JeremyNicoll

Member
  • Content Count

    1877
  • Joined

  • Last visited

  • Days Won

    29

Everything posted by JeremyNicoll

  1. @GT500 It might be, but it's incredibly unintuitive to anyone /who has something installed/ to think they'd have to install it again. Do you not see that?
  2. > These are all logs generated with this BAT tool. No. The BAT tool sets Emsisoft-specific registry keys. Then /EEK/ generates the two kinds of logs. It's good that the logs seem to show a problem. But bear in mind that although that exception does look significant - if it's prevented EEK from properly terminating a scan - logs often record 'failures'. Code might eg look in a set of different places to see if some flag is set, and not find it in most of them, but will still show that it did look in those places.
  3. Why would someone who already uses the product and has it installed do that?
  4. I'm surprised you think that the Scan Engine debug log wasn't created ... when you've attached a file named "a2engine..." Surely that file IS the /engine/ log? There is no reason to emphasise that you're using EEK rather than EAM. Everyone reading this knows that. And, @GT500 repeatedly referred to EEK in his instructions.
  5. @maki The debug logs only make sense to the developers, as they know precisely what the code that creates the logs is meant to be doing.
  6. @maki It is better to attach (zipped) debug logs, as that way only Emsisoft staff can read them. (It is /attaching/ that makes them secure, not zipping.)
  7. Not necessarily. If no-one who has the WSC integration problem tests the Beta, then how are Emsisoft to know if the changes helped? Trying a Beta is a bit like being a participant in a drug trial.
  8. @maki - I'm a /user/ not an Emsisoft support person. Is your comment about EEK not having logs in response to my question about eventlogs? Eventlogs are part of Windows. If EEK is crashing because of unhandled exceptions there should be eventlog records describing that. You need to look for those. You say you're using Windows 7, so see: https://www.sevenforums.com/tutorials/226084-event-viewer-open-use-windows-7-a.html Please explain EXACTLY what you mean by: "There is an identical problem in the IT service." What is "the IT service"? You say: "Seeing that users are having a lot of "stuck" problems, this disqualifies a tool ..." THIS IS NOT THE CASE. In English, people say "things are stuck" for all sorts of reasons. When you searched for the word "stuck" and got lots of hits it DOES NOT prove that Emsisoft products often get stuck. For example, hits in the "my files are encrypted" subforum HAVE NOTHING TO DO WITH EAM or EEK. When you say: "Everything was tested so it is closed to discussion." ... do you mean (just) that your systems repeatedly have this problem? If so, hopefully Emsisoft can work with you to find out why. What do you think is significant about these three lines: 15:52:57.560 16980 DoImp: 1; LastError = 87(Parametr jest niepoprawny) 15:52:57.560 16980 <- DoImpersonated(0)= 0; p:0; t:0 15:52:57.560 16980 Warning: GetProcessUserFullName: DoImpersonated call failed, using direct call
  9. @GT500 - the modern trend with software is to provide no manuals, or only the most basic user guides - I don't know why any software vendor thinks that's a good idea. The long-established idea of: buy software, get licence code, enter it somewhere in the software .. is simple and common to many applications. Even so, in most of the cases I've seen the email that delivers a code to a user comes with instructions on how to install it. That often includes statements like: "use copy & paste", or "detach the attached file and then drag it into such-and-such a dialog". If every company writes their own replacement for this, then it means users have to learn umpteen variants on a theme. It's NOT as simple. If you must do it, it needs proper step-by-step documentation, ALWAYS provided to the user (ie not something they have to hunt for) and it would certainly help if there was an explanation of why things had changed.
  10. @GT500 - Firefox "Safe mode" is not the same thing as "Private browsing". See eg https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history https://support.mozilla.org/en-US/kb/extensions-private-browsing
  11. @maki - I am not sure if you are talking about one problem or several problems. An "unhandled exception" would normally be bad code in a program (eg dividing by zero, or trying to access memory not owned by the running process). If EEK stops for that sort of reason there should be an eventlog record describing the problem, giving the address of the program instruction that was trying to do something invalid. Do you have any eventlog records for the problems you are seeing? EEK not being able to examine files that are in use by other programs: you say you think that ESET, Malwarebytes don't have this problem. That could mean one of two things: (1) when ESET/Malwarebytes cannot look at in-use files, they don't tell you that, but just skip them and carry on (2) that ESET/Malwarebytes somehow force access to those files. That (I think) would be a file-system integrity violation. Is it even possible? For example could ESET etc read the disk hardware directly rather than ask the OS to "open the file"? I don't know if that's possible (I mean: of course it's possible to read disks directly, but a secure OS shouldn't allow it without first checking that the program trying it is allowed to).
