Jump to content

m0unds

Member
  • Posts

    138
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by m0unds

  1.  tbh, i think this is more a pitfall of convicting an entire domain/subdomain vs specific path than anything else. i've run into enough weird FPs in shared envs (multiple platforms, AWS/S3/cloudfront, backblaze b2,  numerous other providers) that i don't even bother submitting them anymore.

  2. 1 hour ago, SquirmyElk2 said:

    (Absurdist nonsense) You know, some other antivirus software has browser extensions (that come with the software) and there are even extensions on the chrome store that block sites. I wonder if it would be a good idea if there was a browser extension that came with Emsisoft.

    that's what google would prefer, yes. browser mfgs would prefer third parties stop injecting code into their processes - you already can't do it with edge because of appcontainer isolation, and google and others are tired of being blamed for every browser crash that could be caused by third party code they have no control over. additionally, there are instances where code injection can unintentionally compromise browser security.

    re: hosts stuff, i would avoid writing large lists to your hosts file as it will significantly slow DNS queries as system has to examine it first.

    @Ken1943 - as i mentioned, other browsers using chromium (open source project) are merging in the same changes being made to chrome, as is mozilla with firefox (q4 2018 / q1 2019) so this is not purely a "google wants to know everything" concern.

     

  3. On 8/21/2018 at 12:02 AM, stapp said:

    Win 10  EAM 8843

    I have fast start disabled and I shut down machine each night.

    Each morning I then have to resize the BB list (via little drag down thing in bottom right corner)  so I can see lots of items at once.

    I would like the BB list to remember my setting for it over a Windows shutdown and startup.

     

    make that two requests - it'd be a nice QoL improvement, imo

  4. 14 minutes ago, Ken1943 said:

    I will use any other browser but Edge. To me it is worse than IE. Because fire fox has trouble rendering some sites, I switched to Chrome. Google spying ? I don't care as I don't have anything interesting to anyone else. Targeted ads ? they are stores I would go to anyway.

    There is a setting to stop the dns in Chrome.

    that's great and all, but appcontainer lockdown still breaks EAM's surf protection.

  5. On 4/10/2018 at 1:15 AM, GT500 said:

    It's a BitDefender detection name, and they don't publish a list of what all of them mean. Since it's a trojan it more than likely downloads a payload of some sort to install it, however trojans can have other functions as well, so it's hard to say for certain from just a name.

    yea, BD's name for it is strange. it's a banker/dropper trojan (fareit family)

  6. 20 hours ago, GT500 said:

    I would believe this has to do with AppContainer (our DNS filtering works via hooks, and AppContainer prevents hooks). If you have the option in chrome://flags for AppContainer turned on, then turn it off. There's no way that I know of to turn it off for Edge, so you'll have to wait until we can fix this issue (which will hopefully be soon).

    will your filtering be further impacted when the chromium project (and chrome by extension) start blocking third party code injection altogether?

  7. 13 hours ago, onbox said:

    what I know:

    • OpenDNS Home – 208.67.222.222 y 208.67.220.220 - FILTERING
    • Comodo Secure DNS – 8.26.56.26 y 8.20.247.20 - Security
    • Quad9 - 9.9.9.9 (IBM) - Privacy and Security
    • Norton ConnectSafe – 199.85.126.10 y 199.85.127.10 - Security

    The other  just alternative DNS services

    Please, If I'm wrong, please have someone with more information correct what I mentioned above... :rolleyes:

    Yup, you're correct.

     

    OpenDNS has limited malicious/bad site blocking (they focus on long-lived stuff like botnets) and phishing protection.

    Quad9 uses a bunch of vendors' threat intelligence feeds to block malicious and phishing sites.

    Comodo is vague, but claim they use RBLs. They aren't RFC-compliant with regard to DNS TTLs. No idea whether they redirect on NXDOMAIN (I don't trust Comodo as a company, so I haven't used this svc)

    Norton uses their own threat intelligence feeds to block phishing, malicious sites, etc, but last I checked, they redirect instead of returning NXDOMAIN, and partner with ask.com for that monetization stuff (yuck).

