Jimbo

Member
  • Content Count

    37
  • Joined

  • Last visited

Everything posted by Jimbo

  1. Thanks for making me look again. The order is simply different. For those after me, If a "Gold Star" appears on the EmsiSoft icon in the Notifications after disabling "Browser Security Verification" it was cleared after forcing an update. Per the forum this star means "Game Mode" is turned on and the registry hack didn't help. Jeremy, Please understand the reduced contrast Security Overview screen is very tiring to read and almost impossible. Even the text currently being typed brings tears (literally) to the eyes but is, at least, larger so it is readable. However, I apologize for not having persevered.
  2. I don't have the "Enterprise" version. Can we turn it off in Emsisoft Anti-Malware. The every few hours pop-up is aggravating. I tried to see more about it the first few times it popped-up and it crashed each time. So, I researched it and simply don't want it.
  3. Thank you for the repsonse, which I somehow overlooked until today. I apologize for the delay. There have been no additional reported crashes. The registry has just been updated to generate a full dump. (Instruction said to use full dump if requested by a developer, Emsisioft is the developer, so...).
  4. Jeremy, We both agree that using Help > About would match industry "standards". I do use standards there in the very loosest terms. However, consider that it can be found ad copied using the log.by clicking "view details". To select only the version number requires using the arrow and shift keys and not the mouse. So, it is available and it is copiable. PS. I apologize for having revived a three year old post but, personally, when I'm searching for an answer I really don't like reading through numerous posts on the same topic. In this case the version was no longer where it had been stated so my thought was to update this post with currently accurate information. A post in the FAQ would also be beneficial, given the situation.
  5. Any idea how to stop a2service.exe from crashing? With the exception of the information level entry for the most recent crash only the FIVE errors that have occurred over the past THREE days are listed. Emsisoft Anti-Malware - Full Version 2017.10.1.8165 Windows 10 Pro 10.0.16299 N/A Build 16299 x64-based PC MalwareBytes Anti-MalwareBytes Premium 3.3.1.2183 (3.2.2.2029 was installed until very late Nov 2) Webroot SecureAnywhere 9.0.18.38 ========================================================= 2017-11-01 11:28:58 AM Fault bucket 120866368231, type 4 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: a2service.exe P2: 2017.10.1.8165 P3: 59fa33ec P4: StackHash_64a5 P5: 10.0.16299.15 P6: 493793ea P7: c0000374 P8: PCH_FB_FROM_ntdll+0x00000000000A0994 P9: P10: Attached files: \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8DC.tmp.WERInternalMetadata.xml These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_a2service.exe_ed23f84a611b1b4f93df7b89ca49adff5551d4e6_bf8abba8_20ecfc18 Analysis symbol: Rechecking for solution: 0 Report Id: f9a37cb9-5a45-49fd-8e6b-b1e28fc6a982 Report Status: 268435456 Hashed bucket: 22d29da9a8fc6aeed43e64975789cd81 ========================================================= 2017-11-01 11:28:58 AM Faulting application name: a2service.exe, version: 2017.9.0.8006, time stamp: 0x59ce1f57 Faulting module name: ntdll.dll, version: 10.0.16299.15, time stamp: 0x493793ea Exception code: 0xc0000374 Fault offset: 0x00000000000f87bb Faulting process id: 0x4a0 Faulting application start time: 0x01d3532e3b82f8c2 Faulting application path: C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 97b7f5be-ec47-4d21-ad7e-122515cbf874 Faulting package full name: Faulting package-relative application ID: ========================================================= 2017-11-01 04:29:35 PM Faulting application name: a2service.exe, version: 2017.10.0.8157, time stamp: 0x59f8bf02 Faulting module name: ntdll.dll, version: 10.0.16299.15, time stamp: 0x493793ea Exception code: 0xc0000374 Fault offset: 0x00000000000f87bb Faulting process id: 0x2248 Faulting application start time: 0x01d35347b6e45673 Faulting application path: C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 3e0d2e7a-675f-4d46-b8d6-399308871f48 Faulting package full name: Faulting package-relative application ID: ========================================================= 2017-11-02 08:16:00 AM Faulting application name: a2service.exe, version: 2017.10.1.8165, time stamp: 0x59fa33ec Faulting module name: ntdll.dll, version: 10.0.16299.15, time stamp: 0x493793ea Exception code: 0xc0000374 Fault offset: 0x00000000000f87bb Faulting process id: 0x600 Faulting application start time: 0x01d3538f79ce49e9 Faulting application path: C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: ea4b5f0e-6378-4870-aa5e-c8a88626465e Faulting package full name: Faulting package-relative application ID: ========================================================= 2017-11-03 02:16:39 AM Faulting application name: a2service.exe, version: 2017.10.1.8165, time stamp: 0x59fa33ec Faulting