Jump to content

Eddie

Member
  • Posts

    33
  • Joined

  • Last visited

Everything posted by Eddie

  1. Received an email alert earlier this morning stating: When I checked with the user, he said that he downlodaded a driver from the Dell Site and saved it on a stick, but has not yet run it. Looking at the info in the cloud console under details I am getting this: Looking at the log file on the pc in question is says: There are two things not clear to me: a) Detection - what has happened subsequent to the detection - the file is not quarantined and I believe it was allowed to run as it has been saved to the stick. So what did the behaviour blocker actually do? b) why are timestamps inconsistent? the email alert I received came through almost immediately but the time listed in the timestamp is way out. Is this based on a server setting in Germany? cheers Eddie
  2. Jeremy, I am not sure what you mean by forensic log. Using the cloud console I can access the log for the individual user and the audit log for the workgroup. In the audit log I see any changes made to policies or settings for any of the pc in the group. If I access the individual pc via the console, I can see a log and that shows me updates either scheduled or core and clicking on any of these, I get a bit more information but certainly less than you do. I have not found a way to see more. If I access the pc locally, then I get something more detailed. The isssue is that for a cloud console the assumption would be that you are not necessarily on site to check this locally and in my case I only access the site once a week with only one pc running in my own office. It does seem however that the original issue with the updates has been solved by changing the settings. Cheers Eddie
  3. Thanks guys, as I mentioned from the beginning, I needed clarification and assumed that my settings were not quite right. Jeremy, when I quoted the error I did this from the top of my mind, looking up the error message via details it does say "Task run skipped" - nothing more. So based on the info above, I think I will not use Silent Mode in the future but try to change the relevant group to "No Access" as Frank suggests or try to use the notifications settings only. Frank, I will change the group settings as suggested and see what happens then. As for EEC and Cloud Console I mentioned EEC as this was the header for the forum and I thought most appropriate forum to ask for help. I am using the cloud console
  4. Jeremy, at present my main issue is that while most pc update every hour, some don't do any updates unless I manually force this via the console. Looking at the logs is just states "skipped" and I am not sure what is causing this. Nobody is gaming on these or generally speaking needs full -screen mode, so I am not sure if silent mode is applicable or not. However compared to other AV solutions, I find ES quite noisy with frequent notifications. I would like to suppress most if not all of them for the staff. If something serious is going on, I am getting an alert and can take action, most staff would not know how to respond anyway. As for restarts being necessary, the next pc reboot will take care of that and I don't remember this being a frequent issue.
  5. Hi, could someone please explain how to use Silent Mode? We are running EEC in our call centre and I would like to have this run in the background without popups, alerts and news distracting the staff or calling me on how to respond. I assumed this is what Silent Mode is for but I also see reference to gaming, so I am confused. The problem is that some pc don't seem to update every hour as expected. I notice this in the console and when accessing these and doing manual updates, it works fine. I have found some reference to Silent Mode being the culprit but that was late last year and supposedly was fixed? I am also confused on whether the setup on an individual pc with silent mode being off is relevant if this pc being part of a group has silent mode configured as ON under the group settings. At the moment some pc require manual help to update whereas the bulk do their job fine and I cannot work out the reason.
  6. I also noticed that the update seems inconsistent - I have set up two devices as relay stations but looking at the cloud console I cannot work out under which conditions the workspaces call either the relay station or the cloud to update their definitions. Even though the stations are active/live during the same hours, some have last updated 14 hours ago, some 15 hours, some 21 hours. How often do they normally try to update? Also interesting to see that one workspace that is actually set up as relay station and is on all the time updated only 1 day ago and I think at that time I forced the update manually.
  7. Just trying to find my way in the cloud console and while most of it is intuitive, there are some areas where a bit more info would be helpful. The helpfile seems to be quite generic and does not address all options, how does the password feature under policy settings interact with the permissions settings. I set permissions as to users via permissions settings - do I still need to set a password to prevent normal/inexperienced users to make changes to the settings or this covered by read-only in permissions settings ?
  8. Just installed EEC on 12 clients so far and noted that one client drops off frequently and is shown as offline. It seems on the pc protection is shown but from the cloud console I cannot scan or feel protected. I assume the status should remain protected even if the pc has windows log screen and should be available for scanning ? Under what conditions will I not be able to access the work space other than the pc is turned off? Cheers
  9. GT, thanks for that. I am sure we will be allright and there is no need to go through support in this case. I will have a look at the options to set up additional users with their own log in - it will only be two, so either way I can live with it. Just wondered about google authenticator - I was initially sceptical about that but now find it very easy to use and so far very reliable.
