Jump to content


Emsisoft Employee
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Elise

  1. Hello, No, we do not provide SSL certificates.
  2. To clarify, it has nothing to do with the slider you mentioned in your first post, the yellow part just means that a customer is presented with an alert window where they can click Quarantine because the file that caused the alert is not known in our cloud.
  3. Hello Nevi, No, this has only to do with the number of alerts that is automatically blocked/quarantined (green part) and the number of alerts where you do need to click manually on Quarantine. There is no difference in the actual way malware is blocked.
  4. 1) AFAIK this just will always try to use https (even if you click or type a http link), no interception is done. 2) You'd have to check what each browser includes, but remember it is also possible to install a security solution that will install a browser add on. Any browser that allows the installation of add-ons/extensions (and thats basically any browser) can use a https filter of some sort if it is installed. 3) The following part of the article really explains this: 4) You can't without understanding how this works, which is why it's recommended not to use any product that uses https interception unless you're sure it is safe.
  5. Hello, When it comes to surfing: keep it simple, a browser is only as safe as it's user. I'd advice against using any browser "security" that intercepts https traffic, for an explanation see here: http://blog.emsisoft.com/2017/02/09/https-interception-what-emsisoft-customers-need-to-know/ Choose the browser that suits you best en practice safe surfing (use an adblocker, use a password manager as alternative to using easy to guess or identical passwords), don't visit shady sites and if you're not sure about a site, scan the URL on http://www.virustotal.com Personally I use Google Chrome with uBlock origin, Lastpass, and a few small add-ons that help facilitate certain routine tasks. never had any browser-related security issues.
  6. @abyskaria, please refrain from making meaningless posts. If you have to add something to an existing topic make sure your reply is relevant to the topic, otherwise your posts will be removed without further notice.
  7. For reinstallation media, always use the Media Creation tool to ensure as much updates as possible are included (this is generally a good idea because it also reduces the amount of updates you'll have to install after installation): https://www.microsoft.com/en-gb/software-download/windows10 As for the rest, the vulnerability is/was in the SMB (server message block) protocol, which is not something an average home user requires, if you are concerned you can just reinstall Windows without network connection, go to Programs and Features > Turn Windows Features On and Off and in the populated list locate SMB1, uninstall this before continuing.
  8. Without going into details, no not the fact that VLC creates this subfolder is suspicious (this is normal and a lot of programs create subfolders for a variety of legitimate reasons). However VLC uses a method to implement this that is considered suspicious because real exploitation might use similar code. This does not mean that the API for example could be used to issue other commands, you just wouldn't expect VLC to use this particular script to accomplish the task (if anything I'd call it sloppy coding/implementation).
  9. Jeremy, no, the exploit protection only looks at the behavior and whether that is suspicious or not.
  10. Yes, this alert occurs due to the way VLC creates its subtitles directory. To avoid this alert you can create that folder manually and then run VLC. You'll find that you can then download subtitles without problems. Create the following folder: C:\Users\<your username>\AppData\Roaming\vlc\lua\extensions\userdata\vlsub
  11. An exploit can be seen as a way to make sure malware ends up on a system undetected/unnoticed. However this malware still will need to be executed, at which point Emsisoft's behavior blocker should intercept it. No proof of concept exploit has been released so there is no way to test this, but in theory, yes we should block any malware that tries to infect a computer this way.
  12. Hello Joe, Thank you for providing this feedback. Regarding your first post, any chance you could attach the files that caused the ESET alerts so I can test them? Because no security solution monitors the system at exactly the same time/location, it is possible our software would simply have shown the same alert had ESET not already blocked it, however I don't want to make that claim without first testing it myself. As for the second post, from what I can see everything detected was located in archives. This doesn't mean real time protection didn't monitor correctly, it just means that these files/archives were not modified. If you have any further question about this, please let me know.
  13. Hi, The trial is not a separate download, you select it after installation when you're asked to enter license information. So you can just download any product from our website and run the installer.
  14. Hello, If Windows is patched you're not even vulnerable for this attack and EIS shoudl block this. Generally speaking: keep Windows and other software up to date, keep your security software up to date, ensure you have recent backups and if you use RDP or similar, ensure it is properly secured with strong passwords. For more information about this infection, also read our blog article: http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/
  15. Yes it seems there is a massive campaign, another interesting article: http://www.bbc.com/news/technology-39901382 I really want to pick one thing out of the article though: The patch was labeled "critical" by Microsoft (and for good reason as you can see now). That is all I have to say about it.
  16. Okay, if you have any further question, please let me know.
  17. None of these objects can normally affect your computer's performance, the worst that could happen if that the program it would be associated with could be malfunctioning, but that is not the case here. Can you give a bit more information of what is happening on your computer? What happens when you try to open normal programs like your mail program (if you use one), browser or other applications you often use? Do you get any error? What happens when you try to start Notepad (press Windows key + R, type notepad and press enter), do you receive any error and if yes, what is it?
  18. I'm sorry to hear about this problem. If you can still open your Emsisoft program, have you tried restoring the quarantined items and can you post the log file that was created after the scan? You can find it under Logs > Scan.
  19. No you can't, but as long as EAM is installed, malware cannot flash the BIOS without a warning. As for hardware that would be affected out of the box, apart from ensuring you buy from a trusted manufacturer, there is nothing you can do about that.
  20. While I appreciate you sharing this, please observe the rules of fair use: for short, if something is not your own writing, quote it and provide a source. In this case, you literally copied the entire post from: http://www.computerworld.com/article/2885069/theres-no-way-of-knowing-if-the-nsas-spyware-is-on-your-hard-drive.html
  21. Emsisoft is not vulnerable for the exploit mentioned in the article.
  22. Well, since this topic is not about my files that are encrypted, I don't see the problem there. And because you just violated the Terms of Use of this forum, please allow me to fix that particular issue real quickly. To address your original concern because it did not appear to be clear to you: a lot of malware analysts (both from Emsisoft as well as other companies or freelancers) put a lot of time into finding out ways to decrypt files that were encrypted by all kind of ransomware families. Instead of complaining about the lack of a tool, it would be nice if you could actually appreciate the work they do.
  23. A VPN can protect your location and IP address (assuming that it does not collect personal data, which is not a given). If you use for example weak passwords or leave your personal information on shady websites however it is meaningless.
  24. Thank you for your submission. I will look into it as soon as possible.
  25. Yes, this file in this particular location is associated with a Windows App. There is no need to worry about it.
  • Create New...