module name: ntdll.dll, version: 10.0.16299.15, time stamp: 0x493793ea Exception code: 0xc0000374 Fault offset: 0x00000000000f87bb Faulting process id: 0x5c0 Faulting application start time: 0x01d354719bdd6b12 Faulting application path: C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 3135c726-e2dd-4eaf-a4b9-9485fad7a134 Faulting package full name: ========================================================= 2017-11-03 03:16:56 AM Faulting application name: a2service.exe, version: 2017.10.1.8165, time stamp: 0x59fa33ec Faulting module name: ntdll.dll, version: 10.0.16299.15, time stamp: 0x493793ea Exception code: 0xc0000374 Fault offset: 0x00000000000f87bb Faulting process id: 0x29fc Faulting application start time: 0x01d35473b1e1181f Faulting application path: C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f9a37cb9-5a45-49fd-8e6b-b1e28fc6a982 Faulting package full name: Faulting package-relative application ID:
  6. Fabian, I agree with you. Most, not all, software has a help icon/link with the option for help or about. The about usually lists the version number. I'm not sure that hitting the update button would provide me the version number which was wanted for a couple of help requests that were opened. I find it strange anyone would want to see the version numbers all the time, but habits vary! We used to say vive la différence. Isn't it sad that about half the world now say you must think like and agree with us or we will unfriend, shun, and scream at you?
  7. I was getting confused. It is Malwarebytes that is not updating. Sorry. As a result I was trying to document all my anti-malware applications and had to figure out how to do that. Confusion abounds; at the moment.
  8. Thanks. I had accidentally clicked there and looked but didn't see the version in the position of a subtitle. Even looking now, with my eyes, light grey on off-white is difficult to read. For me, the log was much easier to read. In addition, the version can be copied by clicking "view details". To select only the version number required using the arrow and shift keys and not the mouse.
  9. Never mind, I found the answer to my primary question.. I still want to know why the version number is hidden Here is where the version number is currently listed.. Open Emsisoft Anti-Malware by right clicking the icon in the system tray select "Security Overview" Select tab "Logs" Find the most recent entry for: Component: Core Action: Protection started The Details column lists the version number I know this is an old thread, but, it appears the location of the version has been moved and I am unable to find it. Any suggestions? Shouldn't this be easy to find?
  10. I would like to state that Emsisoft is correct. Only admin accounts should be allowed to make important changes. For example, on a user account opening the control panel restricts most of what I can do. I would also like to state that the User is correct. For example, on a user account I have the option to open the control panel or a command prompt with administrator privileges. Could we please be told how to open Emsisoft Anti-Malware with Administrator privileges. (Never mind... I just reread and saw we can grant a password so user accounts can perform updates... maybe that will fix the next issue.) Is this the reason the app will not update but, instead, asks me to check for updates and then tells me the app needs to be updated and prompts me to check for updates. Keep repeating until you get tired of reading!
  11. Umbra, You are awesome and I thank you for your responses. Bless you! You are correct, that is my router. I don't undestand how I failed to see the Static NAT link before posting nor did I click on the other links such as DMZ Host. Continued research turned up a thread that stated if your IP address is 192.168 then you are probably behind a NAT. Thank you for the explanation of the differences. That gives me some comfort. To say I am uncomfortable with any security provided by Microsoft would be an understatement.
  12. Unfortunately, I don't have a facebook, twitter, etc. account so can't "join" the blog dixcussion. The other threads didn't help with my questions. I have several questions. 1. How do I tell if my "Actiontec MI424WR-GEN3I" router is a NAT router or nt? If not, it appears I must now purchase a new router and set it up becuase of the loss of a firewall ... groan. (Verizon doesn't mention this router version and looking a the configuration I see no references to NAT. 2. Tell me what Emsisoft Anti-Malware will do that Malwarebytes Premium doesn't do? One thing it did was to provide a firewall. I had purchased Online Armor for the firewall. I was forced to install Internet Security but it seemed to work with my other software so it turned out ok. WIth 26 months left on my license I now have 39 months, after the extension. Yet, it won't contain the one protection for which it was purchased. So, I'm now running Webroot SecureAnywhere, MalwareBytes, & Sandboxie (for browsing), and now, a second Anti-malware program, and will have to purchase firewall software that I trust.
