JeremyNicoll

Member
  • Content Count

    1367
  • Joined

  • Last visited

  • Days Won

    21

Everything posted by JeremyNicoll

  1. @Peter2150 > Bottom line. My EAM is happy and I am happy, Fine, but if there's a bug which presents a garbled message someone should fix it. @Gawg > Occaisionally I custom scan whole disk, and use the direct disk access option for anything that's ever or currently being flagged. Do you mean you have a custom scan using a predefined list of all the files that have ever previously been flagged? And when you scan those - which is not the whole disk - you have "use direct disk access" turned on? I can't see how you could scan the whole disk and only have "direct disk access" on for some items.
  2. > Send it manually to [email protected] It would be better if the link on the main page took people to a page that said that, before offering a 'visible' mailto.
  3. Why does the link URL look like a normal https:// one but not act like it? Is there a redirect in the page's headers? When, logged-in to the forum, I look at the list of subforums, I see eg "(22 visits to this link)" after the no-longer-a-subforum thing's name. Is this counter going to be present all the time? Presumably ordinary users can't read what other people post into that not-a-forum? Regarding "mailto://", I use webmail at the moment. If I wanted to send feedback that way - or maybe if someone else who uses webmail wants to - what are they supposed to do?
  4. If I click on the forum title "Feedback, comments, and suggestions", my browser (I've tried both Firefox and Chrome) pops up a dialog asking me what application I want to use to deal with it. This is not normal for what appears to be a standard URL: https://support.emsisoft.com/forum/85-feedback-comments-and-suggestions/ Has someone penetrated your web server?
  5. > I didn't see it as an EAM problem, but an artifact of MS. The nonsensical question in an EAM pop-up must have been an EAM thing though, even if the rest isn't. Maybe it's a template message which is supposed to have words or phrases inserted between parts of the text you saw... in which case someone should be able to work out how EAM could issue it without having the missing words defined.
  6. Click-to-Run - ah, do you mean: https://support.microsoft.com/en-hk/help/2028653/information-about-office-click-to-run-installations-and-about-related ? Was the object that ended up in Quarantine removed from the virtual file system that's apparently part of C-t-R, or the normal file system? @GT500 - What was the garbled pop-up that @Peter2150 mentioned at the start meant to be asking, and is that going to be fixed? Also, bearing in mind that the Quarantine gui panel I see (with nothing in Quarantine) does show a Delete button, why did Peter not see one? Since I see it, I would have thought its presence was in the code that creates the empty quarantine gui panel, and not something posssibly dependent on being able to describe the contents of the Quarantine folder. Assuming Peter was using a MS C-t-R application, and assuming that his logs show the name of the quarantined object, this should be reproducible. Peter, did you experiment with any of this wth debug logging on?
  7. Does the re-downloaded file also get quarantined, and then again and again? If it does it suggests signatures are still identifying it, which in turn casts doubt on the idea that EAM had decided earlier quarantining was in error.
  8. What does "click to run" mean? Is it something different from a normal installer/exe that a browser downloads where one can instead r-click it and save the thing before running it? It sounds as if you have two issues: the garbled/incomprehensible message you were getting, and also the Quarantine gui interface not showing you standard buttons. The latter surprises me, because - although I have no objects quarantined right now, the gui view of the Quarantine contents does have buttons, under the (empty) grid.
  9. Are you saying that (after answering, or not, the repeated question), that if you go into the Quarantine view, there's no object listed?
  10. /If/ the question was asking you if the thing should be unquarantined, then you did. The normal quarantine display in the gui has a Delete button, which is presumably active if you select a listed object.
  11. There's no reason why the average user would want to delete a falsely-quarantined file though... that's the sort of thing likely to cause grief. It's better that the unnecessary quarantine action is reversed. Of course if the quarantining has drawn their attention to a file they know they don't want, they can unquarantine it and then delete it as they would any other file.
  12. Alternatively, Settings - Advanced - Quarantine re-scan after updates.... you could turn this off so thing don't get rescanned (at least until GT500 can produce better advice).
  13. I think it may mean that the object shouldn't have been quarantined, but was because of a false positive. Now signatures have changed and it's possibly offering to restore the item to where it came from. (I'm guessing based on something I read in another thread a few days ago.)
  14. @bobbonomo - Your URL is wrong ("npr" not "pr"). Use: https://www.npr.org/2019/03/10/702028545/googling-strangers-one-professors-lesson-on-privacy-in-public-spaces
  15. I should add: I have notes which suggest the remap (recalculation of a machine key based on its connected hardware) can happen up to 5 times per day before you have a problem. You can temporarily get around this by limiting EAM's update frequency to "every 6 hours" which means it'll only remap four times per day. I know this is going to cause me problems because my next desktop PC is going to have multiple caddied drives on it.
  16. If you search here for that error message you'll see it normally means either that the same licence code has been seen in operation on other machines (or on more other machines than the number of machines you have a licence for), or that the hardware in your machine keeps changing so that EAM thinks it's being executed on different machines. Are you eg changing the drives on the machine?
  17. I should have said: if you can restore the file concerned to some place, then - unless you already know exactly what it is and whether it is safe - then provided it isn't confidential upload it to VirusTotal - https://www.virustotal.com/en-gb/ - and see what all their tests say. If it really is a 'false positive' report it as such on the False Positives part of this forum and provide the URL of the VirusTotal test page where the report is. You should (again if you are sure it is safe) be able to define the file in EAM's Settings - Exclusions, to stop you being bothered by it until/if Emsisoft update the code so that that file isn't detected in the first place. I'm a little surprised that you're seeing a popup that says "False positives...". How does EAM know that the file is a False Positive? Surely that's a determination that only a user can make?
  18. Well, what IS the file, and perhaps more usefully, what are the location(s) concerned?
  19. I've been paying more attention to what happens. I think the code is remembering what window is active at the instant that the notification pane slides on to the screen. But if the user then does other things before clicking the pane's dismiss button, focus is restored to the remembered window, not the one in use just before the dismiss. I've replicated this by, for example, using Firefox to read webmail and when the notify pane arrives, opening a text editor window, then dismissing the pane. Instead of focus returning to the text editor (which at that point is the window dominating the screen), the underlying Firefox window is brought to the front.
  20. Win 8.1 64 bit, EAM 2019.2.0.9269 Every time (or maybe almost every time, I'm not sure) I click on the X in the top righthand corner of the notification pane, the window to which 'focus' is 'restored' is not the window that I was actually last working on, but (I think) the one before that. This has never before been a problem, but seems to have started happening in the last two or three days.
  21. > I can finish the anti-malware process using the Task Manager (the processes are hard to kill, several attempt are needed). Just as well! If they were easy to kill then malware could kill them.
  22. It's the same thing - "a2antimalware" is the person-readable name of the service but "a2service.exe" is the name of the actual program. You'll maybe see that if you look in the "Processes" or "Details" tab, if your version of TM has them, or if you turn on the appropriate display column... There's different things visible in different places in different versions of Task Manager... and I use something else ('Process Hacker') instead anyway.
  23. > reduced contrast... @Jimbo - If you mean grey text on a white background, I'm not a fan either. But have you tried Settings - Advanced - Appearance? The 'Dark' option makes the background colour of quite a lot of the GUI black, with white and coloured text on it. You might find it easier to read. No apology required.