  12. There's a problem in the GUI, when setting up a Custom Scan. The lowest option in "Scan Settings" is only partly visible.
  13. I agree with all of that - auto-renewal is bad, and the additional website just brings unnecessary complications for home users.
  14. Can I suggest you try this in Firefox "safe mode" - see: https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Also, how often do you clear cache, history, cookies, site data etc? I clear ALL of that, usually once per day. But some people hardly ever clear stuff (which has the advantage that FF remembers things for you but the disadvantage that you don't know what it is remembering). There's some suggestion (at: https://stackoverflow.com/questions/30532471/firefox-redirects-to-https - which I realise is an old Q&A) that "site preferences" might be the cause. Googling for help on how to control site preferences suggests: via Tools - Options - Privacy & Security - Cookies & Site Data - Manage Data ... but then the display (at least for me) only shows cookies. I /assume/ that site data is the list of things you can see for a site if, when connected, you click the shield and/or padlock to the left of the URL bar (or right-click the page, choose Page Info, and then explore the Permissions and Security tabs). The suggestion to clear "site preferences" has been up-voted 200 times, so it must be a good possibility. However, if you've intentionally (or otherwise) stored lots of preferences, losing those would be annoying. There's also suggestions about various internal settings in FF (accessed via about:config). If nothing there helps, I'd suggest you ask on the Firefox support mai list; you can find info about that at: https://lists.mozilla.org/listinfo/support-firefox Be aware that that's a public forum, and not everyone who answers questions is an expert, but there are people there who know far more about FF than I do.
  15. No they don't. Those hits on the word "stuck" are on questions right across the whole forum - eg some are in the "my files are encrypted" subforum (eg when people say they're stuck becaue their files are inacessible), some in the Beta forum, most in the EAM forum, some in others...
  16. For quite a while (years, I mean) I've run EAM with debug logging on all the time and relied on rebooting the machine every few days to force active logs to be closed, and new ones to be created, and deleted the old ones whenever it occurred to me. But I reboot much less often now. So I manually disable and re-enable debug logging just after midnight each day, and also after the end of whole-system scans, and every few days I delete the oldest sets of logs. In the last few days I've changed this slightly. Now I'm trying to get into the habit of, when re-enabling logging, always picking the "for seven days" option, so that if I hit a bad patch in my illness and more or less ignore the pc for a while, logging will stop eventually. I still need to cull the older logs by hand. Of course I could cull via a script, but a script wouldn't know whether some logs had to be retained because they covered a period where something went wrong. I'm also toying with trying to write an AutoIt script to do the stop & re-enable thing for me, triggered by a Scheduled task.
  17. Your English is excellent. The only thing I'd add is that in your case entering "fritz.box" in the address bar only makes sense for someone who is using a "fritz box" (which is a combined broadband modem/router) - see: https://en.wikipedia.org/wiki/Fritz!Box and it also presumes that either there's an entry in your hosts file which translates the name "fritz.box" to the box's LAN ip address, or (more likely?) that users of these boxes usually configure their systems to use a local DNS server on the fritz box so that when the browser asks the box where the device named "fritz.box" is, it says "I'm here" and the browser is then able to see the admin interface.
  18. Firefox v83 introduced a new facilty which forces FF to use https connections. I know about this because I read the "What's New" page (when Firefox tells me a new version is available. I don't let FF just install new versions - maybe if I did I wouldn't have the opportunity to read about those changes? You can also get to the release notes for the version you're using by: Help - About Firefox - What's New. See: https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/ It's not supposed to be on though. But maybe you've turned it on by accident, or maybe there's a bug in the way it works.