  13. Arthur, Thanks for the response. Sorry for using the term "more powerful". It still makes no sense, to me, that a security program which makes a "Leap in technology" in order to prevent applications from "destroying your files..." would allow an unknown program to do what OA would not. Online armor: stopped unknown programs from executing and, if allowed to execute stopped the program from deleting files getting a list of files executing ftp and sending data to an unknown website Even when OA was told to allow that program to always execute, OA would ask again if the program changed. EMSIS allows all those actions. I'm not upset but many of the security applications currently used are changing and each have lost some functionality. I rarely used any protection from 1980-2007 and then, finally, one of my computers finally got infected. Now, I run with lots of protection often increased beyond the defaults. So, losing protection is somewhat disappointing. Hey, they really are out to get me...
  14. Peter, Thanks. That makes sense. There was an option to allow that "program" to change so it was allowed. The entry does not appear in any list, including the Whitelist, so I can't remove it to test your suggestion. However, your information will be used in the future and is appreciated. Updated. Found the entry in the "Behavior Blocker Log". After "Allow Always" was selected for the sandboxie program, the log listed "App rule added". 42 seconds later the log lists "App rule deleted." I tried adding "c:\Program Files\Sandboxie\rmdir" as both a name and file and "c:\Program Files\Sandboxie" as a folder. The entries disappear after clicking "ok". So, what I have now is a program from a known vendor that I want to execute without having to give permission but can't and a program from an unknown vendor that want to disallow until I give it permission but can't. ROFL Hey, I am sticking with EIS so I can't be all that upset... just curious as to the reasoning and/or how to get it to behave.
  15. It gave me comfort having OA block unknown programs from executing. For example, I would write and execute small command files and OA would ask for permission to allow them to run. I would grant "one time only" permission and life was good. Now, they just run. It makes no sense to remove a security feature from a "more powerful" version of an Emsisoft security application so how do I enable this feature in EIS? On the flip side, when "Delete Contents" was executed in Sandboxie OA asked for permission.. Later, while browsing, EIS stated that Sandboxie RMDIR "program" had changed. Sandboxie should not have been changed so, something strange is going on. Any Sandboxie users know what happened?
  16. In case "proof" is needed, I have a 4.85 MB video (1 minutes long) detailing the issue.
  17. Win7 Pro 64bit Online Armor Premium Edition version 7.0.0.1866 OA is NOT in learning mode How I replicate the issue Open OA and look at program list the command file is NOT listed copy the .CMD to HDD and execute The .CMD file runs without OA asking permission Program list now contains rename.cmd with status of Allowed This seems dangerous. Unfortunately, this behavior is inconsistent as OA will ask permission for new command files for days or weeks but then begin allowing new command file to execute by auto-adding them to the program list with an Allowed status. What can I be doing wrong and how can this behavior be prevented? Godspeed PS, the primary command files being executed either get a directory listing and create a file or rename files.
  18. OA Premium edition 7.0.0.1866 Win 7 Pro 64-bit The questions are simple: 1. "How can it be ensured that entries in "Programs" marked "Ask" or "Block" will not be auto-allowed by OA in the future? 2. What reasonable method can be used to determine which of the 1,661 entries marked "Allow" should be reset to Block or Ask... (manually is not reasonable) Various cmd files have been created and used to execute various actions on my HDD and OA has always behaved properly. Specifically, OA asked if execution was to be allowed and I always say "allow" without "remember decision." Today, this quit working. Now, all cmd files, even newly created cmd files execute and an OA entry is created with "Allow" as the option. if the "OA setting" of "Allow" is manually changed to "Ask" the setting is ignored and OA AUTOMATICALLY changes it to "Allow" when the command file is executed again. There are 1,786 Programs listed now only 12 are being blocked.... there were *MANY* more. Only 13 are marked "Ask" meaning so many programs are now being allowed than should be that OA must have been auto-allowing executions for quite a while now. History shows that SOME settings are still being honored.
