Jump to content

JeremyNicoll

Member
  • Content Count

    1988
  • Joined

  • Last visited

  • Days Won

    32

Everything posted by JeremyNicoll

  1. @David Biggar- why is this problem affecting only one machine?
  2. Well, I read your post when you first made it, but know nothing about Enterprise EAM, so stayed silent. I know (I think) that the home/business products are the same except for licence conditions, but maybe Enterprise differs? What versions of Windows do the desktop & laptop run? Are both completely uptodate regarding updates? Do either of them have any other security software installed? I would expect Emsisoft support to need debug logs from one or both systems, to get to the bottom of this issue. But there's no point in any user (like me) asking for those because we can't i
  3. > Vainly tried to find this file It's not a filename/filepath on your system, but the name of a signature, ie a set of characteristics that tend to point towards the presence of a specific form of malware. > The affected file was a self extracting .exe of a plain text file that I created myself. Possibly the detection was a "false positive", that is something about your plain text file made Defender think it was, or resembled part of a malicious file. Bear in mind that scripts are plain text files. A file being plain text tells no-one anything about what it actual
  4. This really needs someone from Emsisoft support to comment, as I have very little idea what could cause this. Though ... do you have some other security software installed that might be blocking the install of EAM? I ask that because when you say "I have to search in apps for Emsisoft and click on "run" each time and go through the whole process of "Do you want this program to make changes on your hard drive". " that sounds to me as if it's a downloaded installer that's being found and run each time, rather than EAM itself. When you do that search, does the search process tell you what
  5. @stapp - I couldn't agree more! And even though I've got more than one pc licenced now (none of the extras set up yet - part of a careful migration to Win 10) they're all always going to be in front of me. For me, there's a heap of manual system maintenance things I do on each machine, and even if an online console made EAM-stuff simpler it'd not help for the other things, so there's no appeal for me. I do see that in some corporate cases it might help, though.
  6. Win 8.1 64-bit, versions 2021.5.1.10958 and 2021.5.1.10989 Yesterday (while running) 2021.5.1.10958, I renewed my subscription. As you know I nearly always have debug-logging active, and it was before, during and after the renewal. I normally stop & restart logging a couple of times per day and anually throw away older logs. Late last night I noticed that the a2guard debug log, which is typically around 4-10 MB per day, had logged about 100 MB in that period. Looking more closely I see that the excessive logging started (I think) around an hour after I renewed, which is perhaps th
  7. @Frank H - ok. I don't use the EMC but I have the impression that my edr.db3 file is growing in size. I copied it (because EAM has it in use) and then opened the copy in an SQLite inspection utility. It seems to contain a copy of the (expected) detections from my last custom scan (some zipped backups of old mail files contain some infected mails which are always found when I do custom scans that include zips). I note that the data is keyed just on an incrementing counter but includes detection time & date ... which suggests that the same set of detections might get added to the tables
  8. @Frank H Thanks for the info. So ... useful for anyone managing multiple machines, I expect. But why is there a db on individual machines if the info is sent to EMC? Is it just to cache that info until there's next an opportunity to send it there?
  9. Ah. Does that facility only work through the website thing? And does the website store info about customers' incidents on your server, or interrogate (online only) PCs when it wants to build a display?
  10. I've been waiting... It's a good thing I didn't hold my breath. Is the release of this new feature delayed?
  11. File Guard has "Alert" options in two places: Malware detections, PUP detections. It's not necessary to have File Guard quarantine anything; I do not let it do so.
  12. When you get a threat detected and something quarantined, is it the Behaviour Blocker that's detecting it? Does the log entry tell you specifically why the items are being quarantined? Apart from the Behaviour Blocker's settings, which is maybe where you've set Alert, there is also an option in Settings - Advanced which determines whether EAM will check online to see whether programs that might be bad have a decent reputation or not. You can also choose what will then happen if that check thinks a file is in fact good, or if it is in fact bad. You don't absolutely have to let EAM quara
  13. When you say you've mentioned this before ... do you mean in the discussion: https://support.emsisoft.com/topic/31951-emsisoft-slowing-pc-right-down/ You were asked (by GT500) in that thread to provide some diagnostic information but there's no sign that you actually did so. Now, your complaint is extremely vague. You said "upon checking"... What did you check? Do you mean just the EAM logs? What about the system's event logs? You also imply that you might have been in the middle of something. Well, what? Maybe the thing you were doing was using lots of system resources -