  19. Re-downloading it won't cause any problem, if you don't install it! You should be able to find details of the blue screen error if you look in the Event logs. You can find info on how to do that at https://www.dummies.com/computers/operating-systems/windows-10/how-to-use-event-viewer-in-windows-10/ - though I see that page has lots of intrusive adverts, it also has screenshots of the eventlog displays. It's not always a good idea to have a machine set up to restart when there's a blue screen - it can lead to the machine restarting, crashing, restarting, crashing ... and if there's something bad (eg disk corruption) each restart & crash can make things worse. You can turn off the continual restart at (at least in Win 8.1 which I have, but I expect it's similar in W10) - Control Panel - System - Advanced System Settings - Startup & Recovery - Settings - System failure ... and untick/uncheck "Automatically restart". Then, if there's a bluescreen, the error display will stay visible and you'll have an opportunity to think about exactly what you'd been doing before the crash... and make some notes, before restarting.
  20. The Which? thing is free, and useful. > Not sure what a link is A link is anything (on a webpage) which would take you to another webpage. Emails that have text with colours, pictures, different fonts etc are written using the same computing 'language' - HTML - that is used to create webpages, and - depending on what software you use to view those mails - will look quite like webpages. This is the big problem - scam emails look plausibly like pictures of pages at real sites. When using a decent browser to view a webpage, any time you position the mouse pointer over a link there'll usually be somewhere on the browser screen that shows you where clicking that link will take you. For example if you look at any earlier post on a thread here you'll see at the start of each post a grey text like "Posted 19 minutes ago". Apart from containing information about how old a post is, it's also a link (which if copied and pasted elsewhere would allow someone to come back to that specific post in this discussion). I'm using Firefox and when I mouse over that link, I get a display at the foot of the screen which shows me that the link is actually to "https:://support...". That is, when one clicks on that the browser goes off and finds the page whose address is in the link. Software for displaying emails might not, especially if it's on a mobile phone, be so helpful. Good software will be configurable so that, for example, it doesn't retrieve photos etc automatically ... and that might help you because a scammer mimicing a BT website (say) may actually grab parts of the real BT site and include it in their email so that their email looks like the real thing. If one's email software is configured not to fetch such "external content" you might not be fooled. A common problem with phishing emails is that the text the user sees displayed says a link is to some plausible-looking website name, but the actual site that clicking on that display text will go to is something else entirely. That's a side-effect of normal HTML practice of being able to define links (eg as words or phrases in sentences) that go somewhere else. When a user clicks on eg "Quote" (as you'll see at the bottom of each post here) it's /sensible/ that the word they see is "Quote" but the action is to go somewhere... In the past many emails were written in "plain text" - that is, no fancy fonts, colours etc... and many emails have both the fancy contents and the simpler contents in them. Unfortunately more and more often emails these days don't have the equivalent text in the simpler form. Nevertheless some people (me for example) usually only read the simple-format part of an email. Then it's very much clearer when links don't go where the fancy text implied they were going to go. > I answered what I thought was a BT email ... You say "answered" ... but answering (or replying to) an email shouldn't involve going to a BT (or other) website. If you end up on anyone's site when "answering" an email you MUST realise that you're possibly being scammed. Some scammers are technically naive and when their links claim to take you to (eg) a BT site, the real link's value will be nothing like an official website name. But some scammers use fake website names that are very similar to real ones. Rather than trying to decide when you look at a link's actual target whether that's a valid place to go or not it is better, FAR BETTER, if you just don't click any link in those mails. If a mail wants you to login to (they say) the BT site, look at your notes and see what you normally do to logon to BT, and do that again.
  21. Also - Which? - the UK consumer affairs champion - have a "scam alerts" thing that people can sign up for. You'll get a couple of emails a week telling you about specific current scams and linking you to discussions about them. You don't need to be a member of Which? to get these. See: https://action.which.co.uk/page/s/which-scam-alerts