  10. Just a follow up - we are in the process of installing the cloud console and there will be more than one person accessing the details. I like 2FA but if this is via email it assumes that everyone has access to that email account. At the moment I would have to ask my colleague to call me and to provide the code to him over the phone. Is there any option to use google authenticator instead of email? I also can't see where I could potentially turn off the feature. Cheers
  11. I just got a new android tablet and would like to put Emsisoft on this - I do have a spare license from my pc (Emsisoft Anti-Malware). Are they transferable or do I need to purchase a new license for mobile/tablets?
  12. Jeremy, thank you. I upgraded the tablet ( which had been stored away and not used for a while) from V 8 to now 10 Home Version 1809, OS Build 17763.316. I used the MS download tool and chose the upgrade option. The only AV on the system prior to me installing emsisoft was the default MS option. I think nowadays it's called Windows Security/ Windows Defender. As for Emsisoft, it is installed, I can run scans manually but it seems prevented from running as the first line of defence. At the moment I am relying on Windows Defender to catch any nasties.
  13. Earlier today I upgraded a tablet from Win 8 to Win 10 and once done wanted to install Emsisoft. The installation seemed to go fine, the program is running but I am getting errors from Windows notification centre that both AV are off and I seem to be unable to turn on Emsisoft. If I click the turn on button in windows securities, Emsisoft shows up with Your computer is not protected. When I click the fis now button either nothing happens or it goes into the same page that comes up when I click the "no protection box" on the left. Here both behavioural blocker as well as file guard are off and resist any changes. What should I do?
  14. Thank you Thomas - the process worked fine and I am doing the first scan with anti-malware
  15. my existing license for EIS is finished and I purchased a new license for Emsisoft Anti-malware. How do I best do the uninstallation and reinstallation process to avoid any issues. Is it ok to just use add/remove programs in Win 10 or do I need to do anything else or use an uninstaller? Just want to avoid any corruption or interference when I start installing the new program.
  16. Thomas, thank you very much for your quick and comprehensive response. I also appreciate the offer to add the additional months to the license and will get back to you once I have time to do the installation.
  17. I just purchased a new license for EIS and I understand that the license is valid for 1 year. I plan to use this on my laptop which is currently running a different AV. As I still have two months paid license on this, I wonder if the 12-months for the new EIS license starts from the day of purchase or installation/activation. I am not using the laptop very often but will travel later this year and at that stage would like to enjoy the benefit of the new license without having used up already several months beforehand without much need.
  18. Hi Christian, thank you and sorry - I was confused. I thought I had entered the first license already but when checking today, the tablet was still on trial. I have now entered 2 of my 3 licenses without issues, so everything is fine.
  19. I recently bought a license for 3 AV and successfully installed this on the first tablet. I am just in the process to install the second license and note during the rego process my three licenses show up. All three have the same beginning date and ending date which is fine. By default the first license is ticked but there is an alert on the right that I need to choose one of the three licenses shown on the left and that it should not be used on another computer. How do I know which of the three is already used on the other tablet? I don't want to waste a license by choosing the wrong tickbox and the three options are indistinguishable for me.
  20. Thank you Arthur - I will look into this further. Not really sure that it is related to EAM, the more I look at it the more I think it's a driver issue. If EAM did stop any process, should there not be any reference to this in the log?
  21. I recently installed Emsisoft 8.1.0.33 on one of my pc and in principle it's running very smoothly. However, I noticed that from time to time I experience problems when printing. Usually I get away with one or two print jobs and then the next job hangs which in turn causes the rest of the system to freeze. The only option I have is to close the process with task manager and then restart my pc. During the shutdown I am getting an error message relating to rundll32.exe which I believe is related to the spooling of print jobs. Since I did not have the issue before and nothing has changed on the pc except for the new AV, I am wondering if Antimalware is somehow blocking this process and I need to allow it. Unfortunately no alert from antimalware has come up. I checked the log but nothings shows , the Guard is in default mode, ie no application rules or host rules have been added by me. The rest is on default too. I found this thread with a similar issue http://support.emsisoft.com/topic/11346-explorer-and-run32dll-blocked/?hl=rundll32.exe#entry74672 but I am not running a special host file. Should I try to exclude the relevant file from being monitored via whitelisting and if I do so, how much is that a security risk. I have scanned my pc and it is clean. Win XP SP3, 32 bit with EAM 8.1.0.33 - only other security program running is win patrol.
  22. Thanks again - everything went fine and the program is up and running nicely again
  23. Just wondering why the new installation file is now 96mb large? I think last I time I downloaded it might have been half the size. Also, why are all the downloads routed via cnet/download.com? I would have preferred to download directly from Emsisoft as opposed to any third party. Is there anywhere a list of the md5 hashes of the download files. If I download from cnet, at least I would prefer to be able to check that my file has not been changed.
×
×
  • Create New...