• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by JeremyNicoll

  1. > You also once sat down at your computer for the first time. Yes indeed. But my first personal computer came along after a degree in computing and working as a programmer for more than 5 years. Anyway, I'm not arguing about users who make an effort to understand how things work; my comment about "ordinary users" is about people who don't care how it works.
  2. I don't understand what you mean by: "then this user does not need to use up a computer and surf the Internet." Pretty much everyone needs at least access to a computer these days as governments require more and more to be done online, eg applications for state benefits. It's a problem for people who cannot afford a recent new machine. I wouldn't want to be using a public machine (eg in a library or even internet cafe) if I had to use it to send confidential personal information anywhere.
  3. > I f you have in mind a slightly smart user, then programs that can correctly delete pre-installed unnecessary software are suitable for him How is this user supposed to choose such a program? Most of the 'tune-up' programs available are likely to damage a properly configured machine. The user is completely dependent on the programmer having been very careful. (And of course quite a lot of such programmes are quite likely to contain, or come bundled with, PUPs or malware.)
  4. > ordinary user Someone who knows nothing about how computers work, who doesn't know what an OS is. Someone who would never read a computing textbook.
  5. @Amigo-A OK. How is an ordinary user to know which programs are vital and which are not?
  6. I understand that you (somehow) disabled Powershell, and you know you did that. Earlier you asked for a way for BB not to tell you (that Powershell is disabled). If Emsisoft change EAM so that no user sees these messages then that is dangerous for people whose Powershell has been tampered with. I don't care if there's a way for just you not to see the messages, but I don't think other EAM users should lose the information.
  7. @Amigo-A... so which is it? Above you say "Buttons, keys for brightness control - this is on the side of drivers and software from manufacturers. We talked about software that does not belong to this area, but is obtrude oneself into the user". But that's not what you said before. You said "If the pre-installed programs were set by the /PC manufacturer/ or its partners, then /these are not your partners/, these are completely alien people with their intentions and commercial purpose. You do not know what they set and what goals they pursued. Therefore, the verdict should be unambiguous - delete all pre-installed programs without a doubt.".
  8. It's not really just an "opinion", if the end result is an unusable machine. Some of these programs are required to make eg a laptop's screen brightness, volume control, wifi on/off switches etc work. If you look in the support forums for specific makes of laptop you quite often find people who are desperate to find out why these things no longer work. It's like reading on linux forums about how people can't get some features of a particular model of laptop to work in a certain linux distro - because there's no open-source drivers for the specific hardware.
  9. No, the screenshots are fine. You asked " ... to remove from the settings of the EAM Behavior Blocker what has been proposed and how" ... I think that if that is possible, it should be something that Emsi tell you how to do, but they should not change BB so that other people don't see the BB messages. Other people, and certainly me, will want to know if powershell has been disabled IF IT WASN'T DONE BY THEM.
  10. Leaving aside the issue with EAM, are you saying that at present you let your ordinary users have Admin ids? If so, why?
  11. @Amigo-A " Therefore, the verdict should be unambiguous - delete all pre-installed programs without a doubt. " I disagree. /Some/ of the vendor-installed programs are necessary. Eg on several of my Samsung laptops, those programs include the logic to make the Fn+F2 (etc) buttons perform their ancilliary functions. Another of the programs is one that offers and installs updates to that program and others. If I get rid of the latter program, how do I get updates/fixes for the first program I mentioned?
  12. I think most users would want to know if any system process has been stopped (especially if they did not know how/why), so if it is possible to suppress the information it'll need to be something that individual users do, not something central that affects us all.
  13. Interesting. Mostly - as I have the max display time for the slider set to 999 seconds - it's visible. It's rare for the slider to dismiss itself. Usually I click the X on it, and focus shifts. But (at the moment) focus isn't changing absolutely every time I click on the X... but often enough for me to notice that focus just changed .... again. I've not yet worked out if there's a pattern to the behaviour. I'm not well, almost always in bed, and the laptop is on a table-thing above the bed. If an update happens while I'm elsewhere - eg loo, kitchen - and dismisses itself, I probably wouldn't notice whether the focus had changed because by the time I return to bed, I'm unlikely to care about which program I was using earlier. But if I'm actually actively using a specific program and the slider pops out and I dismiss it and some other program's window pops to the front, I definitely notice that.
  14. It went away for me though, then (I think) It came back, went again.. and had been absent for ages.
  15. I'm seeing focus changes again (as in: ). Anyone else? It's been happening, I think, for a few days, but I've been quite sleepy, and only just realised it was happening again...
