JeremyNicoll

If a2 processes are terminating unexpectedly you should be able to find eventlog records [probably in Control Panel - Admin Tools - Event Viewer, or Win10's equivalent] that describe the type of error/exception and the offset and module they are occurring in, which is information Emsisoft will need to track down the cause. At the very least you could note for yourself whether the type/offset/module are the same each time.

Emsisoft got rid of loyalty discounts a year or two ago, saying that instead they'd just charge everyone the same. Maybe you missed that if you were in the middle of a several-years licence? They do discount the one-PC one-year amount though, for multiple PCs and/or multiple years. What's your renewal amount for - how many PCs and how many years?

Aren't the extended support dates shown on those pages only applicable to large companies who pay MS shedloads of cash to continue that support? It's not available to normal users. Companies might do this if they have - say - tens of thousands of old PCs, probably running custom software, and it's too expensive to replace the PCs and get newer software (or the company who wrote the old stuff may not exist any longer). It also typically applies to devices with embedded versions of Windows in them, eg medical monitors. See eg: https://blogs.windriver.com/wind_river_blog/2019/11/windows-7-end-of-life/ and https://www.techrepublic.com/article/71-of-medical-devices-still-run-on-windows-7-windows-2008-and-windows-mobile/

Excellent.

Well then, maybe next time someone should remember to post (that it's being looked at) in the EAM forum. Otherwise customers think nobody knows or - worse - nobody cares. The thread there ran for two days before anyone from Emsisoft commented.

Do Emsisoft have no automated monitoring of the update servers?

You've not yet adequately answered my questions. I have however noticed that EAM hasn't nagged me recently; does that mean that someone's tweaked the code to stop the nagging, or is it just coincidence (since the nags seemed to be at irregular intervals)? If the nagging is going to continue, then please explain once and for all WHY this authentication is needed for a user who is not using the website-based console. Please also address all the other points I've raised here, namely: - the possibility (if there's not multiple instances) that your backend server is a single point of failure - the possibility (if someone manages to hack into those server(s)) of the security of customers' systems being at risk. I'm sure you won't have forgotten that an Emsisoft server was breached in Jan-Feb 2021. I know that was reported as a fairly minor data leak, but that doesn't mean that other kinds of breach are impossible. I wonder how much thought Emsisoft have given to how they'd mitigate effects (on customers' systems) if such a breach were to occur. And, do you run disaster-recovery tests on your infrastructure? If eg a data-centre which houses your servers burns down (as did OVHcloud, Strasbourg, France, in March 2021) how long will your customers be affected for? - the point about the website console, if one chooses to change to "Local Only" resetting my (private) PC's EAM configuration to default - two problems there: why would it reset anything, and secondly how/why (if my PC is not authenticated to the workspace) does it have the right to perform a reset? - the tooltip text for the "Local Only" option I do not think I have muddied the waters with conjecture. But note that "conjecture" means speculation based on inadequate information. The very fact that I've been asking the initial question here (about the nagging) over and over again without a proper answer being given has not helped. Questions about single points of failure etc might have been less relevant before when your customers' systems were less tightly integrated with your servers; I mean all of us could cope with occasional absences of signature updates. But centralised control of our copies of EAM by your servers considerably heightens risk for customers. I would like you to understand that I ask about these things based on my professional experiences in a UK bank's datacentre.

Google translate says that text means: "you can't extend full path view in main window, you don't know what the file is, especially if the path is long or medium! (After Scan = Last Result) This error is in the latest versions" Is it possible to highlight the path and copy it elsewhere?

You don't say which version of EEK you were using. I've never used it so don't know if that's a known problem or not, but unfortunately Emsisoft's current version of EEK is for "Windows 10 (64 bit), Server 2016, and higher". They probably won't support a Win 7 problem and even if the same issue happens on W10/W11 a fix might not work for you. Maybe another user will know more.

