JeremyNicoll

Upload a copy of fwchksd.exe to Virustotal - https://www.virustotal.com/gui/ - and find out what other vendors make of it, for a start. Google suggests it is part of Lenovo's firmware update utility; maybe you should ask about that on the Lenovo forums?

I expect Emsisoft support will need to investigate, but meantime perhaps you can look at the cpu use of the a2- tasks, that is a2start, a2service, a2guard in Task Manager (use the Details tab and make sure the CPU column is visible - if not, right-click on the column titles and choose Select Columns), or Process Explorer or Process Hacker if you have either of the latter installed. Ideally have the TM/PE/PH display open and the cpu column visible before you try to start a scan. Here, a2start and a2service both fleetingly get busy when I start a context menu scan. In your case I wonder if eg

More recently than the thread you linked to, I had a somewhat similar problem (under Win 8.1) where the scan got done by EAM but then there was a few seconds of no response between me dismissing the scan results page and returning to explorer. I eventually realised that I was dismissing the results page by clicking the "X" in its top-righthand-corner, and tried changing my habits to click on the "Close" button (under the results), then "X" on the screen that's displayed after that. That "solved" it. Right now, with the current version, it seems to make no difference which one I click.

Who knows? Have you followed the advice given (at the "Emsiclean" section) here: https://help.emsisoft.com/en/1787/how-do-i-completely-uninstall-an-emsisoft-product/

I've no idea from an EAM point of view, but it's possible to turn on auditing (in eventlogs) of process creation (and termination), and once you have process creation being logged you can turn on logging of the command lines used to start processes. Process creation logging might be enough (as it'll show who's issuing the command, I think). For auditing process creation etc the 'proper' way to do it is via gpedit, but you can also do it from an elevated cmd prompt using the "auditpol" command, as follows (as used by me on W8.1 but I exepct it'll work for W10 too): Auditpol.exe /set /sub

Also, the reason you're being asked several times per day is probably because you have "Settings - Advanced - Quarantine re-scan after updates" turned on. That is, every time EAM gets new signatures it rechecks if quarantined items have changed status. I don't know why you're not able to say "no" to the re-scan question, but turning off the re-scan might help.

For help having this analysed/fixed you'd be better to post in sub-forum: https://support.emsisoft.com/forum/6-help-my-pc-is-infected/ Be sure to collect the information, described in one of the 'pinned' posts (at the top of that sub-forum) that the analyst will need to see. This sub-forum is normally used for more general discussions.

Deleting the a2settings.ini file though will presumably revert other things to default too. If @fly60chooses this method they should note their settings first so they can reinstate them afterwards.

@fly60 you said: "Now I have never sat this password up and I do not know what the password is." It's an optional feature that can be defined within the EAM GUI, when you are logged-on to Windows as an Admin user. It's not something that makes much sense to define if you are the only person who uses your machine, but if - say - it is shared between family members, and whoever set-up EAM wants settings not to be altered by other peope, then it does make sense. Are you the person who set-up EAM? If all set-up was done by you, do you keep notes on what options you choose and why

@packerman EAM can create (plain text) debug logs - they're very large - turned on at Settings - Advanced. But they are meaningless to anyone who doesn't have both the source code and the knowledge of what the logic that's being logged is meant to be doing - so they're only useful to the developers.

@David Biggar- why is this problem affecting only one machine?

Well, I read your post when you first made it, but know nothing about Enterprise EAM, so stayed silent. I know (I think) that the home/business products are the same except for licence conditions, but maybe Enterprise differs? What versions of Windows do the desktop & laptop run? Are both completely uptodate regarding updates? Do either of them have any other security software installed? I would expect Emsisoft support to need debug logs from one or both systems, to get to the bottom of this issue. But there's no point in any user (like me) asking for those because we can't i

> Vainly tried to find this file It's not a filename/filepath on your system, but the name of a signature, ie a set of characteristics that tend to point towards the presence of a specific form of malware. > The affected file was a self extracting .exe of a plain text file that I created myself. Possibly the detection was a "false positive", that is something about your plain text file made Defender think it was, or resembled part of a malicious file. Bear in mind that scripts are plain text files. A file being plain text tells no-one anything about what it actual

This really needs someone from Emsisoft support to comment, as I have very little idea what could cause this. Though ... do you have some other security software installed that might be blocking the install of EAM? I ask that because when you say "I have to search in apps for Emsisoft and click on "run" each time and go through the whole process of "Do you want this program to make changes on your hard drive". " that sounds to me as if it's a downloaded installer that's being found and run each time, rather than EAM itself. When you do that search, does the search process tell you what

@stapp - I couldn't agree more! And even though I've got more than one pc licenced now (none of the extras set up yet - part of a careful migration to Win 10) they're all always going to be in front of me. For me, there's a heap of manual system maintenance things I do on each machine, and even if an online console made EAM-stuff simpler it'd not help for the other things, so there's no appeal for me. I do see that in some corporate cases it might help, though.