    • Upvote 1
  8. Seems like it's this blocklist: https://iplists.firehol.org/?ipset=bbcan177_ms1

    this particular list hasn't been touched since january 8, 2018 - not like stuff on the internet changes all that often, right? :rolleyes:

    imo, a lot of these user-submitted lists are junk and are really poorly maintained - this particular list includes IP ranges belonging to CDNs used by a ton of reputable services including github (and emsisoft, and any other customer of highwinds). maybe that's why the maintainer hasn't updated - he can't push his changes to the git repo :D

  9. 25 minutes ago, maniac2003 said:

    Can you show what you mean, I can only sort the columns. I see no boxes to tick/untick.

    okay, that sort of works. Still not as handy as before. Also can't recall older scan logs that way, as they don't show up.
    No prize for me then. Components filter how??

     

    snip_20180106201009.png
    Download Image

     

    looks like you might be on an older product build. this is what the current one looks like:

    emsisoft.thumb.png.5a5dd339e2ef948e41ade501c009436c.png

     

  10. 3 minutes ago, JeremyNicoll said:

    Firefox here does not auto update independently of having it running.  The main FF task notifies me that an update is available if I wish to have it downloaded.  There IS another task used to perform the update and restart FF, but it only does that when I choose it.  (maybe there's an option somewherre in FF that dictates how this happens?)

    Chrome - I'd thought that it did work the way you say - a year or two ago that did seem to be the case.  But last time I started it, it was quite a long way out of date which suggests that for whatever reason there isn't/wasn't on my machine a started-at-boot lets-update-Chrome task there either.  Hmm, I just looked at Services; there are two Google update tasks, but neither is running.  It's a pity that Windows doesn't show when they last ran.

    yea, there must be a setting because I only have FF for testing and it's always up-to-date on launch. in task scheduler on my system (win10), it shows next run/last run and last exec status (successful, etc) - last execution in my case coincided w/system boot. looks like the task parameters for one are "at logon" and "at 19:09 daily", second task fires at 19:09 and executes hourly for one day then stops.

  11. 1 hour ago, stapp said:

    @m0unds

    I hadn't been online with Opera or any other browser at that point. I had only been  on the Desktop and EAM GUI.

     

    I was asking because if Opera is like Chrome or Firefox or lots of other browsers, it has a silent automatic update process that launches when the machine starts, and can update the browser regardless of whether you're actively using it. The folder hierarchy reminds me of Chrome (version # in the path) and it would make sense if it had updated, and the version change removed the old folder, causing EAM to remove the rule because it no longer applies.

  12. On 8/25/2017 at 0:05 AM, stapp said:

    Win 7 64 bit via autoupdater.

    Beta is running very smoothly so far. Malware scans and context menu scan both work well.

    It took 20 minutes before my laptop autoupdated after boot (debug logs below)

    For some reason Forensics show that I deleted the Application rule for Opera before the beta update (I didn't touch it, I promise, I didn't even open my browser either!!) see screenshot.

    I will have to follow this up, but when looking at a log in GUI, eg. updates, I went to Forensics and it refreshed with info on a scan I had done. The auto refresh knocked me back to the updates log.

    But overall at this early stage all is running well :)

    EDIT.. no issues with an autoupdate to Win 10 pro 64bit.

     

     

    7904.PNG
    Download Image

    a2service_20170825062028(924).zip

    Did opera happen to auto-update before eam deleted the application rule?

  13. 29 minutes ago, GT500 said:

    Open Emsisoft Anti-Malware, click on Protection, click on Behavior Blocker in the menu at the top, and change the option at the bottom from Auto resolve with notification to Alert. When an alert is displayed, there's a "More info" link you can click on that will take you to the hashes so that we can look it up on VirusTotal.

    Yep, that's how I run the product, however in the case of this particular file: 

     

    5 hours ago, m0unds said:

    The BB dialog is blank except for the action the file is taking.

    See screenshot below

    Untitled.png.77a8ffe49bbba262521ada215e7d2f8a.png

×
×
  • Create New...