GT500

Emsisoft Employee
  • Content count

    6795
  • Joined

  • Last visited

  • Days Won

    174

GT500 last won the day on April 28

GT500 had the most liked content!

Community Reputation

338 Excellent

1 Follower

About GT500

  • Rank
    Emsisoft Support
  • Birthday 22. Oct 1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

40178 profile views
  1. I'm glad to hear that. If you have any further trouble, then please be sure to let us know. @digmor crusher I apologize for hiding your post, but we generally don't want anything political on the forums. Even mentioning them can cause controversy, and we want to try to avoid that if possible (it is a product support forum after all).
  2. Which exclusions did you add it to? The exclusions for scanning, or the exclusions for monitoring?
  3. I would believe he is referring to the following article: http://blog.emsisoft.com/2017/05/18/wannacry-ransomware-interview/ When configured for "Public" mode, EIS will block all requests to ports 137, 138, 139, and 445. These are the Windows Networking ports, with port 445 being the SMB port. Obviously if you connect to the Internet through a router or a modem that has NAT (Network Address Translation) then any attempts to access those ports over the Internet should already be blocked, unless you have forwarded them in your NAT configuration. When a device that has NAT is protecting your network then it is safe to leave your network configured as "Private", unless you feel like you need the extra security and don't mind shutting down all Windows Networking ports (or want to make more advanced rules to allow those ports only for specific IP addresses or IP ranges).
  4. This is expected behavior. The ports for Windows Networking should never be open when connected to a "Public" network (such as through a mobile broadband connection or a public WiFi hotspot), as doing so would be a major security risk. Changing your network to "Private" will reduce the level of security. If you connect to the Internet through a router or a modem that has NAT (Network Address Translation), then there shouldn't be any problem with this, as the router/modem will prevent outside access to sensitive ports (unless they have been forwarded in the NAT configuration). If you connect to the Internet without the protection or a router/modem that has NAT then configuring your network for "Private" would be a major security risk.
  5. It's possible that the file was moved after it was executed, and thus the path that EIS had for it was no longer correct. This would have prevented reading the digital signature, as well as prevented hashing the file to verify its safety with the Anti-Malware Network. This would also explain why there was no information in the alert dialog. The rule would be deleted if the file no longer existed. It's possible that Firefox is moving the file before executing it and then deleting or moving it back when done, or perhaps that there was a failed update attempt and Firefox keeps trying to redownload the file.
  6. They can't simply tell you to allow all UDP traffic. That's ridiculous. They need to specify either the port numbers the software uses, or the port range. Anyway, for the TCP ports, here's how to create a Firewall rule to allow them: Open Emsisoft Internet Security. Click on Protection. Click on Firewall in the menu at the top. Click the Add rule button near the lower-right. Give the rule a name so that it is easy to identify what it does when looking through the list of firewall rules. Make sure the Action is set to 'Allow'. Assuming this is on the computer you are trying to connect to, set Direction to IN. Set Protocol to TCP. Enter your port number in the field for Ports (you can enter multiple port numbers if you separate them with commas, such as 443,5222 for instance). You can set Addresses to All, however this may be a security risk, so I recommend setting it for only specific addresses and then entering the IP address of the computer that is going to be connecting (multiple addresses can be entered if separated by commas). Click OK at the bottom to save your new firewall rule. Click on your new firewall rule in the list to select it. Click the Move up button to move your new firewall rule above the two block rules at the bottom of the list. If the computer that needs to connect is a remote computer (a computer at another location), then you can find the IP address by logging in to that computer and visiting the following link: https://start.duckduckgo.com/?q=IP&ia=answer If you prefer Google, then you can get the same information from them: https://www.google.com/#q=IP If the computer that you will be connecting from is a local computer (on the same network, using the same Internet connection/WiFi/router/etc) then you can find the IP address by holding down the Windows key on your keyboard (the one with the Windows logo on it) and tap the R key to open the Run dialog, type (or copy and paste) the contents of the following box into the field, and then click OK: CMD /K IPCONFIG This will display the network adapter information for the computer you run it on. You'll be looking for your IPv4 Address. There may be more that one network adapter in the list, and ones that are not in use should say "Media disconnected" on the right instead of having network adapter information.
  7. It's more than likely creating a virtual drive of some sort. Possibly to be used as a buffer to save new/edited files to while its protection is running. I don't actually know the inner workings of Shadow Defender, so I can only speculate.
  8. Where did you find a version of our software that runs on Vista? None of the products we currently maintain, support, and offer downloads for on our website will install on Vista, or run on Vista. That's OK. You can get the FRST log whenever you have a chance. There is a definite and confirmed problem with Avast's products and ours. Most systems will be non-functional if there is a copy of Avast's software running on the system. Either the system will simply freeze, or there will be strange error messages whenever you try to open an application. We have the same issue with AVG's software that we have with Avast's software (possibly even worse). As far as I know there have been no changes to this, and a system with both AVG's software and ours shouldn't be working. Was the notice displayed during installation that AVG is not compatible with our software?
