Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by dallas7

  1. On the WinXP system: I use a Steganos LockNote, currently at v.1.0.5, which allows for the creation of a password protected text file that can be saved as a file type that it is not, i.e. SecretWords.dll or GreatApp.exe. Opening a LockNote created file challenges for the password and it then behaves just like Notepad except for the file saving options and the password creation. Locknote.exe is a stand-alone (not installed, "portable") application. I use it for one file that I modify every now and then and I am now at wits end as to how to end OAP's protection. This is what I have to go through everytime I modify and save the LockNote file: Created: 1/2/2012 11:23:00 AM Summary: Program Guard: STG2E5.tmp Description: D:\Folder1\Folder2\testOA.exe -> E:\TempUser1\STG2E5.tmp Event type: Program Guard(9) Event action: Allowed(2) Created: 1/2/2012 11:23:05 AM Summary: File Shield: STG2E5.tmp modify testOA.exe Description: E:\TempUser1\STG2E5.tmp wants to modify file D:\Folder1\Folder2\testOA.exe Event type: Unknown(25) Event action: Allowed(2) Created: 1/2/2012 11:23:15 AM Summary: Program Guard: STG2E5.tmp -> testOA.exe Description: e:\TempUser1\STG2E5.tmp(9948) wants to start D:\Folder1\Folder2\testOA.exe(0) Event type: Program Guard(9) Event action: Allowed(2) Created: 1/2/2012 11:25:50 AM Summary: Program Guard: STG2EB.tmp Description: D:\Folder1\Folder2\testOA.exe -> E:\TempUser1\STG2EB.tmp Event type: Event action: Allowed(2) Created: 1/2/2012 11:25:53 AM Summary: Program Guard: STG2EB.tmp -> testOA.exe Description: E:\TempUser1\STG2EB.tmp wants to modify executable file D:\Folder1\Folder2\testOA.exe Event type: Suspicious file(13) Event action: Allowed(2) Created: 1/2/2012 11:25:58 AM Summary: Program Guard: STG2EB.tmp -> testOA.exe Description: e:\TempUser1\STG2EB.tmp(12124) wants to start D:\Folder1\Folder2\testOA.exe(0) Event type: Program Guard(9) Event action: Allowed(2) E: is the partition I devoted to cache, temporary, log, dump, etc. files; if an app has a setting for that class of file, its output goes into a folder here. E:/TempUser1 is the folder I set for User1's TEMP and TMP variables (System TEMP and TMP go to E:\TEMP). Everytime LockNote saves the testOA.exe file, it uses that STG••.tmp which I have not been able to nail down due to its name-changing beavior. LockNote.exe is in C:/Program Files and Allowed, Trusted and Normal. I don't understand why File Shield remains active even if I uncheck Activate File Shield. I have also built the rule E:\TempUser1\STG*.tmp as shown in the screen shot but it is ineffective even it the E:/* rule doesn't exist. I have had the rules C:\*, D:\*, and E:\* active since about day 7 on this system and this LockNote beahvior is so far the only thing that's ever annoyed it. D:\Folder1\Folder2 is configured as Path to exclude in Options Exclusions. Every time another STG••.tmp is created, Oasis is contacted and the database updated. I've attached a screen shot of the first popup. I greyed out the actual path for the one represented by \Folder1\Folder2 above. Selections of Remember, Trust, Install in any combinations have little effect on subsequent popups and/or behavior. What am I doing wrong? What can I do? Thank you.
  2. http://support.emsisoft.com/topic/6766-inactive-but-license-is-valid/page__view__findpost__p__40634
  3. Ref: http://support.emsisoft.com/topic/6803-activation-problem/page__view__findpost__p__40624 Nice video. I might start doing that, too. Wrapping up screenshots is getting tedious. Here's the workaround suggested by Christian in response to my Support-Ticket: First please check your Windows system date and time settings. If they are ok try this steps. 1. Please open the Anti-Malware mainscreen on your PC, press "Configuration" -> tab "License". Then press "Change License" and select "Freeware Mode". Press "Next". 2. Is the freeware mode working open the Anti-Malware mainscreen on your PC again, press "Configuration" -> tab "License". Then press "Change License" and select "I have a licensekey". Type in your licensekey. Press "Next". Also be sure the Anti-Malware processes a2wizard.exe, a2guard.exe, a2start.exe and a2service.exe are allowed in your firewall to access the internet. This should solve the issue. I'm holding off on the Change License routine as I'm thinking it's some server-side glitch. There was already an a2service rule for port 80 TCP outbound in my OAP rules and so I created one each of the same for the others. I sent an inquiry via my Support-Ticket if any of those process require UDP, other ports or inbound in addtion. Cheers.