  14. @GT500 - do they (EAM and the Browser extension) therefore end up with their own copies of the huge list? What does "sync" mean in this case? If for example one shuts down the browser and restarts it, does the extension have to re-acquire the list, or does it still have its own copy from before?
  15. @Amigo-A - I asked that already and the answer was: "The list have about 550,000 entries. it is huge." That seems to me to be crazily big... but right at the start the OP implied that things were ok on an earlier version of EAM.
  16. @Amigo-A- it's relevant to EAM if the OP is using the "import hosts file" feature under "Web Protection".
  17. I don't know, but some more information might help others to suggest something relevant.... Which version of Windows, what CPU and how much RAM does your machine have? And how many entries (roughly) does your list of block addresses have in it? Ie, is it huge? If you fully shutdown the machine then reboot, then re-instate the block list, does cpu use go mad again? Also: how often do you shutdown the machine? Some people do so daily (I'm not one of them) and others hardly ever. Is the machine uptodate (assuming it's not W7) with Windows Updates?
  18. It'd be better to create a new topic, because the features in EAM in Aug 2020 might have changed. When items are grayed-out in the GUI it's an indication that your userid doesn't have full permission to alter things. You might need to login to Windows as an Adminstrator then within the EAM GUI find the Permissions section (which isn't even visible to other users) and (if you want to) grant full EAM-features-permission to whatever userid you're using now.
  19. I assume that when you run one of the .exe files shown in your first screenshot it unpacks another .exe, then runs that. The problem is that the second .exe - in a subfolder of \temp\ is the one that gets the BB detection. I expect that the subfolder has a different random name every time something is unpacked. There's probably not a satisfactory solution, since although you could set up an exception for files in \temp\, that's a really bad idea because malware is also quite likely to get unpacked and run there and if that happens you definitely want to know about it. Sometimes
  20. Deleting dmp files is not hugely sensible as it means you can't send them to Emsisoft for them to look at. Having said that, the level of detail in such a dmp depends (at least in earlier versions of Windows) on how you've configured the system. At the very least you need to dig into the eventlogs to find out what they show as the symptoms of the dump, and when it happened and anything significant that happened in the minutes leading up to that.
  21. Yes, I looked at your posting history yesterday and saw that you'd been part of that discussion (which started in Feb 2020): https://support.emsisoft.com/topic/32777-high-cpu-usage-from-a2start-and-commservice/ But whatever caused that seemed to get fixed. I wonder what's making your machine suddenly have a problem. > Thanks for the suggestion to switch to "delayed" - will try that if the symptoms come back (just rebooted another time this morning). While switching to "delayed" will perhaps temporarily solve your problem (it might not if there's an underlying problem
  22. Which version of Windows? What hardware - does that cpu spike of 10-20% represent one entire cpu core/thread being 100% busy? What else happened this morning? Was the machine rebooted, restarted, woken? Has a Windows Update just been installed? Was a restart pending because of an earlier install? Did you install or remove anything? Does the eventlog show any other system problems, eg with any of the machine's disks? You could choose, for now, to install the previous version of EAM by (on the current one) going to Settings - Updates - Update feed, and changing from "Stab
  23. Ok, I'll compress it and upload it somewhere and PM you with its location.
  24. Win 8.1, 64-bit a2service.exe crashed this morning. I've got a full 800 MB dump (and debug logs), do you want it? The eventlog record for the crash says: Fault bucket , type 0 Event Name: BEX64 Response: Not available Cab Id: 0 Problem signature: P1: a2service.exe P2: 2021.4.0.10785 P3: 606463d0 P4: StackHash_d81c P5: 0.0.0.0 P6: 00000000 P7: PCH_5E_FROM_a2service+0x00000000000093E4 P8: c0000005 P9: 0000000000000008 P10:
  25. > I think it's supposed to be implied that the subscription can be canceled after the ordering process is finished. After all, you can't cancel something that hasn't started yet. I agree, you can't. But you're missing the point, which is that customers who do not want ever to be part of a subscription scheme are not being given the choice. You're forcing people to have a subscription. They then have to make an effort to get out of that later on. Worse, as far as I know, having elected not to be part of a subscription scheme, they have to go through this every year. You don't remem
×
×
  • Create New...