Jump to content

Elise

Emsisoft Employee
  • Posts

    8514
  • Joined

  • Last visited

  • Days Won

    129

Everything posted by Elise

  1. No it can't because we don't collect that information. To read more about this: https://blog.emsisoft.com/en/26117/https-interception-what-emsisoft-customers-need-to-know/
  2. Hello, Emsisoft Emergency Kit is already portable. All you have to do is to copy the EEK folder to the USB drive and run it from there.
  3. Yes, you are right. I checked them all, but (fortunately) none of the content reported did work (although I could see it had been there before).
  4. Hello, We do block techsupport scams, however we do not use heuristics detection to do this as some other products do. The reason for this difference is that doing so would require us to actively filter/check all your browser activity. Not only is this a breach of your online privacy, it also brings security risks with it, which is why we opted not to do this. While I completely understand how annoying/scary such fake techsupport scams can be, they are harmless to your computer; the worst that can happen is that you have to close the browser via the taskmanager (you can do it also via Emsisoft's Protection/Behavior Blocker tab). I will check the data you provided and will add any undetected techsupport scams to our database.
  5. Theoretically that is possible yes, but then something would need to be installed on disk. And that would count as suspicious behavior.
  6. The hijacking aside, you need to have traffic back to the attacker, which would be detected in any case. And unless someone tricks you in installing something to capture your camera input to send it their way (which would be a legitimate program, which you clearly have to install manually and configure) the attack itself would be intercepted as well. Larger files may always not be scanned by the file guard, but they are monitored by the behavior blocker, so that is not an issue.
  7. Hello, Thank you for contacting us about this issue. Please feel free to forward the email to [email protected] Most likely this is a malicious email. As for your questions: 1: Yes, you would be protected from that by EAM. 2: No, realtime protection would have blocked it, either via the file guard or behavior blocker. However you can always run a scan to doublecheck. 3: Yes. 4: No, you can just trash the mail or forward it to us (and then trash it).
  8. Based on the file name I think this was a temporary installation file. It triggered an alert and EAM attempted to quarantine, but before this was completed the file was already gone, hence no actual file in quarantine.
  9. It is possible that you had a file in quarantine, then removed it. The event that the file was quarantined will still be visible in the logs, even if the file is no longer in quarantine.
  10. Hello, Was the version you tried to run also 3 months old? In that case it's recommended to download a new copy of EEK from the website. Please let me know if this also happens with a new copy of EEK.
  11. Hello, Yes, we do consider mining by websites malicious, I can confirm what you reported and the URL will be added to our Surf Protection database.
  12. I would always advice to use only one security software installed (of course I'd recommend Emsisoft, but it also goes for other good security products). To see why it is not recommended to run more than one AV, see also the following blog article: https://blog.emsisoft.com/2017/12/18/do-not-run-multiple-antivirus/
  13. Yes, Emsisoft's behavior blocker prevents the installation of fileless malware on the computer even if no signature detects it yet.
  14. Yes, but if you have to manually install some drivers, you still can download the drivers via Windows Update or from the manufacturers site.
  15. Whenever you reinstall the OS, all drivers are reinstalled, so if you did a complete reinstall, no malware drivers will be left. The BIOS is firmware, that means it is hard coded in the device (in this case the mother board). If that code would be infected, a reformat/reinstall has no effect on it. You can however flash the latest firmware version before doing a reinstall. If EAM is installed it ought to block an attempt by malware to write a custom BIOS (you would expect to see a Direct Disk Access alert).
  16. It's not likely, such a partition usually contains an image and that file will not be altered by malware. When you start a restore operation, that image is then put back on your hard disk, wiping everything else.
  17. This is normal. First of all there's your browser. Each page you visit has a corresponding IP. Next think about Windows and other software checking for updates on a regular basis. On top of that email clients and the like will check for new messages as well. Then there are all kind of communication applications (skype, facebook messenger, and so on and so forth) that all will connect to a number of IPs to retrieve (or check for) messages. Think also about Microsoft's time synchronization and for example all kind of software license checks. These are just a few examples, but I think you can imagine why you'd always see a list of IP addresses your computer connects to/receives data from.
  18. If you'd like to know what they belong to you can just copy/paste them here. If you'd rather not post them in a public forum, feel free to send me a PM.
  19. Yes, to put it simple: with ipv6 you have a larger pool of possible IP addresses than with ipv4. This is necessary because there are so many devices worldwide that request an IP address on the internet that the total amount of possible ipv4 addresses is simply not enough. You can read more about it here: https://en.wikipedia.org/wiki/IPv6
  20. Without seeing an example, this usually happens when ipv6 is used and not ipv4. If that is the case its perfectly normal. You can look up what the IP belongs to just as you can do with a "normal" ipv4 address on whois sites.
  21. That is hard to say, however two questions: does this happen on any computer you put this in. Also, what software does block it? My first guess would be that it depends on the port the device was put in or maybe the device is malfunctioning, but its impossible to say without more information.
  22. Hello, Thank you for reporting this issue. To see if this is caused by Emsisoft products, please disable all Emsisoft real time protection guards (right click the tray icon and select "pause protection" > "disable for 10 minutes"). If this fixes the issue then Emsisoft may be blocking the application. If this does not change anything this problem is likely not related to Emsisoft.
  23. Unfortunately I cannot give you any more details about the internal working of our protection components. You can however verify that both signature detection and behavioral detection work properly now for this and similar samples.
  24. The file should be detected using the latest signatures. The digital signature has also been blacklisted.
  25. Hello, EIS = EAM + firewall. De scan options in EAM and EIS are identical as are all protection modules. The only thing EIS has that EAM has not, is a software firewall. For more information about a software firewall, please see this blog article: http://blog.emsisoft.com/2014/09/19/whats-the-point-of-having-a-firewall/
×
×
  • Create New...