  4. This could be related to the issue that's occurred to me twice since I installed EAM6 with a license key on Nov 27. My license is represented in the Customer Center with 336 days remaining as of this posting. I opened a Support-Ticket yesterday: I have 337 days left on my EAM license key. This is the second time I've been annoyed by this "select your preferred license model" behavior. I can't do anything without these windows presenting themselves. If I hit the X, another one will open. If I hit "I have a license key" and Next I get the failed notification. While this is happening a2guard.exe is using 50-70% CPU. The only way to end it is to "Shut down guard" from the tray icon and then "Emsisoft Anti-malware" from the Start menu. I received a reply this morning and it's an unacceptable workaround requiring reverting to Freeware Mode and then re-activating my license key. And while I noted when opening the ticket my firewall is OAP, I was instructed to make sure four EAM executables are allowed access to the Internet. Thank you.
  5. I see where in EAM "Application rules missing bug – fixed." In following up here in my thread, I have been paying close attention and taking meticulous care when "A program wants to use the internet" pops-up. Last week I installed YL Software WinUtilites 10.38 Free on both my systems. In the attached screen shot composite the two foreground clips show the existence of the Program tab WinUtil.exe listing and the corresponding rule under the Port tab. Since then, as the background clips shows, the WinUtil.exe Program tab listing is gone. And it is gone on both my systems- WinXP & Win7. (The Port tab listing still exists.) I now consider this a fully demonstrated and documented bug. For OAP and OA++ I am looking forward to seeing "Application rules missing bug – fixed" in a Emsisoft Online Armor Firewall 5.···· released Changelogs topic. Hopefully the next one. Cheers.
  6. Once again your attention to detail and rapid response to my inquiry is greatly appreciated. You clarification of the "Set [Create Rule] as default for alerts" behavior is most revealing as both the local and online Help describe it as "When this option is activated Emsisoft Anti-Malware creates an associated application rule for every alert." While the GUI "? tip" says "Enables an alert reduction based on technical analysis of suspicious programs." Both the latter are subject to interpretation not really in sync with the actual conduct, IMHO, particularly the first which implies user bypassed background automation. The decision to eliminate this option is a good one. As well as very good to know that "Activate paranoid mode" disables EAM whitelists. I am going to switch to just Community based from my previous intelligent/paranoid setting. 1) Are Alert Setting changes immediate or is a Guard shut down and restart necessary? 2) I know you said "all whitelists" but to make sure... Does that include the whitelists managed by the user under Scan Computer? Thank you!
  7. I see in Guard : Alert Settings where all or any combination of the four settings can be checked or unchecked. 1) Considering Set [Create Rule] is not checked but all three or any two of the others are checked how does that affect alerts? 2) I would assume that unchecking all of them disables alerts completely. Correct? If in that case Set [Create Rule] is checked, what kind of rule would be built? Thank you.
  8. Thank you for the details. I will interpret your reply to mean that Zemana AntiLogger was not one of the products "...focused on improving the compatibility and stability." I have disabled the dump cleanup setting in CCleaner so the next time it happens I should have one of those files for you. (Sorry I didn't think of that earlier.) I'll submit it via the Customer Center. Considering this is an elusive behavior which I can't demonstrate consistently, it is doubtful I can wrap up the requested debug log. As it occurs (so far) only upon restarting I have enacted this workaround: I have disabled Launch Online Armor at next startup joining Malwarebytes and Zemana (which I start manually in that order) and leaving EAM as the only app to startup. Before I do a system or application update/upgrade requiring a restart I will now shut down also OAP with everything else except EAM. If I get the oasrv.exe error, I'll force a reboot and continue and when the update/upgrade/reboot is completed manually start OAP, MBAM and ZAL. Cheers.
