JeremyNicoll

Member
  • Content count

    915
  • Joined

  • Last visited

  • Days Won

    12

JeremyNicoll last won the day on January 6

JeremyNicoll had the most liked content!

Community Reputation

26 Excellent

About JeremyNicoll

  • Rank
    Forum Regular

Profile Information

  • Gender
    Male
  • Location
    Edinburgh, Scotland

Recent Profile Visitors

6203 profile views
  1. NEW 8461 Beta

    Fine here too, as far as I can see.
  2. Emsisoft error

    Your first screenshot looks just like the one in discussion: https://support.emsisoft.com/topic/29146-post-installation-issue/ I'd suggest you also run the FRST scans and diagnostic scan that Emsisift support asked for in that thread. Maybe Emsi's support person (GT500) will see something in common. Also note the questions asked there about other securuty products. Do you run others as well?
  3. No Update

    Is there an entry in the Forensic Log saying an attempt is being made? If you click on it does it show any detail? Where in the world are you?
  4. BSOD query

    @Scootouchard - when you say your memory dump is "over a GB" do you mean just slightly over, or many GB? And is this the size of the file as soon as the dump has been taken, or after you've compressed it (with eg 7-zip)? If the uncompressed dump is only slightly more than 1 GB, unless your PC has a very small amount of RAM, the dump won't necessarily contain the data that Emsisoft would need to see. A full dump is normally at least the size of the amount of RAM in the machine - eg in my 8 GB RAM pc, a full dump could be 8 GB (for all the data in RAM) or even bigger (if the paging file(s) contained much). The standard instructions for making sure that when your system dumps all the contents of memory are dumped are: Hold down the Windows key (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and hold down the R key to open the Run dialog. Type in control system and click OK. On the left, click on Advanced system settings. In the Startup and Recovery section, click on the Settings button. Please ignore the System Startup and System Failure sections. In the Write debugging information section, please change the first option to Complete memory dump (it may say something like Small memory dump, Kernel memory dump, or Automatic memory dump). The Dump file field should say %SystemRoot%\MEMORY.DMP which means that it will save the dump as MEMORY.DMP in your Windows folder (usually C:\Windows). If it does not say %SystemRoot%\MEMORY.DMP then please change it so that it does. Make sure that Overwrite any existing file is selected. Click the OK button, and restart your computer to save the changes In my experience, once the dump has been collected and I've rebooted I've had permissions problems compressing it. I get around that by moving C:\WINDOWS\MEMORY.DMP to the desktop then copying it (and then deleting the original file). After that I compress the copied file... and that smaller file is itself typically (for me with an 8 GB system) between 750 and 850 MB. I tend then to upload the compressed file to my Dropbox and PM the URL to Emsisoft.
  5. No Protection when you start Windows?

    You're forgiven... but next time you provide a screenshot (for any product's support) tell the people concerned if it's not actually a screenshot that was made when the problem was manifesting itself. I guess in this case you only really wanted to show the lefthand tile's red colour, and maybe the "No Protection!" message and the four Xs under it.
  6. No Protection when you start Windows?

    So, andrey, when you see protection appearing not yet to be on at startup, the thing you are asking about, the screen DOES NOT have the " Protection paused for 10 minutes." text on it? It would have been better if you said at the start that your screenshot was MISLEADING.
  7. No Protection when you start Windows?

    > No, Jeremy, this is a real screen, it's not turning off protection from the context menu, really! What do you mean, " a real screen"? It's a screenshot, which I assumed you included because it is what you see. And at the top righthand corner it says "Your computer is NOT protected" and underneath that, it says "Protection paused for 10 minutes." So either YOU paused protection, or EAM thinks you did.
  8. No Protection when you start Windows?

    Surely this is nothing to do with a slow start-up. The screenshot shows the user has /paused/ protection.
  9. No Protection when you start Windows?

    According to your screenshot, protection is paused. Did you do that (before rebooting?) from the systray menu > Pause Protection > submenu?
  10. NEW Core.. notifications

    Excellent!
  11. Install problem

    Where in the world are you? (The CDNs have different servers in different countries.) This being Saturday, you might not hear from an Emsisift staff-member until Monday.
  12. BSOD query

    Are there records in EventLogs? IIRC (with XP and Win8) when a system is booted after a BSOD there's sometimes an eventlog record created recording the previous BSOD.
  13. BSOD query

    Oh - and is this with a native OS, or are you running a guest OS within a virtual machine? A few hits on google suggest this BSOD (though not implicating epp.sys) is not uncommon in VM environments. I'd not have thought that the epp.sys driver would get unloaded very often - though I'm only guessing - but I wonder if logging out of a userid when EAM's not set to start at Windows startup might be an opportunity - to load (at login) and unload (at logoff)?
  14. BSOD query

    Which version of Windows? And with what parameters - there should be a note of a memory address, a 0/1 flag and mabe a second address listed too. Are the values always/ever the same? See: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0xce--driver-unloaded-without-cancelling-pending-operations
  15. NEW Core.. notifications

    > The update process was successfully completed." -> this is the forensics entry for when a notification was shown. when you have that notification disabled in > Settings/notifications, there won't added be such forensics record Both the messages are classed in the log as "Core Notification" so surely they both represent notifications? All my notifications are enabled, and set to display for up to 999 seconds. I usually dismiss them by clicking the grey X at their top rh corner. The log contains "The update process was successfully completed." log entry about one time in three or four. So I ask again, what's the difference between the two messages?