  19. Groan... I had looked for WRkrn.sys rather than WRusr.dll.... However, after the install: C:\Windows\SysWOW64\WRusr.dll 149 KB 7/18/2013 6:48 PM C:\Windows\System32\WRusr.dll 102 KB 7/18/2013 6:48 PM Windows Explore (Properties > Details) show both to be version 8.0.2.155
  20. Interesting. I believe SysWOW64 is for 32 bit dlls on a 64 bit system and System32 is for 64 bit dlls on a 64 bit system. Apparently, System32 was so ingrained it was simpler to leave it the same name even after Windows supported 64 bit. On your system do they both contain the same number of files? On my Win 7 Pro 64 bit system. 2,840 (2,747 files, 93 folders) C:\Windows\System32 2,403 (2,322 files, 81 folders) C:\Windows\SysWOW64 305 (302 files, 3 folders) C:\Windows\System32\drivers 13 (11 files, 2 folders) C:\Windows\SysWOW64\drivers However, I have just uninstalled Webroot again and checked both folders and OA and found that both Wkrn programs were removed from both folders and all entries in OA were removed. Once I reinstall I will report the results.
  21. Sorry about being unclear. I meant deleting and adding and a program to OA Programs list. This was done to get OA to recognize the proper version and hash. My thought is OA would stop programs whose version / hash has been altered and cause problems. However, with there being now legitimate way to update that information deleting and adding might actually be causing me a problem. Good question to ask but, yes, I'm sure. The steps taken are below. I can send screen shots if you wish. Before the steps, here are two examples. Displayed in the Open dialog box (presented by Adding a program) File: gm.dls Folder: UMDF Not displayed File: afd.sys Folder: etc In the case of the two files ATTRIB shows attributes of A. In windows explorer both files are System Files with owner "TrustedInstaller" There are only 5 hidden files. Shown in Win Explorer but not OA Open Steps taken *Before deleting it the program was right clicked in OA and "Open file location" was selected. (opens windows explorer where 303 files and 3 folders are listed) *The program was deleted *Right clicked in OA and Add Selected. *It opened C:\Windows\System32\drivers (11 files and 2 folders are listed) The path was copied from Windows Explorer and pasted into the file name text box and the Open button was clicked (no change) Finally, "\WRkrn.sys" was manually appended to "C:\Windows\System32\drivers" in the File name text box and the Open button was clicked. (the program was added)
  22. There are three questions all are near the bottom. Update: WSA build 127 was uninstalled and build 155 installed. Three of the five programs now reflect the new version in OA. The one I manually updated yesterday did not get updated in OA with the reinstall. That is, it still reflects build 127 instead of 155. However, please explain this new issue which shocks and baffles me. Before WSA was uninstalled WRkrn.sys version 8.0.2.127 was correctly listed in OA. After WSA was reinstalled WRkrn.sys version 8.0.2.118 is now listed. This version was replaced by 127 in April. Version 8.0.2.155 was installed today. Both programs were deleted and added within OA. Both were marked Allowed and Trusted. I have no idea how to test functionality. So, once again, I'm asking would deleting and adding cause problems? Why is OA having an issue of "seeing" programs in a system folder? When adding WRkrn.sys, OA could not list all programs or subfolders within C:\Windows\System32\drivers. Manually adding the program name allowed it to be added. Does this mean that OA has insufficient rights to the system?
  23. Yes, in step 3. Would deleting and adding cause problems? Since that fixes/masks the version/hash display issue it seems an appropriate way to update this. Since this is not an approved way to update the version information I am assuming it may cause problems. It was done ONLY because I'm about to uninstall and reinstall the software so figure it couldn't hurt too bad.
  24. Heh. I just want the program to work correctly and assume that if OA is displaying incorrect signatures OA may be "protecting" me causing the program to malfunction. So, tell me what I have just done to myself... 1. In OP Programs the errant program was deleted. 2. It was then added 3. It was then marked allowed. 4. It is currently shaded pink but is displaying the correct version and hash
  25. Ok, I will ask it a different way. Why, when OA detects certain programs does it interpret the version and hash incorrectly. In this case it looks at WRusr.dll version: 8.0.8.127 Hash e2e4288a3b4fc706641d85fa029a5986 but interprets the above as version 8.0.8.118 (Hash D5177488367792F73210BE2FEBC96159? What are the ramifications of this issue? How wide spread is this problem?