Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. Online Armor isn't supposed to open the main program window on startup. I just wanted to see the loadpoints on your computer to see if there was a startup item that was causing this. The only other course of action to debug this issue would be to get Debug Logs from Online Armor, however if the issue is just a loadpoint on your system them Online Armor's Debug Logs would most likely not contain information about it.
  2. To prevent Online Armor from monitoring a program, you can add the folder it is in to the Exclusions list. Here are instructions: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder you want to add, click on it to highlight it, and then click OK at the bottom. Close the Online Armor window.
  3. I've created a new bug report in our system on this. Hopefully it will get some more attention now.
  4. There have been a number of beta updates to Emsisoft Anti-Malware, and the current beta version is Does the issue still happen with the latest beta installed?
  5. I was also unable to reproduce it with Emsisoft Anti-Malware installed. Do you have beta versions of either Emsisoft Anti-Malware or Online Armor installed?
  6. I haven't been able to replicate any issues with Kedit. Here's what I did to test: I downloaded the Kedit 1.6.1 demo from the following website: I installed Kedit on Windows XP Service Pack 3 (nothing except Windows updates and drivers were installed prior to installing Kedit). I set Windows to always open Text Documents with KEDITW32.exe by right-clicking on a Text Document, selecting Properties, and clicking the button to change what program to open Text Documents with. I double-clicked on a Text Document to verify that it opened it Kedit. I installed Online Armor Premium with default settings, and allowed to to restart the computer when done. I allowed the Learning Mode to finish before I tried to launch any programs. Once Learning Mode was done, I double-clicked on a Text Document to open it in Kedit, and when Online Armor notified me about it I selected to trust KEDITW32.exe and clicked OK. I tried double-clicking on a couple of Text Documents after that, and there were no notifications and no more entries in Online Armor's History regarding Kedit. Please let me know if you had done anything differently. I'm going to restore to my Base snapshot, reinstall Kedit, then install Emsisoft Anti-Malware before installing Online Armor to see if that makes any difference.
  7. No, Online Armor isn't supposed to display its main window on startup. Lets get a log from OTL, and see if it can explain why this is happening. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  8. Can you send me a private message with the link to the webpage where you experienced this?
  9. All customers who have paid Mamutu licenses should have received an e-mail about this on Monday. If you have not received that e-mail, then please let me know, and I will send you a private message with the information.
  10. It looks like Andrey hasn't been able to get a new beta of Online Armor ready yet. Unfortunately we don't have any ETA's (mostly because, in the software industry, you can never meet an ETA and still produce a quality product).
  11. Andrey wants me to do some testing of this, and see if we can determine what's going on. I'll let you know if we find anything.
  12. Open Emsisoft Anti-Malware, go to Guard in the menu on the left, and you can create rules for individual programs on the Application Rules tab. You can also create an exclusion in the Whitelist if you don't want Emsisoft Anti-Malware to monitor a process at all, however please note that the process must be an EXE file in order to be added as a process exclusion. Here's instructions on how to create a process exclusion: Open Emsisoft Anti-Malware from the icon on the desktop. Click Guard in the menu on the left. Go to the File Guard tab. In the lower-left corner, just above Alerts, click on the Manage whitelist link. In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear). Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button. Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it. Repeat the last 3 steps as needed to add each file to the exclusions list. Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.
  13. The ZIP extension is already in the list. The issue is not that the File Guard is incapable of scanning them (it already does this), but rather that unpacking archives in real-time as they are created or modified in order to scan their contents would be a massive drain on system performance. You can also right-click on the file and select to scan it with Emsisoft Anti-Malware, and archives will be unpacked by the on-demand scanner in order to scan the contents, so you can still determine if there are malicious files in a ZIP archive before you open it. I'm sorry, I had thought you were wanting to do a Deep Scan. To scan a single file, that command will work, however note that the /r switch is not needed as it tells the scanner to check the registry and certain places on the hard drive for riskware, and it would not have any effect on what is detected in the file or folder that is being scanned.
  14. The Emergency Kit doesn't really have a scheduler, so if you want to run a weekly scan with it then the easiest way is just to run it manually. The only other way would be to use the Windows Task Scheduler to set up a weekly schedule to run a2cmd.exe, however please note that it would not be able to automatically send the log via e-mail when done, so you would need to use some other software to do that.
  15. Threats are not detected within the page. Blocking occurs when a file is downloaded (such as when it is saved in the browser cache) or when you visit a website that is blocked by our Host Rules. When a website is blocked, you will see a small notification in the lower-right corner of the screen. When a file is blocked, Emsisoft Anti-Malware will open a pop-up and ask you what to do with the file (unless you have altered the settings for the Guard). You would have only received a notification if you had downloaded the or files. While Emsisoft Anti-Malware does scan ZIP archives automatically, it does not unpack them and scan their contents automatically, so if you had downloaded or then you would not have seen a notification. To ensure that files are detected when they are created, please make sure that the File Guard settings look like the screenshot below: I am not aware of any compatibility issues with Kerio's software. Actually, to run a Deep Scan, all you have to do it this: a2cmd.exe /deepA Deep Scan automatically scans all files on all hard drives, so there's no need to specify files or hard drives to scan. Just make sure to run the scan from a Command Prompt that had Administrator rights.
  16. Could you please take a screenshot of what is appearing on startup, and attach that to a reply by using the More Reply Options button to the lower-right of where you type in your reply? Here's a link to instructions on taking a scrrenshot if you need them. Please note that we prefer that you save the screenshot in the PNG (Portable Network Graphics) format.
  17. That folder is not supposed to be there, and could indicate an infection on your computer. Go ahead and follow the instructions at this link as best you can, and then create a new topic in our Help, my PC is infected! section and attach the logs so that one of our malware removal experts can take a look at them. Also, if you are unable to perform any of the steps in the instructions, then please mention that in the new topic you create so that our malware removal experts know that you were not able to get all of the logs that they will want to see.
  18. We'll need a log from the scan to know what file you are having issues with. Here's how you find the scan logs in Emsisoft Anti-Malware 7: Open your My Documents folder. Double-click on the Anti-Malware folder. Double-click on the Reports folder. The scan logs will be in alphabetical order, and the names contain the date and time that the scan was run.
  19. The explanation at that link says "Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS", but I don't see any mention in the article of non-Microsoft applications directly accessing CSRSS. I'll see if Andrey has some more input on this, and we'll go from there.
  20. I've sent an e-mail to our research team asking for information on this.
  21. UAC = User Account Control It's a security feature that was added in Windows Vista and improved in Windows 7 that asks you for permission if you run an application that requires administrative privileges. The feature exists in Windows 8 as well, however I would believe that it works the same way it did in Windows 7 (or at least very similarly to how it did in Windows 7).
  22. We'll need a Fiddler log from the update process to see what might be going wrong. Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch Emsisoft Anti-Malware. Go to Configuration in the menu on the left. Select the Update Settings tab. Click on the Connection settings link in the lower-right corner. Check the box that says Use proxy server. Enter localhost in the Proxy server field, and then enter 8888 in the port field. Click 'OK'. Go back to the Menu on the left, and select Security Status. Click on the Update Now button to start the update (Fiddler must be running when you do this). After the update fails, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Send a private message to me with the Fiddler log attached (please do not post it in a reply to this topic).
  23. Andrey mentioned that it doesn't make sense that kedit should be trying to access csrss.exe (you may have to ask the guys who made kedit why it's doing that). The only recommendation he made was adding exclusions to Online Armor fro kedit, and see if that resolves the issue.