• Content Count

  • Joined

  • Last visited

Everything posted by Maniak2000

  1. 1) As I understand, anti-malware network is a reputation \ analysis system that identifies unknown files as safe or not safe, is this correct? 2) If an unknown file is detected by EIS, do I need to send it somewhere, or is it sent automatically? 3) How much time is needed usually \ at most to analyze an unknown file (For example, usually it takes few hours, but rarely takes more then 2 days)?
  2. Why do I have a bunch of programs with "Behaviour Blocker = All allowed, Firewall in = custom, Firewall out = All alllowed" rule set? Are they trusted programs? If so, why are they in the list (aren't they supposed to be hidden from the list)? If they aren't trusted, why "Behaviour Blocker = All allowed" rule is there? It's a bit confusing.
  3. On default settings 1) For unknown programs rule "Behaviour Blocker = custom, Firewall in = custom, Firewall out = All alllowed" is created, and for trusted programs rule "Behaviour Blocker = All alllowed, Firewall in = All alllowed, Firewall out = All alllowed" is created, is that correct? 2) Are application rules self-clean (meaning rule is deleted if the program doesn't exist anymore)? If not, wouldn't large amount of "dead" rules slow things down? 3) If the unknown program is started (and rule for unknown programs is created) but after a while the program is declared safe \ trusted, does the "old" (for unknown programs) rule get replaced by "new" (for trusted programs) one? 4) Is there (or will there be) a way to "re-scan" application rules list in order to hide fully trusted files (that were previously unknown), or is it automatic process?
  4. Yes, most programmers probably know what "Register a debugger in the system" is, but I assume most of your user base are not programmers, and throwing this terminology without some sort of description is confusing. I'm not asking to explain how EXACTLY it works, I understand that detailed explanations will probably help malware creators, but I ask you to provide some sort of info on these alerts. I mean these descriptions you gave me are pretty good, at least now I have a general idea of what these 2 alerts mean, why not include descriptions like that in the program? If they're too big for an alert window, why not use "learn more" link that goes to a section in help file or your site explaining the alert?
  5. Can I use ip and \ or port ranges in firewall \ application rules? If yes, how exactly? Will this work: ip - and port 12547 - 12560? If no, will this feature be added?
  6. As to not create another topic, I'll ask here. What behavior alerts mean exactly? I mean some of them pretty self explanitory, like "Backdoor related activity", "Spyware related activity", others not so much like "Access disk seсtors directly" "Register a debugger in the system". I mean if I get an alert "Access disk seсtors directly" what should I do? Do programs usually do that? or Not? Also some alerts are yellow and some red, I assume red ones are almost certainly malware, while yellow ones might be ok? Is there a detailed explanation of these alerts somewhere? I think you might want to add some more info to alerts, for example: "Access disk seсtors directly" Most programs don't require direct sector access, unless this is specialized program, it is advised to block this action. or something.
  7. Hello, I'm currently using trial version of Emsisoft internet security, and I'm liking it so far, but I would like some help with behavior blocker, and I also have some questions. So, I have this game on steam (actually it's more like 3 games in 1) and it uses launcher to let people choose which part to start. When I select any part, behavior blocker comes up with an alert "Program is attempting to manipulate another process" (red). Now since it is legit steam game, I select "Allow always", but this raises several questions \ possible suggestions. 1) Alert window (more info) says "Anti Malware Network status: Unknown", so how do I send the file for analysis? Or is it automatic? Also, how long does the analysis usually take? 2) Alert gives you an option to allow behavior one, allow it always, close the program or quarantine it. But what about block behavior once \ always, but continue executing (maybe suggestion to add these options)? 3) Alert window (more detail) gives tons of info about source (launcher, in this case), but not about the target (in this case, what process is it trying to manipulate), why? I think it would be better to provide info about the target of the action (if possible), since it may make it easier to decide if this behavior malicious or not.
  8. Hello. I would like to get a bit more details about some alerts mamutu shows, can it be done? For example: Application is trying to inject code to other applications - What other application(s) exactly (path)? Program is editing (patching) other executable files - (again) what other executables exactly? Program is installing something invisibly - what exactly is it installing? (list of files?) Installation of services and drives - What services \ drivers are being installed exactly? Mofifying startup areas - What start-up area is being modified and what entry exactly is being added? Changing hosts file - what entries are being added \ deleted? Browser setting changes - what setting(s) are being changed exactly? System's group policy changes - what group policy exacly is being changed? to what (on \ off) ? Application is trying to silently send something to the internet - on what adress, port? This additional info can be added to "Details" tab and I think can help some people differentiate dangerous programs from just suspicious (for mamutu).