  22. Over and over again people are told not to click on links in emails. This is why. If you need to login to BT or a bank or HMRC or whoever, ALWAYS use the links that are printed on their statements, (or for HMRC) any of their official letters. If you keep notes on how you deal with each utility, make sure those notes include the genuine URL and always use the URL you know is right, not something else. (Clearly these do change sometimes, when eg two banks merge, but you'd have had official letters about that too.) If you use a password manager, store the genuine URLs in there. You never need to go to a special site for something - if it's vital for some organisation's customers to "reset a password" or whatever the email says is the case then there will be links to that vital necessity once you have properly logged-in to whatever normal website BT or the bank or HMRC or whoever normally use. If by "send by Pony Express" you mean "send out by post" you should be glad, even if it is inconvenient. BT are spending money sending a letter because it's a lot more secure and goes to your home address rather than to an email address that may well have been compromised by the scam. If you have fallen for this scam, make sure that - if you were foolish enough to use the same password anywhere else - that you change the value used elsewhere at the same time. It's also useful, if you can, not to use the same email address for everything. I've my own domain (ie the bit to the righthandside of the @ in an email address) and I give out different email addresses to every company I deal with, different friends etc. So if an email comes purporting to be from HMRC and it's not to the email address I only use for HMRC (whose emails I filter to a specific folder based on the address they were sent to) it cannot be genuine. Even emails that do claim to come from Bank X, and arrive in the right folder are not necessarily genuine. You need to be careful. Multiple email addresses and passwords are a nuisance to maintain, but it also means that - as in inevitable when yet another company has a data breach - that addresses and passwords revealed by any one such breach are no use at all to any scammer anywhere else.
  23. Whether one pays for something or not is largely irrelevant, except that with a commercial company like Emsisoft there are people paid to try to fix things; at least we users do not have to rely on people with goodwill having the time to try to do so. The problem is that there's a huge variation in the combination of different underlying hardware (and thus drivers installed), amounts of memory, speeds of processors, and all the different application software installed on people's systems. Then, although in theory every one use "Windows", Emsisoft support Win 7, 8.1 and 10. As I'm sure you know there's multiple versions of Win 10. Then, different people have different sets of Windows updates installed. People may or may not have other security software installed. None of the other things installed on a machine are likely to be totally bug-free (eg Windows is not - that's why MS continually release maintenance updates). There is no way that any programmer can predict all the problems that might occur in other people's machines, even if all the ones the programmers and testers use seem to behave "properly". (Things are worse in Linux because each 'distro' is assembled from many alternative parts of each layer of the OS. Eg users have different "window managers". At least in Windows there's only the MS one in use - though of course that's at multiple different levels of underlying OS and affected by different sets of WIndows Updates and screen hardware etc.) Another Windows example (whose context menus interact with EAM) is "File Explorer"... where /most/ users use the MS-supplied one. But some people also use third-party ones. As for "the customer should not have to enagage with developers, provide debug logs, etc", the bottom line is that programmers cannot fix problems that they cannot recreate on their own systems if they do not know what is causing the problem. Getting debug logs from people who do have the problem /may/ provide hints as to where the problem lies. I know (as a programmer) that such logs - necessarily not hugely detailed in every aspect of what a system does - may need to be made more detailed as one tries to home-in on the actual cause of a problem. So eg successive betas might not just have improved code, they may also do more detailed logging in the parts of the system that the programmers think might be at fault.
  24. That's not correct - there's been several attempts, and discussions about it here and on the Beta forum. And for many of us the problem did seem to be fixed. You've posted several times in this thread so - unless you didn't stay uptodate reading it between your posts - you should have known that.