JeremyNicoll

I don't know the answer, but it might help others if you tell us exactly what version of Win 10 is now installed. Also, how did you do the Win 8 -> 10 upgrade? What anti-virus/malware application was installed on the Win 8 system? Did any of that survive the W8->10 upgrade?

If there is a batch way to do this (I don't know), how would you suggest it should be made secure so that malicious scripts cannot turn protection off against your will?

This always slightly worries me. It suggests that a malicious executable could be packed as (in essence) a program which starts off with an instruction (or a handful, whatever's needed to make it legitimate loadable code) that says "jump forward a long way" followed by random junk, followed by the payload.

Ah. I think at some stage I may have found that clicking an entry (in the Surf Protection settings) doesn't do anything and never tried it in the Exclusions settings. I suppose the reason one can't just type changes in the former is to ensure that the action decision etc end up correctly formatted/set.

Here, if one used the "Add folder" buttons in the Settings dialog, the result does end in a slash. There's no option that I see to edit an entry eg to add a slash... you have to use the right button file/folder in one list, program/folder in the other. It's not obvious how one would add a symbolic value either as the "Add Folder" option opens a folder chooser, with nowhere one could type an environment variable's name. maybe you could do that in the 'add file' option? Also, environment variables' values (when part of paths etc) don't end in slashes so even if there is a way to specify something symbolic as the Settings dialog claims, it wouldn't work.

> You can double click ... Ooh! So one can. It's funny, I never thought of trying it... but that's because the other things one can click on in that screen respond to single click. So if you do change these to work the same way that will help, I think.

Why not put the arrows on the left? Or ditch them and make clicking on the section titles do the same thing.

Hmm. In Settings, I think it's odd that you can click on one of the top underlined section names and have that named section open, but you can't click it again to get the section to shut. It's also odd that while clicking on those top section names does open a section, clicking on the large (white on black, here) tab titles has no effect. I see (just, seeing as they are in a faint grey on black here) that you can also click the sections' up/down arrows... but they're way over on the rhs of the window, and hard to see. What happened to the idea of keeping things one might want to mouse over all close together - eg why not put these up/down things at the lefthand side? This all seems like a backward step from the tabs we used to have. Wasn't one of the reasons for getting rid of tabs meant to be so that everyone could see everything on one big list? And now you want to hide sections of it to make it less confusing? Why not just bring back tabs? At least they worked in an easily-understood way.

Also, I see that for now, Settings -> Export -> Host rules does export a person-readable file (despite its name of a2user.dat which might imply otherwise) but it only contains the user's own rules. Why, precisely, are you now hiding the internal rules?

Why is it possible to type characters not valid in hostnames into this search box?

I have no idea. The question is: were you doing things in fullscreen mode?

Here, typing some substring that's not part of my only defined rule removes it from the display below... which with only one such rule, is hardly useful. I think it's a backward step not to be able to see the contents of the builtin list.

"Silent mode" doesn't turn off protection; it just means that EAM will not try to disturb whatever you are doing in fullscreen mode (eg using a browser, or looking at pictures in fullscreen, or playing a game, or watching a video). However if you were not using the machine when all these things were logged, that's odd. It's also odd that so many of the log entries are at hh:mm:20. Why always :20 I wonder? Ah, I think I've seen this before - EAM's not noticing at the exact moment that you go into fullscreen mode or come out of it, but re-checking every minute... so if you're going in and out of fullscreen mode, you'll not see the actual times you do that, but see each time EAM checks.

Are you sure you see only 300 MB - I'm running a custom scan at the moment (not looking inside ZIPS etc though) and Process Hacker shows a2service reaching 750 MB for its 'Private bytes' and about 120-150 MB less for its private working set. (That's on a W8.1 64 bit machine.)

I don't have the extension installed anywhere yet (been busy, thought I'd wait until I had time to get used to any foibles it may have, and also waiting to see if the warnings started working). Firefox is installed in: "C:\Program Files (x86)\~M-folder\Mozilla\". The "\~M-folder\" part is definitely of my doing. The " (x86)" part is probably because Firefox, although I'm running a 64 bit version, presumably updated in-place from a 32 bit version at some stage. I would have expected your code to be checking an appropriate registry key, maybe: HKCU\Software\Mozilla\Mozilla Firefox to find the installed version and then (since some values seem to be stored per base version as well per installed language) eg: HKCU\Software\Mozilla\Mozilla Firefox 64.0.2\extensions. Are you instead just looking for a specific filename in a standard folder?