Emsisoft Employee
  • Content count

  • Joined

  • Last visited

  • Days Won


GT500 last won the day on February 27

GT500 had the most liked content!

Community Reputation

319 Excellent

1 Follower

About GT500

  • Rank
    Emsisoft Support
  • Birthday 22. Oct 1984

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

System Information

  • Operating System
    Windows 7 x64
  • Anti-Virus Software
    Emsisoft Anti-Malware

Recent Profile Visitors

39450 profile views
  1. Have you tried the latest beta version? Some people have reported that it resolves this issue. Here's how to try it if you want to: Open Emsisoft Internet Security. Click on Settings in the menu at the top. Click on Updates in the menu at the top. On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list. Click on the Update now button on the right side. This depends on whether or not a scheduled update was missed. If not, then it will wait until the scheduled time to begin updating. If a scheduled update was missed, then it will run that update on startup, however it will not run it right away. It will wait until after you have logged in, and after system resource usage drops to 20% (or lower), or it will wait a maximum of 5 minutes after Emsisoft Internet Security has started during login.
  2. Lets try getting a diagnostic log. You can find the instructions and download at this link. When it's done, it will open a log in Notepad (as explained in the instructions). Please save this log somewhere easy to find, such as on your Desktop or in your Documents folder, and then send it to me in a Private Message so that I can take a look at it. Important: Don't post the log publicly. It contains a copy of your a2settings.ini file, which contains encrypted license information. If someone were to figure out how to break that encryption, then someone else could use your license key.
  3. Looks like it came through a few hours after the last time I checked. I'll get your logs together and forward them to one of our developers.
  4. That is essentially correct. It's an online (or "cloud" if you prefer) database of files with information on whether users allowed or blocked them. When EIS checks for updates, it sends information about files in your Application Rules to our servers to contribute to the Anti-Malware Network database, including whether or not those files/programs are allowed or blocked. If there is a Behavior Blocker alert for a file, and a rule is created for the file based on an option you select in the alert, then that will be sent along with any changes to your Application Rules. Note that you can opt out of sending this information at any time in the Privacy settings in EIS. The Anti-Malware Network is automated. It is also supplemented by information from VirusTotal to help improve accuracy.
  5. The version number is correct. Windows 2000 = Windows NT 5.0 Windows XP = Windows NT 5.1 Windows Vista = Windows NT 6.0 Windows 7 = Windows NT 6.1 This is because they were built from the old Windows NT operating system, which was at version 4 before Windows 2000. Microsoft lists all of the version numbers here. If the hotfix is not applicable, then you may not need it. Chances are you have newer versions of the files that the hotfix modifies, and thus the hotfix no longer applies to your system. In a case like that, you can simply ignore the warning that EIS gives you when installing. The hotfix specifically fixed an issue that can cause a BSoD when using third-party firewalls, although technically Microsoft considered it a fix for the same issue caused by their SQL server software (if I remember right), and thus the hotfix was never distributed through Windows Update as a recommended update. Since you installed all optional updates, you should have an equivalent of this hotfix installed already (more than likely a newer update that modified the same files was installed, and included the fix from the required hotfix). In cases like this, I have not heard reports of BSoD issues after installing EIS.
  6. The rules are that way because the programs were allowed when they performed some sort of behavior that our Behavior Blocker monitors. The firewall settings aren't necessarily changed when behavior is allowed.
  7. I still don't see anything new from your e-mail address. It's possible that the logs are too large, and are being rejected after EIS finishes sending them. You can do the following to send them manually: Hold down the Windows key on your keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and then tap R to open the Run dialog. Type in %AllUsersProfile%\Emsisoft\Logs and click OK to open the folder where the debug logs are saved. While holding down the Ctrl key on your keyboard, select the logs you want to send to us (we'll need copies of at least the firewall and a2service logs from the day you created the debug logs for this issue). Right-click on one of the logs you selected, go to Send to, and select Compressed (zipped) folder. Send me a private message and attach the logs to a reply (do not attach them to a reply to your topic, or post them anywhere else publicly, as the logs have your license key in them).
  8. That sounds accurate. For untrusted programs, the only thing automatically allowed should be outbound traffic. Yes. Rules are not kept for programs that do not exist. In that scenario the existing rule would be modified to reflect the fact that the program is now "trusted". Fully trusted programs are hidden automatically in the Application Rules list if the option to hide them is enabled. The list is updated on-the-fly, so it always hides applications considered "trusted" when the option is turned on.
  9. I don't see any new debug logs from your e-mail address. The only new e-mails I see from you are the ones related to Cloudbleed (which shouldn't have effected our domains, as it required three options to be on in our Cloudflare configuration to be exploitable, and to my knowledge we did not have all three of those options on for any of our domains). Did you enter a different e-mail address when sending the logs? Or perhaps did you try to send all available logs instead of just the new ones?
  10. OK. Be sure to let us know if you need anything.
  11. You're welcome. Be sure to let us know if you run in to any further trouble.
  12. Did you need assistance with anything?
  13. I apologize for any confusion. I was trying to say "most programmers know ... therefore it is safe for me to say this here. The alerts are vague because many of them are generated by more than one trigger, and we don't want it to be obvious what those triggers are. The two examples you gave were obvious enough to the bad guys that I didn't think there was an issue explaining them here, however many of the others (the ransomware behavioral alerts especially) can not be elaborated on very much. It's just far too likely that someone will bypass them quickly if we give any sort of explanation of what they mean.
  14. You're welcome.
  15. @Fabian Wosar may have to answer at least some of this. He's the real expert on our Behavior Blocker. I'll go ahead and answer what I can. An Application Rule was created for the file. You can check these rules manually by opening EIS and clicking on Protection. That depends on the rule that was created. If the rule allows all behavior, then the program is considered "Trusted", and the Behavior Blocker will automatically allow anything that it does. If the rule was only for certain behavior, then any behavior not explicitly allowed or blocked by the rule will cause EIS to check the safety of the application again. Yes. There are two times when the reputation is checked: When a program exhibits a behavior that the BB monitors for (what I would call a "potentially malicious behavior"), its reputation is checked to verify its safety. When a user opens the Behavior Blocker list in EIS, the reputation of any unknown programs will be checked. If it had been determined to be bad automatically because it exhibited some sort of potentially malicious behavior, then it would have been acted upon automatically. The only reason why it wouldn't have been acted upon automatically in the scenario I just mentioned is if there was a rule explicitly allowing the program.