Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. I've sent an e-mail to our research team asking for information on this.
  2. UAC = User Account Control It's a security feature that was added in Windows Vista and improved in Windows 7 that asks you for permission if you run an application that requires administrative privileges. The feature exists in Windows 8 as well, however I would believe that it works the same way it did in Windows 7 (or at least very similarly to how it did in Windows 7).
  3. We'll need a Fiddler log from the update process to see what might be going wrong. Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch Emsisoft Anti-Malware. Go to Configuration in the menu on the left. Select the Update Settings tab. Click on the Connection settings link in the lower-right corner. Check the box that says Use proxy server. Enter localhost in the Proxy server field, and then enter 8888 in the port field. Click 'OK'. Go back to the Menu on the left, and select Security Status. Click on the Update Now button to start the update (Fiddler must be running when you do this). After the update fails, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Send a private message to me with the Fiddler log attached (please do not post it in a reply to this topic).
  4. Andrey mentioned that it doesn't make sense that kedit should be trying to access csrss.exe (you may have to ask the guys who made kedit why it's doing that). The only recommendation he made was adding exclusions to Online Armor fro kedit, and see if that resolves the issue.
  5. OK, I just sent Andrey the links via Skype. He'll take a look at them as soon as he can.
  6. Run Safer lowers the rights of an application to that of a limited user, and so the security advantage is no greater than logging on to your computer as a limited user. The UAC in newer versions of Windows has made the feature less necessary, as applications running under the UAC do not have the rights to change system settings without being given elevated permissions. Technically the technology is not completely obsolete, as Windows XP users do not have as easy of a system for reducing the rights of a running application like users of newer versions of Windows that include the UAC, and some users of newer versions of Windows prefer to completely disable the UAC in order to avoid being presented with that popup asking for permission to elevate the rights of a program that needs administrative rights on the computer. As for Banking Mode, both Online Armor and Emsisoft Anti-Malware contain mechanisms to protect your computer against the types of threats that would pose an issue when you are doing your online banking, so one could argue that Banking Mode is a bit redundant. As for whether or not it is obsolete, I'll have to leave that one to Fabian to answer.
  7. Here's instructions to uninstall ComboFix. Hold down the Windows key on your keyboard (it has the little Windows logo on it, next to the Ctrl key) and press R to open the Run dialog. Type ComboFix /Uninstall in the field (make sure to leave a space just before the /) and then click OK ComboFix should take care of the rest. Everything else you can just delete from your desktop.
  8. I'm glad you were able to find your answer. Please let us know if you have any more questions.
  9. I'm confused. I don't have a private message from you on the 16th of March, the last one I have from you was sent on May 26th and last replied to on May 28th, and I cannot find in my history of sent messages an e-mail to Andrey on March 18th or a message to him over Skype... I find this even more odd since I normally would send the logs before replying and saying that I had sent them... Do you still have a copy of the private message you sent me with the logs? I'll resend them and see if Andrey received them the first time.
  10. Please send me a private message with the license key, and I'll take a look at it in our system.
  11. When a new version of an application is released, then it won't have the same SHA1 hash, and thus would not be recognized as safe. As people allow or block the updated file, that will be reflected on our Cloud system for Mamutu, and once a large enough number of people have selected to either block or allow it, then an automatic decision will be made (unless you tweak to settings in Mamutu to prevent that).
  12. OK, lets get an OTL log and see if there might be something that Online Armor is conflicting with. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  13. According to Microsoft, Event ID 26 happens when "you log off from a server that has Terminal Server enabled in Windows Server 2003 SP1", but I don't think that has anything to do with this. does not appear to have information on that exact error message for that Event ID and Source. As for Event ID 592 with the Source 'security', says that this is just telling you that a process by the name a2guard.exe has been created, and these entires are only logged when the "Audit process tracking" audit policy is set to audit the creation of new processes. So, basically, this is just an informational report and not an error report. Event ID 528 / Source Security is just logging a successful logon, according to The only one you have to worry about is the first one, and I'd only worry about it if it was reproducible (if it isn't reproducible then we can't really debug it). It could have just been an odd fluke of some sort, since I am not aware of errors during updates that happen during startup. One thing you may want to do is check the Include subfolders box for the EAM exclusion in Online Armor. Since the database is stored in a subfolder, that could have had something to do with it.
  14. Please open Online Armor, click on Firewall in the menu on the left, look for chrome.exe on the list and make sure that it is not blocked. After that, click on Programs in the list on the left, and search for chrome.exe in the list. Make sure it is Trusted and Allowed. If you do not see it in the list, then uncheck the box below the list that says Hide trusted.
  15. Lets try this: Hold down the Windows key on your keyboard (the one with the little Windows logo on it, usually between the Ctrl and Alt keys) and tap the R key. Type control netconnections into the field and click OK. Right-click on your network connection (usually "Local Area Connection", unless it's wireless) and select Properties from the list. Make sure that OA Helper Driver is in the list. It will look like this (click on the picture to make it bigger): Let me know if that's there.
  16. That depends on when they can take a look at your logs. Hopefully it will be soon.
  17. Just uninstall it from the Properties of your network connection. When you click on it to highlight it in the list, you can click on the 'Uninstall' button below the list.
  18. I don't know of any reason why you should be concerned about iReboot having Internet access. Exclusions should be perfectly safe for that application, however you can mark it as Allowed and Trusted on the Programs list and Blocked on the Firewall list, which should achieve what you are wanting.
  19. It just means that the program performed a behavior that the Behavior Blocker in Emsisoft Anti-Malware will warn about. If you trust KeyScrambler, then you can allow the behavior that was detected, and you can select to Exclude it from protection in order to prevent it from being monitored again in the future.
  20. Lets try this: Uninstall Online Armor. Restart your computer twice. Look for the Online Armor folder in C:\Proram Files (x86), and delete it if it is there. Reinstall Online Armor while Windows is running in Safe Mode (instructions for starting Windows in Safe Mode are at this link).