  9. Thank you catprincess. I can assure you I'm no stranger to software conflicts but your generalization, as helpful as it is, does not address the specifics of my concern. I'll post it up again, slightly re-worded and hopefully without it being perceived as a "bump" and for all of Emsisoft support to consider. Prior to my decision to choosing OA, I was encouraged by this in your announcement of OA's 5.1 release: "We focused on improving the compatibility and stability of Online Armor in conjunction with products like Google Chrome, Sandboxie, Panda Cloud AV and others." Is or is not Zemana AntiLogger one of those products? Thank you.
  10. Related to that other Application Error post? I'm not sure either. I have no exclusions. Except for that short post-install stage, I immediately changed both my OA environments to Advanced (as well as disabling those automatic firewall settings) and kept them that way. The fact that plugin-container.exe for Firefox is gone on both my OS dissimilar systems is telling to say the least. And I know with certainty they both existed because when I allowed with create at their first instances, I verified their presence and then went in to restrict the rule to port 80. FWIW, as reported by Sysinternal's Process Explorer, I have noticed plugin-container.exe for Firefox runs within DEP (permanent) in both XP and 7. Palemoon does not and its plugin-container.exe Firewall Progams tab listing hasn't gone bye-bye on my Win7 system. I can't say if svchost.exe was ever present under the Firewall Programs tab on the Win7 system. I bought that laptop a few weeks ago and it was while troubleshooting as described in #1 above that I discovered that issue. I'm assuming its other rules (ports 53, 135, etc.) were created during the install discovery. Finding the Automatic decision to block it otherwise thereafter, and for Windows Update no less, is quite disturbing. The only time I notice a rule that's no longer listed under the Programs Tab is when I just happen to notice it's not there anymore. Therefore, I won't know when to reproduce what for submissions of debug logs. Thanks for the Knowledgebase link.
  11. I'm sorry I failed to detail in #1 above: This error shows up every now and then on my XP system during system restarts or when selecting Close and Shutdown Online Armor. It does not occur anytime else. There are no Event Viewer entries, Error or Warning, for any of these occurrences to date. But thanks for asking - there were a boatload of PS/2 i8042prt.sys errors related to the USB mouse I installed two months ago! I should get into that viewer more often. Note that when I evoke a restart, I always do it as known as what is an "elegant" method. I exit all apps (except EAM and OAP) and then manually evoke the restart. I never do it from any post-install/patch/configuration "restart now" dialogue. As such, Zemana or MBAM is not running. Regarding Zemana, Emsisoft is listed as compatible here: http://zemana.com/An...bility.aspx#tab I'm going to open a support ticket over there and find out what if anything they might make of this. Otherwise, prior to my decision to choosing OA, I was encouraged by this in your announcement of OA's 5.1 release: "We focused on improving the compatibility and stability of Online Armor in conjunction with products like Google Chrome, Sandboxie, Panda Cloud AV and others." In light of your recommendation, are you saying that Zemana AntiLogger was not one of those products and is as you say, "...additional security software installed that conflicts with OA"? Thank you.
  12. That's some really good information (most of which could find it's way into the online and local Help). And I'm glad I can set the value to 43200. Thank you
  13. I am beginning to grow weary of the issues I'm dealing with for OA+++ and OAP on both of my systems. This one has been occurring on my XP system. Sometimes I can hit OK three or four times and it'll go away and I can restart OA. Other times it hoses things so bad I have to do a full hard reset. I used my camera to take a shot of my monitor for this occurrence of a total lockup.
