Elise

To clarify, it has nothing to do with the slider you mentioned in your first post, the yellow part just means that a customer is presented with an alert window where they can click Quarantine because the file that caused the alert is not known in our cloud.

Hello Nevi, No, this has only to do with the number of alerts that is automatically blocked/quarantined (green part) and the number of alerts where you do need to click manually on Quarantine. There is no difference in the actual way malware is blocked.

Hallo Marcel, Alle update informatie is hier beschikbaar: http://changeblog.emsisoft.com/ Zodra deze update beschikbaar is, zal informatie hierover op deze blog gepubliceerd worden. Ik heb een notitie gemaakt om ook een update in dit topic te plaatsen. Nog een fijne avond!

Hallo Marcel, De update zal tegen het einde van de maand juli beschikbaar zijn; dit duurde wat langer omdat er een aantal andere veranderingen in de driver nodig waren.

Hallo Marcel, Ik heb hier niets meer van gehoord (en ben helaas zelf ook vergeten om dit na te vragen), maar ik heb het nu aan de developers gevraagd en zal hier zo snel mogelijk een update over toevoegen.

1) AFAIK this just will always try to use https (even if you click or type a http link), no interception is done. 2) You'd have to check what each browser includes, but remember it is also possible to install a security solution that will install a browser add on. Any browser that allows the installation of add-ons/extensions (and thats basically any browser) can use a https filter of some sort if it is installed. 3) The following part of the article really explains this: 4) You can't without understanding how this works, which is why it's recommended not to use any product that uses https interception unless you're sure it is safe.

Hello, When it comes to surfing: keep it simple, a browser is only as safe as it's user. I'd advice against using any browser "security" that intercepts https traffic, for an explanation see here: http://blog.emsisoft.com/2017/02/09/https-interception-what-emsisoft-customers-need-to-know/ Choose the browser that suits you best en practice safe surfing (use an adblocker, use a password manager as alternative to using easy to guess or identical passwords), don't visit shady sites and if you're not sure about a site, scan the URL on http://www.virustotal.com Personally I use Google Chrome with uBlock origin, Lastpass, and a few small add-ons that help facilitate certain routine tasks. never had any browser-related security issues.

@abyskaria, please refrain from making meaningless posts. If you have to add something to an existing topic make sure your reply is relevant to the topic, otherwise your posts will be removed without further notice.

For reinstallation media, always use the Media Creation tool to ensure as much updates as possible are included (this is generally a good idea because it also reduces the amount of updates you'll have to install after installation): https://www.microsoft.com/en-gb/software-download/windows10 As for the rest, the vulnerability is/was in the SMB (server message block) protocol, which is not something an average home user requires, if you are concerned you can just reinstall Windows without network connection, go to Programs and Features > Turn Windows Features On and Off and in the populated list locate SMB1, uninstall this before continuing.

Without going into details, no not the fact that VLC creates this subfolder is suspicious (this is normal and a lot of programs create subfolders for a variety of legitimate reasons). However VLC uses a method to implement this that is considered suspicious because real exploitation might use similar code. This does not mean that the API for example could be used to issue other commands, you just wouldn't expect VLC to use this particular script to accomplish the task (if anything I'd call it sloppy coding/implementation).

Jeremy, no, the exploit protection only looks at the behavior and whether that is suspicious or not.

Yes, this alert occurs due to the way VLC creates its subtitles directory. To avoid this alert you can create that folder manually and then run VLC. You'll find that you can then download subtitles without problems. Create the following folder: C:\Users\<your username>\AppData\Roaming\vlc\lua\extensions\userdata\vlsub

An exploit can be seen as a way to make sure malware ends up on a system undetected/unnoticed. However this malware still will need to be executed, at which point Emsisoft's behavior blocker should intercept it. No proof of concept exploit has been released so there is no way to test this, but in theory, yes we should block any malware that tries to infect a computer this way.