I'm just a user, not an Emsisoft employee, and I have never used the Business version of EAM so if it's significantly different then what I write may be irrelevant. It's not entirely clear from what you write whether the "one bit of software running on a single computer" is only installed on one computer, or is installed on more but only causing a problem in one instance. Is the software concerned something that only you (or your business clients) have, or can anyone install it? Does it do anything security-related? Does the machine with this problem have any other security software installed? What Scan Level do you have File Guard set to (Default, Thorough or Paranoid)? When the program is blocked, does it start and then fail to do something, or does it not start at all? Is it, for example, unpacking other programs or resource files and those are the things that are causing the detection, but - say - they're not placed in any of the folders you're excluding? Edited later: Files placed in TEMP quite often cause this sort of problem, and if they have random names that can make excluding just the right ones tricky too (since one is unlikely to be willing to risk excluding the whole of TEMP). I realise that excluding the whole of C:\ probably suggests that unpacking to somewhere isn't the issue ... unless the machine concerned has other disks? Or, is there any possibility that the software concerned implements a RAM disk or some kind of virtual file system for its own use? On that sort of topic, is the software running in a VM? Have you asked whoever supplied this program whether there's any known problems making it work with anti-malware software (from any/other vendors)? Is EAM giving you a specific reason for the block, eg that it thinks the program (or eg some process it attempts to start) has a specific problem? Do any files get quarantined when the block occurs? I suppose it's possible that whatever it is detecting might be a false positive, and if the detection signatures get updated the problem will go away.

And another thing... There's tooltip text on the three options: "Local Only", "Local & Remote", "Remote Only". The text for "Local Only" says two things; the first (which makes sense) says: "Protection settings are managed on the local device only." but the second means nothing to me. Maybe it's not worded very well? It says: "Data exchange between the device and Emsisoft Management Console are limited by protection status only." Should that say "... are limited TO protection status only." ?? Right now I can see (on the website's main pane - the one where my PC is shown as "NOT MANAGED") when my copy of EAM was last updated and the number of items in quarantine... but I don't quite understand why even that much information is apparently able to be shown by the website when my PC has not been /authenticated/.

Thank-you for the suggestion. I logged-in to My.Emsisoft for another look. On the initial display, in the pane named "Managed devices" my PC is shown as "Not Managed", which seems pretty clear to me. Not obvious at all, there's also a three-way choice under Settings: "Local Only", "Local & Remote", "Remote Only" , of which it appears that the middle option "Local & Remote" is set. I was about to change this to "Local Only"... but I get a warning that "Changing the security management immediately affects all devices in your workspace. By switching to local management, protection on all your devices will be disconnected from protection policies and reset to factory defaults." I certainly don't want all the configuration setting on my PC's copy of EAM to be reset to defaults. I want them left alone. Then again, perhaps the warning doesn't mean that they'll be reset - after all, how would that reset command get sent to my PC in the first place if it's never been authenticated to this wretched central-server? And what does that "disconnected from protection policies" text actually mean? Whose "protection policies"? Does that mean (for anyone who has been using the central server control) the current settings managed centrally? What about people not yet using that facility?

You're not getting the point. I don't much want to change to another product as I've been happy for years with EAM's core function. Controlling EAM from my own PC, right in front of me, works fine. I have no need to use the PC I am sitting at to login to a website to have an Emsisoft server then communicate my wishes to EAM on that same PC. It just adds needless complexity. I'm also not wildly happy about the idea that any external entity can affect the way I configure security software on my PC. How can Emsisoft /guarantee/ that no hacker ever gets access to those servers? I absolutely 'get' that someone responsible for security on tens, hundreds or thousands of corporate PCs might love such a facility so they could configure everyone's instance of EAM in a consistent way, see infections on affected machines etc from a single point ... but /I/ don't need it, and I can't see why any typical home user would need it either. I /think/ that the authentication is all about enabling the link between my logon at the website, the central servers (I sincerely hope there's not just one - a possible single point of failure in all of this), and my PC ... and I do not want such a link to be enabled. But - for users like me who have no interest in controlling their copies of EAM this way - I don't understand why we can't just opt-out and not keep getting nagged about it.

The point is, though, that my fully-licenced copy of EAM is still getting updates (as I would hope it would), and is working (as far as I can tell) perfectly. No-one will tell me what extra facility /that I need/ will suddenly start working if I do the authentication. I have zero interest in managing my PC's use of EAM from a web interface.

@David Biggar- so what? What does my instance of EAM fail to do, that /I/ need it to do, that requires that communication to be working properly? I keep asking this and no-one explains.