JeremyNicoll

Member
  • Content count

    432
  • Joined

  • Last visited

  • Days Won

    4

JeremyNicoll last won the day on January 26

JeremyNicoll had the most liked content!

Community Reputation

9 Neutral

About JeremyNicoll

  • Rank
    Forum Regular

Profile Information

  • Gender
    Male
  • Location
    Edinburgh, Scotland

System Information

  • Operating System
    Windows 8.1 x64
  • Firewall or HIPS Software
    EIS

Recent Profile Visitors

3963 profile views
  1. If you're viewing a picture in a browser then the browser has downloaded the picture and displayed it. If there's a vulnerability in the graphics support in the browser then surely a 'specially crafted picture' (as Microsoft would typically describe it) could infect you? In essence, the file has been 'opened' by the browser's graphics support.
  2. See:
  3. You're going to have to do the things mentioned in the forum's "Start Here" announcement - right at the top of the forum's main page.
  4. Is there a missing disk letter in line 4 of that script?
  5. As far as I understand what pallino is saying, having gone to the BB overview which forced a reputation check, none of the items thus identified as malicious were then quarantined. Yes, ok, maybe they weren't at that moment doing anything actively malicious... but if you're not going to act on the bad reputations then, what's the point? No-one wants unnecessary programs running, especially if they are using lots of CPU - it's going to be wasting power, generating heat etc if nothing else. Would it be so hard for the BB to ask the user whether such things should be quarantined then? And, if they are actually executing, terminate them?
  6. Even if NVIDIA might not take much notice of Emsisoft complaining about that, isn't there any kind of AV-vendor consortium that could pressure huge companies to sign their stuff? It must be a pain to you all.
  7. > A ton of applications do excessive DNS lookups. ... But wouldn't an NVIDIA driver be signed & therefore trusted?
  8. Fabian: > they use a DGA to generate domain names, then try to resolve those names. Isn't a whole series of DNS lookups itself an indication that some app is attempting something that might be iffy? Clearly good apps do that too - but more common apps doing so, ega browser, are going to be on the trusted apps list.
  9. A while back, Arthur said: They are almost certainly stuck trying to contact a C&C server that no longer exists So what does that mean? Does malware typically use DNS to find the IP address of such a server, or are the addresses hard-coded? Does "trying to contact" mean that the malware is sending something (a request for instructions?) but no server ever receives it? If that's so, how does EIS distinguish between that something being sent, and any private information (eg machine configuration?) being sent? I wouldn't want any malware doing anything at all on my machine.
  10. Logs sent, using method described above.
  11. Aren't such dumps (sometimes/always?) saved in the paging files when they occur, and only copied out of there and into the nominated disk dump file when you reboot?
  12. > Unfortunately more aggressive checking of running applications causes performance problems. That surely depends on the capability of the user's computer? Wouldn't it be better if more agressive checking was something that people could turn on if they're willing to take the performance hit - which in nay case might not even be noticeable on some systems.
  13. Ah, I see it's the new permissions system. But, after signing-out from my ordinary user and in as an Admin id (under W8.1), and using the EIS GUI under the Admin id to grant my ordinary user 'full access', when I signed out of the Admin id and back in as the ordinary user, although I see that the greyed-out stuff is now accessible again, it DOESN'T get the full access that the Admin id had. In particular there's no Permissions tab at all. The explanation at: http://blog.emsisoft.com/2017/02/01/introducing-emsisoft-product-updates-new-versioning-scheme/ does not say that that difference will exist (I used the 'Custom' feature to specify 'Full Access' for my ordinary id).
  14. I noticed settings were greyed-out in this new version of EIS, an hour or two ago. Since then I've done a complete/cold shutdown and reboot, and the same situation continues. Any clues? Oh... and it's still not possible to c&p a version number from the About screen. Why's it so hard for you to make simple changes like that?
  15. With all these various tools, I note that some people think some are better than others. Is that because they seem - more robust, or they have better documentation (if they have any) for what the options do, or better support from their authors.... or more to the point that there's some way to see what spy operations are being blocked? Do people also run tools like Wireshark (if that's appropriate) to see spy traffic being sent before they turn on these products options, and then see the traffic no longer being sent?