  14. Keeping an eye on them: http://support.emsis...matic-decision/
  15. Reference http://support.emsis...s-list-problem/ I'm beginning to think I should just make one "OA Annoyances and Bugs" and just add to it as I go along. • On both systems for OA++ and OAP I have Automatically allow trusted programs to access the internet and Autoconfigure trusted programs unchecked. This was done a few hours AFTER installation prior to which time a bunch of firewall rules were of course created. I was troubleshooting on the Win7 OA++ system why Windows updates had been failing and why I couldn't perform them manually. In checking the logs I noticed there was an "Automatic decision" to block outbounds by svchost.exe to TCP ports 80 and 443! At this point in time I discovered that under the Programs tab, svchost.exe is... gone. Under Ports I manually built a rule for 80 and 443 as seen in the screenshot composite to successfully do a Windows update. I can say with certainty that during the initial post-install discovery, svchost.exe did not go out to 80 or 443 prior to disabling "Automatically allow..." and "Autoconfigure trusted..." I should have received a popup to decide on the connections but instead nothing but a silent block and a broken Windows update. In looking further, I find that the Programs listing "Plugin Container for Firefox" which I know once existed is... gone. Though the one for the Palemoon browser is still there and each has a Rule. Further, in my OAP on WinXP is the very same condition, the Programs listing for Firefox's plugin-container which I know once existed is gone while the Rule exists. (No screenshot; Palemoon not run there.) svchost.exe is still there, though. In recollection, I had twice been troubleshooting connectivity for some other apps where I was perplexed at rules I couldn't find when I knew I had selected "Create rule" and seen them under the Programs tab. I thought, "OK. I'm new at using OA. Must be me." I found myself deleting the apps from Programs to renew the process. Apparently not. What's behind these disappearing Programs listings? Is the absence of an app under tab Programs tab compromising security along with breaking the app's networking? How do I stop that "Automatic decision" from ever happening again?
  16. Close the EAM GUI in case it is open, right click the tray icon and close the Guard, open up the Services view (Start, Run, services.msc) and just restart the Emsisoft Anti-Malware service. FYI for the uninitiated: •"close the Guard" = Shut down Guard •"restart the Emsisoft Anti-Malware service" = In Services, right click Emsisoft Anti-Malware 6.0 - Service and select Stop. Wait. In Services, right click Emsisoft Anti-Malware 6.0 - Service and select Start. Wait. Close the Services window. •And I found that selecting Emsisoft Anti-Malware Guard from the Start menu is necessary final step. EAM should have an easier way to do in the GUI.
  17. I'm trying to understand the purpose of having "Display restart notifications for..." restricted to seconds. Suppose you're not there to see it a notification those few default seconds? The system here running EAM is online 10-12 hours a day and placed in Standby overnight. It is rarely restarted - upgrades, patches, etc. 1) If Restart notifications is unchecked, does the computer restart automatically? (I should hope not.) If not, how does one know the computer restart needs to be done? 2) If Restart notifications is checked and one fails to witness the notification display, how does one know the computer restart needs to be done? 3) If Application restart notifications is checked and one fails to witness the notification display, how does one know the application restart needs to be done? 4) If Application restart notifications is unchecked, is one currently at the workstation presented with a notice that the application restart has begun, is in progress and has completed successfully? If not, how does one know the application restart needs to be done? 5) If Application restart notifications is unchecked, how does one know the application restart was successful? 6) What is the maximum value that can be entered for "Display restart notifications for..."? Is 43200 (12 hours) OK? Or a value that implies "until user acts upon the notification"? Thank you.
  18. My use of persistent stands corrected; I did however understand volatile was the behavior under discussion. I greatly appreciate your taking the time to detail Surf Protection providing me with a much better understanding of its workings. In deference to Emsisoft's unparalleled expertise in other arenas, in the three days I've used EAM6 the level of intrusion merely opening a few online comics just won't do. With respect to Allow which breaks protection or Block which (mostly) breaks page rendering or Alert which is annoying (requiring decisions which may live or die) and with a restart/reboot to test for results... my head hurts. Such is the nature of white and black lists and certainly not unique to Emsisoft's execution. I've concluded the best way for me to manage Surf Protection in my environment is to turn it off and trust File Guard, OAP and the other layers I've implemented. Thank you.
  19. Thank you for the clarification. A persistent cache would explain a lot of my observations and experience. Am I to understand this why there is no change when Surf Protection actions are changed as in my scenario, Alert to Don't Block? That a reboot or an EAM restart is necessary when making those change(s)? Given that a reboot is usually tedious, exactly how does one restart EAM? Is there a simpler alternative like deleting a temp file?
