GT500

Emsisoft Employee
  • Content Count

    13475
  • Joined

  • Days Won

    420

Everything posted by GT500

  1. jade4, did you have a chance to run ComboFix?
  2. OK, the tutorial is not out of date (and should be completely valid). The person who was testing was running EAM on a server edition of Windows. If they want to participate in the referral program, then they should run EAM on a normal installation of Windows XP, Windows Vista, Windows 7, or Windows 8 with the latest Service Packs.
  3. The contents of both folders are somewhat different on all 64-bit editions of Windows. System32 will always contain more files than SysWOW64. Basically, what you are experiencing is an unfortunate side-effect of how 32-bit applications work on 64-bit editions of Windows. Hopefully, in the future, we will be able to offer versions of Online Armor that are compiled as 64-bit executables instead of 32-bit executables.
  4. The tutorial may be out of date. I'll verify if that is the case, and let you know. As for the guy who is having issues, he can contact me (or open a ticket in our Helpdesk) and we can help him set up a proper referral link.
  5. EAM Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch Emsisoft Anti-Malware. Go to Configuration in the menu on the left. Select the Update Settings tab. Click on the Connection settings link in the lower-right corner. Check the box that says Use proxy server. Enter localhost in the Proxy server field, and then enter 8888 in the port field. Click 'OK'. Go back to the Menu on the left, and select Security Status. Click on the Update Now button to start the update (Fiddler must be running when you do this). After the update fails, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Please send the Fiddler log to me in a Private Message (do not post it here).
  6. One of our moderators removed the log from your post and sent it to me in a private message. A quick look at the log shows that it can connect to the update server, but it receives a 504 error when attempting to download the first file, so I will send this information to our server admins and see if they need anything else. Since we are using a CDN (Content Delivery Network) now, we may need to know what IP address the EEK was being redirected to when connecting to the update servers. Scratch all of that for the moment. The proxy information in the log is a bit odd. Do you use a local proxy of some sort, or did you just use a non-standard port number for Fiddler?
  7. Unfortunately when one of our moderators saw your log attached to your post, they removed it and tried to send it to me in a private message, however the log didn't get attached to the message. If you still have the log, then please click on my screen name over to the left of where you're reading this, and send me a message. You can attach the log to the massage.
  8. When you right-click in the Programs list and select 'Add', and then navigate to C:\Windows\System32 Online Armor will show you the contents of C:\Windows\SysWOW64. See the screenshots below from my test environment (Windows 7 x64):
  9. Actually, I said that the documentation implies it, and not that quotes are required. Yes, I was incorrect. I would suggest following the documentation. Using spaces isn't documented, and we cannot guarantee that it will always work as you expect.
  10. Assuming you mean deleting and adding a rule in Online Armor, then no, it shouldn't cause any problems. Have you checked to see if it is showing you only the files/programs in C:\Windows\SysWOW64\drivers, and just saying they are in C:\Windows\System32\drivers?
  11. ¥akuza112, you're a tester, so if you need a license key then let me know.
  12. Looking at this documentation, the examples all have quotes around the paths, and it is specifically mentioned that "Multiple paths have to be delimited by commas". If a comma is being used as a delimiter then it is implied that paths with commas will have issues, and if the examples all show quotes around the paths then that implies that quotes should be used for all paths. Admittedly it isn't plainly stated that you should use quotes for paths, and so I did forward your request on to our management.
  13. When an item in the whitelist is checked, it is ignored by the scanner. I do not recall seeing that in any of the changelogs, so it should not have changed since the previous version. If you don't want a drive scanned, then do a Custom Scan and select which drives to scan. As for excluding a folder, anything in that folder would be excluded.
  14. I would believe that this is the way the command-prompt works, and is not due to a2cmd itself. There are a lot of paths that do not require quotes. Knowing which do and which do not is a matter of knowing the Windows command-prompt. That being said, I can pass on your request for these changes to the documentation, however please note that I cannot make any guarantees that they will be implemented.
  15. Try the copy that's in SysWOW64. I think that's what OA is seeing as being in System32, as that's how WoW64 works.
  16. I just asked Andrey about this, and from what he told me the bandwidth meter is just too complicated for him to explain quickly. I'll try to remember to get you an answer for that question as soon as we can, however it will take a little bit longer than normal, so please try to bear with us.
  17. Lets start with DebugView logs. Obviously we'll need to start by setting a registry entry that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file eam_debug_output.zip contains two batch files. One of the will enable debug mode, and the other will disable it. Please download this file, extract the batch files from it, and run the batch file named eam_enable_debug_output (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator): After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Before running DebugView, you will need to add a process exclusion to Emsisoft Anti-Malware to prevent crashing issues. Here are the instructions: Please go ahead and open Emsisoft Anti-Malware from the icon on the desktop. click on Guard in the menu on the left. Go to the File Guard tab. Click on the Manage whitelist link on the left, just above 'Alerts'. On the left, under where it says Type, click on where it says File and change it to Process. Click in the white space to the right of where you just changed 'File' to 'Process', under where it says Item, and a little button with three dots on it will appear to the right. Click on the button with the three dots. Navigate to the folder where DebugView is saved (this should be on your desktop), select the Dbgview file, and click the Open button in the lower-right. Click OK at the bottom to save the settings, and then close Emsisoft Anti-Malware. Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). After selecting the options in the 'Capture' menu, click on the 'File' menu and select "Log to File As" and create a file on your desktop for it to save the log to. Do whatever it is you need to in order to replicate the issue. After the system freezes, restart your computer (you may need to hold down the power button for about 4 or 5 seconds to shut it down first), and make sure that the log was saved on your desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Send to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply. After that, you can run the eam_disable_debug_output batch file to disable debug mode. Note that your computer will need to be restarted after running the batch file.
  18. Well, uninstalling Online Armor should wipe out all of the information it has stored about EXE's and DLL's, and allow it to rebuild it from scratch after a reinstall. When I said "no way", I meant within Online Armor's UI. One of our employees had noticed some issues with OA displaying incorrect signatures, and was investigating it. I don't have any information beyond that at the moment, however I will let him know that you are having this issue.
  19. Online Armor doesn't support Unicode yet, so this could be why the network connection name looks like that. Can you try renaming it in English (or another language that uses standard Latin characters), and see if the network connection's name appears properly in Online Armor after that?
  20. Unfortunately it is not currently possible to update that information in Online Armor.
  21. In Online Armor Premium there's a button to uninstall the firewall (and a button to install the firewall after it has been uninstalled), however it doesn't not uninstall/reinstall the entire Online Armor program, just the OA Helper Driver that allows for monitoring your network connections.
  22. Technically SetWakeup.bat isn't a program, it's a batch file. Unfortunately, you'll have to manually tell Online Armor that it is safe, since it doesn't really have any way of verifying that a batch file is safe (no digital signature). As for the last screenshot, the 'Status' says 'Allowed'. Try going to 'Programs' and looking for it in the list, click on it to select it, and then click the button to Trust it. Also, I recommend turning off Debug Mode for using Online Armor normally.
  23. If the threat exhibits a behavior that both Emsisoft Anti-Malware and Online Armor monitor, then they should both try to display a notification.