay with the LockNote tmp process, the solution as I see it would be the ability to create a green (Allowed/Trusted/Normal) entry in the Programs list for E:\TempUser1\STG*.tmp. Since the app deletes the tmp file, it ends up as grey (absent) with no way that I know of to edit it. I would like you or other Emsisoft support to advise on the possibility of that being done. Or another solution. Thank you.
  22. Well, as it turns out I've discovered that if I do not Exit Zemana AntiLogger prior to a system restart/shut down, the application error for oasrv.exe is no longer produced. Apparently, an "elegant shutdown/shut down" is now a legacy practice in my computing universe. Happy New Year! Or as my friend says, "Happy Arbitrary Human Singularity in our Space Time Continuum."
  23. For my Win XP Pro SP3 x86 tower, I experience severe slow downs and failures of msi and zip unpacks after I upgraded to MBAM Pro 1.6 from 1.5 when Protection is enabled. I've always had a Folder Category for C:\Program Files\Online Armor but I found it was necessary to add a File Category for C:\Program Files\Online Armor\OAsrv.exe in MBAM's Ignore List. Odd that both Catergory's are needed, but that's how I fixed it. You path and needs might be different. BTW, I've also always had an entry for C:\Program Files\Malwarebytes' Anti-Malware\ in OAP under the Exclusions tab in Options. Cheers.
  24. Hi Thomas. That does work as one might expect. But now there is no protection for anything in which might rear its ugliness in a folder that's a free-for-all vector for everything that's bad. While I could depend on the EAM6, MBAM and Zemana layers to take up the slack, removing OAP's protection from the user's TEMP and TMP store for just one application is undesireable, much more so than a two or three popups. In the meantime so more messing around prompted me to created rules for D:\Folder1\Folder2\* and e:\TEMPUS~1\STG*.tmp and that eliminated the File Shield popups. But this still doesn't explain why File Shield seemingly remains active when Activate File Shield is unchecked. Oh, the joys of 8x3 legacy filenaming. Cheers.
  • Create New...