GT500

Emsisoft Employee
  • Content count

    6480
  • Joined

  • Last visited

  • Days Won

    148

GT500 last won the day on February 25

GT500 had the most liked content!

Community Reputation

317 Excellent

1 Follower

About GT500

  • Rank
    Emsisoft Support
  • Birthday 22. Oct 1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

System Information

  • Operating System
    Windows 7 x64
  • Anti-Virus Software
    Emsisoft Anti-Malware

Recent Profile Visitors

39431 profile views
  1. That sounds accurate. For untrusted programs, the only thing automatically allowed should be outbound traffic. Yes. Rules are not kept for programs that do not exist. In that scenario the existing rule would be modified to reflect the fact that the program is now "trusted". Fully trusted programs are hidden automatically in the Application Rules list if the option to hide them is enabled. The list is updated on-the-fly, so it always hides applications considered "trusted" when the option is turned on.
  2. I don't see any new debug logs from your e-mail address. The only new e-mails I see from you are the ones related to Cloudbleed (which shouldn't have effected our domains, as it required three options to be on in our Cloudflare configuration to be exploitable, and to my knowledge we did not have all three of those options on for any of our domains). Did you enter a different e-mail address when sending the logs? Or perhaps did you try to send all available logs instead of just the new ones?
  3. OK. Be sure to let us know if you need anything.
  4. You're welcome. Be sure to let us know if you run in to any further trouble.
  5. Did you need assistance with anything?
  6. I apologize for any confusion. I was trying to say "most programmers know ... therefore it is safe for me to say this here. The alerts are vague because many of them are generated by more than one trigger, and we don't want it to be obvious what those triggers are. The two examples you gave were obvious enough to the bad guys that I didn't think there was an issue explaining them here, however many of the others (the ransomware behavioral alerts especially) can not be elaborated on very much. It's just far too likely that someone will bypass them quickly if we give any sort of explanation of what they mean.
  7. You're welcome.
  8. @Fabian Wosar may have to answer at least some of this. He's the real expert on our Behavior Blocker. I'll go ahead and answer what I can. An Application Rule was created for the file. You can check these rules manually by opening EIS and clicking on Protection. That depends on the rule that was created. If the rule allows all behavior, then the program is considered "Trusted", and the Behavior Blocker will automatically allow anything that it does. If the rule was only for certain behavior, then any behavior not explicitly allowed or blocked by the rule will cause EIS to check the safety of the application again. Yes. There are two times when the reputation is checked: When a program exhibits a behavior that the BB monitors for (what I would call a "potentially malicious behavior"), its reputation is checked to verify its safety. When a user opens the Behavior Blocker list in EIS, the reputation of any unknown programs will be checked. If it had been determined to be bad automatically because it exhibited some sort of potentially malicious behavior, then it would have been acted upon automatically. The only reason why it wouldn't have been acted upon automatically in the scenario I just mentioned is if there was a rule explicitly allowing the program.
  9. I'll need some debug logs to report it as a bug, if you feel up to it. Here's how to get them: Open Emsisoft Internet Security from the icon on your desktop. In the 4 little gray boxes at the bottom, move your mouse into the one that says Support, and click anywhere in that gray box. At the bottom, turn on the option that says Enable advanced debug logging. Either click on Overview in the menu at the top, or close the Emsisoft Internet Security window. Reproduce the issue you are having with connecting to your VPN without the custom port rule, and then getting disconnected after a few minutes. Once you have reproduced the issue, open Emsisoft Internet Security again, and click on the gray box for Support again. Click on the button that says Send an email. Select the logs in the left that show today's dates. Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message). If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time). Click on Send now at the bottom once you are ready to send the logs. Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs. Please note that if you have a lot of debugs logs, then you should not send all of them. There is a size limit, and currently there is no error if the message is rejected due to the size being too large. Normally we only need one copy of the 4 or 5 different logs that have been saved after the time you reproduced the issue (the list shows what time each log was saved). Those logs have the following names: Security Center Protection Service Real-Time Protection Firewall Logs database (contains the logs you can view in Emsisoft Internet Security by clicking on Logs at the top of the window).
  10. That is more than likely the case. If it happens again, then let me know, and we can get some debug logs and see if they explain what is going on.
  11. It's possible that it needs to be run a second time to remove everything. Sometimes tools like that aren't able to remove everything the first time, and require a second or even a third run (followed by reboots of course) to finally get everything.
  12. You're welcome.
  13. That might be because some of the McAfee drivers are still present. You may want to run the McAfee Consumer Product Removal Tool to remove any leftovers.
  14. I don't expect that we will be adding HIPS to EIS at any point in the near future. HIPS asks questions it doesn't need to. Our Behavior Blocker provides the same amount of protection against real-world malware as HIPS, but with vastly fewer alerts.