  20. Thank you for confirming my hunch that Surf Protection was strictly a black/whitelist process. This is why I was prompted to ask about it: Please see the attached composite screen shot. The Log:Guard export is a result of a few minutes of visiting five pages at gocomics.com. In the txt file I added the column on the right indicating the Category from the Built in list. (gocomics.com is used for this exercise as their pages are loaded with this easily demonstrated and repeatable behavior.) While exelator.com evoked an Alert according to the Guard:SurfProtection default actions I selected, all the others set for Don't block behave exactly as if set for Alert. Each Alert was kept as Block host, then unchecked Create Rule and clicked OK which is reported as Terminated by user. Note that while Create Rule was not selected, it appears that subsequent events were... Blocked by rule. It would seem to me that "Don't block" is difficult to misinterpret. Before I go and completely disable Surf Protection, is there something so simple that I don't comprehend it (a characteristic human failure I often fall into)? And regarding a Create Rule response to an alert as Allow: if that was done for example to uclick.com, would the rule apply to gocomics.com or for all domains henceforth? (I'm thinking the latter but need confirmation.) Cheers.
  21. Is Surf Protection fully dependent on Host Rules? That is, if all Host Rules were removed, would there be any purpose to Surf Protection? Thank you.
  22. You don't have to sell me on Emsisoft. I vote for them with my PayPal account. As far as OA++, that forum is peppered with my commentary. I believe if it wasn't for me, we users would still be running T3 1.1.103. While it won't be receiving a next gen Ikarus (T4?) or the A2 2.x engines, the current iterations ( and offer superb protection and your dismissal of OA++ is misplaced. IMHO, in doing so you not only dismiss Ikarus but Online-Armor as well. Be reminded that T3 remains validated in EAM6 and unless otherwise discussion is buried in some obscure blog or forum it should remain so well into 2012. True that EAM6 alone offers protection beyond signature scanning but in my own environment I don't want suite-centric behavior blocking or white/black list filtering - of which their efficacy of is off-topic as well as endlessly debated in other venues. A detail I should interject is my choice OA++ (vs OAP & Ashampoo) for the laptop I purchased in October was based on Emsisoft's commitment to current engine support until it (and Internet Security Pack) face retirement and the promised "new common code base" product is released. Further, the new laptop (Win7) doesn't go out online anywhere near as much as this old tower (WinXP) what with social nets, yoot oob, Web mail and, um... forums. B) Your advice to "stick with current OA" is puzzling as it was never a focus in this thread but perhaps you overlooked my profile on the left: I am running paid versions on both my system. I consider my commentary here is exhausted and won't be posting up any more. Thanks again, Lynx (oops, I called you Tester in #3). I look forward to reading all your assistance for us users and your thoughts and opinions in the other threads. Especially when Emsisoft goes beta with their next gen product - I'm sure you'll be a front runner on that.
  23. Thanks Tester. I won a license over at the Raymond.CC forum and while the Softpedia screen shots and Emsisoft's online help were instrumental in my thinking along those lines, I wanted to make sure before I installed EAM that I could fully disable the Behavior Blocker. I was running Ashampoo AntiMalware (currently disabled, not uninstalled) and though it uses the latest T3 engine, the A2 is at v5.0.0.50 which is OK. However my interest is in the new A2 v2.x engine and not the BB. So now I have EAM6 as a trial running with Online Armor Premium, MBAM Pro and Zemana AL. I'm optimistic and will probably activate the license soon. My experience with the EAM/OAP here in this XP system will help me determine if I want to take advantage of Emsisoft's offer of a free switch to the Security Pack from OA++ on my Win7 system. Cheers!
  24. Regarding EAM 6.0.046... Does it make any difference if the Behavior Blocker is de-activated on the Security Status screen or under the Behavior Blocker tab on the Guard screen? Or does doing one do the other? Or do both? Given deactivation of BB: 1) Do Guard : Application Rules become irrelevant? (No monitoring, blocking, allowing, etc.) 2) Do Guard : Alerts settings become irrelevant? (No alerts regarding application behavior.) 3) Do Guard : File Guard alerts remain relevant? (Alerts upon signature detection of malware.) Thank you.
  • Create New...