  9. We removed the "Full Scan" option a while ago. Now if you want to do the equivalent of a "Full Scan", simply do a "Custom Scan" without changing any of the options. Note however that the "Malware Scan" is recommended in most cases, as scanning every file on the hard drive will not usually detect more malware than the Malware Scan, and if it does then it's just old files on the hard drive that are not part of active infections. I recommend uninstalling the software from Avast before reinstalling Emsisoft Anti-Malware. They don't get along well together. Instructions on how to use the Avast uninstall tool can be found at this link. Please download Emsiclean from this link (be sure to save it on your desktop), and follow the instructions below to get me a log: Run the Emsiclean download that you saved on your desktop. Read the disclaimer. Note that you must agree to it in order to proceed. Once the scan is finished, simply exit Emsiclean, and do not remove anything. A new file will be saved on your desktop with a log of what was detected. Please attach that to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  10. OK. Hopefully we will be able to publish a beta update soon with a fix for this.
  11. There's a known issue with Avast anti-virus software that causes the computer to become essentially non-functional when it is installed alongside our software. If you install Emsisoft Anti-Malware, and an Avast product is detected as being installed, then a warning is supposed to be displayed to let you know about it. Are you able to start your computer in Safe Mode With Networking by following the instructions at this link? If so, then you can uninstall either Avast's software or our software to resolve the issue. Note that Avast has an article on how to use their uninstall tool at this link.
  12. You're welcome.
  13. I noticed the following old driver in the FRST log which can be deleted (it's just a useless file sitting there doing nothing), however I don't expect this leftover driver to be capable of causing any problems: C:\Windows\system32\Drivers\fwndislwf32.sys I think this may have something to do with the problem, however it may simply be another symptom and not the cause: Error: (05/20/2017 10:48:47 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 193 You may also have some Visual C++ related issues, and may want to uninstall all of the versions of Microsoft Visual C++ Redistributable Packages that you have installed, restart your computer, and then grab the latest ones from Microsoft and reinstall them: https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads I'm assuming of course that the above will not resolve the issue you are having with EIS, so I also recommend using Windows Repair (All In One) to run a network repair since there seems to be some sort of network related issues on your computer. You can get the portable version from the following link (note that if EIS is installed then the Behavior Blocker will need to be turned off before running this, as it may attempt to block the repairs, or show a large number of alerts): http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip When running it, there are a number of steps (shown as tabs) that have pre-checks of various sorts. Step #1 is highly recommended by the makers of Windows Repair (All In One), and while I generally consider it optional, note that it isn't a bad idea to do it as it can resolve some rather weird problems. I do recommend running Step #2 just to make sure that there are no problems, however please note that this check (and especially if you choose to do the associated repairs if it finds anything wrong) is rather lengthy. Step #3 is an integrity check of the filesystem (chkdsk), and if you have already done this then feel free to skip it. Step #4 is SFC, and can be skipped. Step #5 is backups, and is highly recommended (at the very least make sure the System Restore is on and create a Restore Point before proceeding to the "Repairs" tab). Once you open the Repairs, make sure that only the following repairs are selected. Also make sure that the option to restart your computer (on the right) is selected. 01 - Reset Registry Permissions 03 - Reset Service Permissions 06 - Repair Windows Firewall 13 - Repair Network 26 - Restore Important Windows Services 27 - Set Windows Services To Default Startup Once you have the above repairs selected, and have made sure that those are the only selected repairs, you may start the repairs (button should be in the lower-right corner). Note that your computer will need restarted after the repairs are completed, so if you didn't select to have Windows Repair (All In One) do that automatically then you can do it yourself once the repairs are complete and you are ready to reboot the system. After all of that, please go ahead and try reinstalling EIS. Here's the download link again, since it's usually faster to download a fresh copy of the installer than wait for all of the updates to download and install: http://dl.emsisoft.com/EmsisoftInternetSecuritySetup.exe
  14. https://www.avast.com/en-us/faq.php?article=AVKB10#artTitle
  15. You're able to reproduce the issue in a VM? If so, can I get a log from FRST from the VM? Here's how to do it: You can download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move the download to your desktop): For 32-bit (x86) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST.exe For 64-bit (x64) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version. Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select Run as administrator). When the tool opens click Yes for the disclaimer in order to continue using FRST. Press the Scan button. When the scan is done, it will save a log as a Text Document named FRST in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there). Please attach the FRST log file to a reply using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls. The first time the FRST tool is run it saves another log (a Text Document named Addition - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply.