Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by m0unds


    12 hours ago, GT500 said:

    WiX# is a framework for building MSI packages, so ExpressVPN is probably just using that to build their MSI's.

    Yeah, I know - I mentioned it more for the peace of mind of the OP

    5 hours ago, MooseGiblets said:

    I'm glad someone got to the bottom it, I do have a question: If eam quarantines a part(s) of a program will that program still work or will it just not respond? I don't know how the quarantine works which is why I prevented it from quarantining every time it flagged in the initial screenshot. 

    Quarantine isolates the file(s) in a controlled location to prevent "bad" stuff from being executed. If the file quarantined is a library (DLL) or binary (exe), the program will no longer execute. You can always submit suspected false positives to support using the in-product FP submission function or submitting virustotal results on the false positive part of this forum.

    From your post and screenshot, the files are being marked as safe by the anti-malware network, which implies they're whitelisted and not being quarantined. Hope this helps.

  2. If you could locate the file being quarantined on disk prior to it being quarantined and get the file hash, you could submit it along with the installer to Emsisoft to figure out whether it's a valid threat. I've had to do this for a couple customers who had software doing innocuous stuff like updating using an unsigned installer (Brother printer/scanner software) and installing TUN/TAP drivers (VPN software).

    EDIT: Just reproduced this using the ExpressVPN installer. It's likely a false positive: 10/7/2019 11:45:23 AM
    Behavior Blocker detected suspicious behavior "HiddenInstallation" of C:\Windows\Installer\MSI13C1.tmp (SHA1: 062D2E610620917996AA29B09A38CE2710E86739)

    Here's the virustotal for it: https://www.virustotal.com/gui/file/d1881c9e34d00005974197efd978611a5c96363e4b2e0ad52a15867a637786af/detection  -- it's an installer for WiX Sharp: https://github.com/oleg-shilo/wixsharp

    EDIT: Nevermind - Anti-malware network is recognizing it as safe, the product is just logging the hidden installer part. It's not the same situation as my customers' issues, as the product was actually blocking the installation in their circumstance.

  3. Hey, had another feedback item regarding the console - currently, it indicates "unresolved issues" when a device hasn't updated in $somenumber of days, even if the device hasn't been online during that period of time. i.e. device 1 hasn't updated since June 17th, but also hasn't been online since that date; device 2 hasn't updated since June 30, and hasn't been online since then - the console shows device 1 hasn't updated in 15 days and device 2 in 2 days. 

    It'd be great if it would show unresolved issues for devices that have been seen *and* not updated within the reported period of time, rather than just basing it purely on last update and not online status.

    That being said, the improvements to the console are pretty great, and my customers have been pretty pleased with it so far.


  4. On 5/9/2019 at 10:29 AM, Frank H said:

    hi and sorry for the delayed reply.

    yes. Forensics has no fully been implemented yet.


    We also will consolidate findings of a scan in one email.

    Thanks for your feedback, much appreciated and stay tuned !


    no problem - happy to hear that these enhancements are in the pipe. can't tell you how nice it is having a web panel vs having to deploy the on-premises enterprise console. thanks again.

  5. Hey,

    So far, I've been pretty happy with the cloud console (as have most of my customers) however, is there any chance of getting an MD5/SHA1/256 hash of a "detected" file in the log on the cloud console and/or email notifications? Additionally, do you guys have any plans of adding something like a daily/weekly digest of detections vs "as they happen" notifications? I don't mind being notified right away, but in a few cases (namely, an FP at this point) I received something like 150 emails in the span of 5 minutes. I submitted the FP, and it was fixed in a pattern update, but you can see how that's not an idea situation 😁



  6. Sort of better - activation window is usable now, post-beta notification window is still screwed up, as is the product window itself. The product window is too small, and either requires resizing or scrolling, and the notifications aren't resizeable and are cut off. Progress is progress, though. Uninstall dialogue is still borked, but I'm not sure whether that was part of the beta.





  7. 2 hours ago, Siddharth said:

    I am able to make the scaling work by tweaking all these things. However, the issue still persists with the notifications that come on the right hand side such as when the product is being updated etc. 

    it looks like overriding the dpi settings for a2guard doesn't persist between reboots for whatever reason. i just reproduced that on my aforementioned customer's machine. the only one that sticks is a2start.


  8. On 2/5/2019 at 7:35 AM, Siddharth said:

    This is really getting a bit annoying. I uninstalled Emsisoft to give you guys some more time to fix this. 


    I tried what you have told me to, it still does not work! Can you please help this? it is just annoying to use a piece of software when we cannot even read the instructions which are being displayed. 


    Can you please now fix this after months ? 

    a2start being set to "system" scaling should fix the primary product ui - if your issue is with the product alerts, change a2guard and commservice to "system" scaling as well, and the whole product will be scaled correctly for 4k display by windows. (i just had to do this for a customer of mine. please fix this as it makes folks selling your product, i.e. me, and others, look like an idiot when we have to hack away in order to make it display correctly on modern workstations)

  9. On 1/14/2019 at 2:54 PM, Siddharth said:

    I know and understand that. But you know it has been months since this has been like this. My license expires in 49 days and I would like to renew it but if I am unable to use the product properly, I would have to think otherwise. 

    Everything worked perfectly before. Is it not possible to get this fixed ASAP please?

    Thank you.

    have you tried right clicking on the EAM UI application (a2start i think; don't have it installed on this machine) > clicking properties > compatibility tab > high DPI > change to system?


    On 1/14/2019 at 4:59 PM, GT500 said:

    Unfortunately I can't increase or decrease the priority of bug reports.

    Have you tried changing the DPI to see if things work better at other settings? It may not be ideal, but it might at least make things usable.

    the problem with this on a small (sub 22") 4k display is that it makes everything so small it's unusable. not a particularly suitable workaround, i'm sorry to say. overriding the dpi handling for the UI might help, though.

  10. 2 hours ago, threbb1 said:

    Hey there,

    This might not be the right place to post - sorry, first time on forum -, but I would like to ask what the main differences are between the new browser extension and the already integrated surf protection.

    Does it provide protection on a newer level, or extra features? Also, are there any changes to how the extension handles anonymous date such as visited domains?

    Thanks a lot in advance.



    hey, here's the blog post about it: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/

    • Like 1
  11. 17 minutes ago, JeremyNicoll said:

    > awesome, glad you figured it out!

    Hardly, if the solution involves losing all one's FF settings.

    considering it was an issue with the mozilla browser addons page that has nothing to do with emsisoft, i think it's completely within the realm of "figuring it out" when resetting the browser to factory remedies the problem preventing him from installing an addon. (i.e. the browser malfunctioned and resetting it fixed it) additionally, firefox sync saves your settings if you allow it to, and it's a zero-knowledge (e2e encrypted) service so there's no reason not to use it unless you hate convenience.

  12. Just now, Thomas Schoessow said:

    Seems, that I finally got it managed -). The way seems a bit weird, but at least I got it.

    Went to the addons page and searched for the plugin. There it says "Install Firefox" and I clicked that. That next page said, "You are using the latest version". There is also a button "cleanup firefox". I did, and lost all settings, add-ons and so on.

    After closing and re-opening the browser, it looked like a "virgin" one -). Went to the addons page and....a miracle...now It was possible to install the emsisoft plugin and all others (again). 




    awesome, glad you figured it out!

  13. 15 minutes ago, JeremyNicoll said:

    I've just tried setting Google Chrome as the default, stopping & restarting it (and it still says it's the default, and also I do get the EAM reminder for Chrome), then rebooting.  If i double-click a .htm or .html file then it's still Firefox that starts, and yet as it starts it tells me it isn't the default and do I want to make it so?   Going back to a .htm[l] file, and looking at Open With and resetting the 'default' there too still doesn't stop FF from starting.  Weird! 

    After all this, and setting FF back to the default (for all the good that's likely to do), I still don't get an EAM/FF warning.

    Oh well - figured maybe something was borked with default browser settings in Windows that may have confused EAM's detection of default browser/active browser

    7 minutes ago, Thomas Schoessow said:

    And I tried to install another addon, just to see if it works. And it did work...

    What's the URL you're being directed to for installing the Emsisoft browser addon?

  14. 12 minutes ago, JeremyNicoll said:

    @m0unds - Not as far as I know.  They did ask if I was using the portable version (I'm not).  And apart from Flash (rarely activated) I use no Add-ons or Extensions other than those that come supplied with Firefox.  I've got v64.0 on a 64-bit W8.1 machine, also Stable.    I commented here because EAM not recognising that I'm using FF without their extension, might be the same issue as Thomas has.

    Ah, ok. One thing you might try, if you have FF set as your default browser, is to try setting something else (even IE) as default, rebooting, then reverting back to FF post-reboot, and seeing whether EAM detects that you're using it.

    In Thomas' case, that's addons.firefox.com page not recognizing that he's running FF (which is why I was asking whether he's modifying his user agent or something).

  15. 3 hours ago, JeremyNicoll said:

    This might be a good point to remind Emsisoft that (as found during the Beta phase) I still don't get any reminder that the the extension exists, when I start Firefox on my machine.

    Were they able to reproduce the issue? It worked fine on both of my win10 systems running FF stable (64)

    4 hours ago, Thomas Schoessow said:

    Hi, I would like to use the new browser extension on my Firefox Quantum 64.0 (64 bit). But the addon center notes " Please install Firefox"...

    Did I do anything wrong?




    Download Image

    Are you using any extensions/addons that change the user agent to spoof another browser?

  16. On 12/26/2018 at 2:07 PM, GT500 said:

    OK, thank you. I'll let you know if we need any more information.

    just in case these weren't known, all of the settings for every product component with a modal dialog (application rules, edit rules, import hosts, add new rule to surf protection, edit extensions for file guard, email notifications, update interval, proxy settings, export settings, set password, connect w enterprise console) are tiny as well.

  17. Hi,

    I installed EAM on a windows 10 machine with a 4k display, and both the product UI and license login are screwy. The product UI can be resized after logging in, but the login screen is cut off and non-resizable (and any error messages are the wrong DPI so are extremely small).


    Here's an example:



    product notifications are also borked:




    as is the uninstall dialog:


  • Create New...