Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by JeremyNicoll

  1. The display is like lots of others in Windows ... a table of data sorted by a particular column. In your first screenshot the sort indicator (the small grey triangle) is in the title area of the second column, and points up. That means the display is sorted by what's in column 2, in ascending order... which is why its contents start with the empty lines, then things whose names start with A then B then C... It could have been more perplexing if the sort column was one that was scrolled off to the righthand side ... if the overall window had not been dragged so large. Then you wouldn't
  2. @RAS- if you're seeing something different, the obvious first question is: what version of EAM do you have? The main GUI screen's "About" link will take you to a page that shows the release you are running. Also, in Settings - Updates, what value do you have "Update feed" set to? A screenshot of what you're seeing would help too. No-one here knows what you're seeing.
  3. Something else... in the video when the program is started there's a long pause with a progress bar showing on the splash-screen. Is there any chance that the program is unpacking the code that actually runs the client, perhaps not to the folder you're excluding?
  4. > 2 .exes that are running are at roaming folder. Excluding those do not help. Ah. I'm always a little suspicious of programs that don't get installed in the 'proper' folders. It makes me wonder why not. I think I made a mistake in my advice above, telling you to exclude the .exe's "from monitoring". If the problems really are caused by FileGuard then the exclusions might need to be in the "exclude from Scanning list" instead, or as well. The thing is, with no alerts/notifications, there's no evidence that FileGuard has a problem with a specfic file, but there is eviden
  5. @Jan-ryzen- adding an AppData\Roaming\... folder would be a strange choice since such a folder is meant to contain Application /Data/. It's far more likely that you need to exclude the .exe file(s) that contain the program code that is running. The exclusion should be set in the "Asetukset - Poissulut - Sulje pois tarkkailusta" section. Logs: yes, I agree that it would help if they showed "what is caught" ... but I don't think anything is being caught. After all you're not getting any alerts or notifications from EAM. I think this is just an instance of EAM preventing the appli
  6. If the UI does one day offer a chance to purge them, would it keep any of them - the last week's worth, or month's worth?
  7. @dkds I don't know about My Emsisoft, but are you sure this wasn't one of the EAM "Updates" settings (which relate to malware signatures etc), or possibly the "Advanced" setting which asks if items stored in EAM's Quarantine should be rescanned every time EAM receives signature updates?
  8. @bluescreen- whatever's in your "notes to emsisoft volunteers", we can't see them. Files uploaded to the forum are only accessible by Emsisoft staff, to avoid people accidentally sharing confidential information.
  9. It''s the tooltip for that specific field though, in a part of the GUI where people would think - since it's the /Web/ Protection screen, that they are affecting browser security. Why mention regexes there if they are not applicable there? if regexes only currently work in /Browser Security/ but not in browser security, I think that subtlety will be lost on many people. Also, bear in mind that when I first looked at this, I'd just read /your/ announcement, which said: "New support for RegEx-based rules in Web Protection [,....]" which maybe made me read the tooltip slightly less cri
  10. > Preview updates are released near the end of each month so that people can install them in advance of the normal Patch Tuesday to determine if there are any issues Microsoft don't emphasise enough that the "people" who might need to do this are not ordinary users. Instead they are developers who might benefit from some warning that what's coming at the next Patch Tuesday may break their applications (so get a chance to prepare fixes for their programmes before their customers are affected). It's also useful for systems administrators who can install the previews on test machine
  11. @bluescreen ... > I can't reinstall Windows 7, because I accidentally put tape over the product key and can't read it anymore. I googled for "how find w7 product key" and found several sites describing ways to find it, not all requiring the physical label. For example: https://www.ionos.co.uk/digitalguide/server/configuration/how-to-find-a-windows-7-product-key/ says how to find it in the registry. I don't know if the method is correct or not, though.
  12. KB4601050 isn't a Preview: see: https://support.microsoft.com/en-us/topic/february-9-2021-kb4601050-cumulative-update-for-net-framework-3-5-and-4-8-for-windows-10-version-2004-windows-server-version-2004-windows-10-version-20h2-and-windows-server-version-20h2-7d61f856-72ce-7f4c-7e43-76f8aadf2aca Is @dkds saying that /other/ updates are being re-offered? if Previews are being offered are they old ones, or ones previewing March's updates?
  13. @Frank H The tooltip on the Web Protection page of the GUI (if you do an "Add rule" or "Edit rule") says that regexes are supported. Is that wrong, then?
  14. Update seemed to go ok. Regexes: which engine?
  15. Behaviour-based detection only happens if someone runs the malware /and/ EAM (or whatever anti-malware app someone uses) decides that what it is doing looks suspicious. You said at the start that you thought this one was "very obvious malware". What made you think that, other than the filename looking suspicious for an executable? Was that before or after running it? What did it do that made you sure it was malware? (And, did you do that in a sandbox?) Heuristics are informed guesswork. It means the anti-malware program is looking for code inside an executable that resembles other
  16. You need to post here: https://support.emsisoft.com/forum/6-help-my-pc-is-infected/ There's instructions at the top of that forum about the information you need to provide. Good luck!
  17. Did you ask your teenager about the site? When I peeked at the site it looked to me as if it just has a generic front page, like any other hosted but not yet in-use domain. I also googled for it (ie for hits that might mention it, and found nothing in my brief examination). It's not impossible that there's specific page addresses at that domain that contain content. If one visits Virus Total and plugs the domain into their URL check, one gets shown that no anti-malware product currently flags the domain (though I don't know which of them would do if specific pages at that domain had b
  18. Maybe it's nothing? Maybe your teenager had googled for info on how much alcohol there is in various drinks, or how drunk one can get how fast, and clicked a plausible looking link?
  19. But why was anything quarantined? @stappsaid that EAM was configured just to /alert/.
  20. @GT500 I think you're failing to answer the question: what's the point of being able to turn Silent Mode on/off, when that mode will do nothing because its various features have been turned off individually. Perhaps the GUI should disable the mode's on/off button when Silent Mode would achieve nothing?
  21. Seems fine on W8.1 too.
  22. No, I've not defined any exclusions. Why should I? Having a script ask the OS to open a File Explorer view of a folder is not a security risk ... and the fact that almost all the times that that script runs, the BB does not think there's an issue confirms that. Even then, I'd rather have the BB occasionally flag some action that it thinks is iffy, than not have the BB keeping an eye on what scripts are doing. So, it's not so much the notification I object to, as the fact that the system then hangs. Surely /any/ notification, no matter what for, should not cause a hang?
  • Create New...