  16. > even if you don't use the workspace functionality, my emsisoft allows you to manage ... The thing is, I already have to do all of that for every other software product I install, licence and pay for. So I already have my own way to do it. If every vendor invents their own extra system, each one is just one more thing to have to learn how to do - and (presumably) one more userid and password to have to maintain. I'm sure it's useful for corporate users, and maybe resellers, managing tens, or hundreds of users. I'm also a little curious about your statement: "allows you to view details of your current, and historic licences". If older licences were associated with email addresses I no longer use, how would their system associate them all with my current email address? Or is their system tracking users' machine ids? Somewhat contradicting myself, I seem to remember asking how they know in the first place and I think maybe I was told that users have to populate the "my emsisoft" thing with relevant data in the first place. If that's still the case and it's only telling you things you told it, it's hardly magic.
  17. But no-one with only one or a handful of protected machines needs to be able to do that, surely?
  18. That may be so, but I don't see much point in setting up "My Emsisoft" just for that. Does "My Emsisoft" provide any service that one actually needs? I've never used it.
  19. Oddly, it does copy if you select it and press Ctrl-C... but not if - as you say - you right-click...
  20. And... if you don't want the auto-subscription (many of us don't) you can get it changed back to one with an expiry date, by emailing [email protected] and asking them to make the change. I don't know yet whether we're all going to have to make that request every single year...
  21. Malware scans look for files whose contents are known/suspected to indicate that they are malicious. On the other hand the Behaviour Blocker looks at what a program/file seems to be doing /once it is actually running/. A file can look innocent to a malware scan but once run do something that might be suspicious. In your case the BB is telling you that lots and lots of installs are being attempted. The BB alerts are all because a "hidden installation" is being attempted, that is, an "MSI" file (which is a standard Microsoft installer file) is being run. Maybe the file you downloaded was named "something.msi". If so, it is not itself executable, but is read and processed by the parts of Windows that understand MSI files. It looks as if either this particular .MSI file first unpacks itself to create many temporary files, named MSIxxxx.tmp, then uses those, or - as you say, maybe downloads a set of MSIxxxx.tmp file and uses them. Either way, the sheer quantity of them is - perhaps - dubious. If any program in Windows wants to create a temporary file - perhaps by unzipping or unpacking a container of files, (or by downloading some) - it is likely to put them in a folder whose purpose is to hold temporary files. Its name depends on the version of Windows you are running and your userid. It has a symbolic name TEMP (or %TEMP%) so that programs can refer to it without knowing what its full name is on your system. If you open a file explorer window, then put the caret in the file/folder-name area at the top (which looks a bit like a URL bar in a browser) and type %TEMP% and hit enter, the temporary files folder for your userid will be opened. On my W8.1 system, if my userid was Fred, it would be named: "C:\Users\Fred\AppData\Local\Temp" There are other temporary file folders in Windows... If an installer running under an Admin id (ie with UAC permission) creates temporary files they will probably be put in a different folder - a similar folder name but instead of the "Fred" but it'll be the Admin id's name there, eg "C:\Users\TheNameOfTheAdminId\AppData\Local\Temp". I am not sure that it's safe for you to try to exclude some folders from monitoring by the behaviour blocker; it might be a way to reduce or stop these alerts, but done incautiously it can also stop alerts coming from any malicious software that's also managed to come to roost in that folder - and it's a very likely folder for iffy things to end up in.
  22. There's no reason to quarantine an installer that's installing stuff at your request (assuming you do trust the thing it is installing). The point about the BB is that it would spot installations (for other programs) being done that you didn't know about. What's not clear from your text is why so many separate installers are being run every few seconds. Or is it the same installer being attempted over & over again, where the thing arrived zipped up (or otherwise compressed) then unpacks & places the actual installer into a different MSIxxxx.tmp file each time? Then it runs that and the BB flags it because the rule created for the last one was for a differently named .tmp file? If the MSIxxxx.tmp files are being created in %TEMP% before being run, you could possibly exclude %TEMP% from monitoring... but that in my opinion is very unsafe because it would also mean any other installer, eg a malicious one, placed in %TEMP% would also be ignored. On the other hand, if the .tmp files are being placed in (for example) %TEMP%\ExpressVPN then you could exclude just that folder, which might help. You could experiment with excluding %TEMP% to see if an exclusion helps, but then only enable that exclusion when you're about to apply updates. Maybe the supplier could be asked to change the way their updates are packaged so that they don't all have random names.
  23. > As I said before the only CPU user was Emsisoft at 96%, that is a bit extreme. I'm not disagreeing. Do you have any scheduled scans defined? EAM taking lots of cpu is not in itself unusual - Emsisoft designed the scanner part so it uses as much spare cpu as is available. If for example your machine has SSD(s) in it rather than spinning rust drives, I/O is very fast and thus - when doing a scan - the disks don't slow things down they way they used to do. The question though is whether a long-running scan could have been taking place. Does EAM's log show whether a scan (or anything else) was going on at the time? Also, even if EAM is doing a long-running scan, one might expect the OS to give other processes, eg your browser, an equal amount of cpu time. I don't now why that wouldn't happen. Something else that might affect that is how many cpu cores your machine has.
  24. Glad things have improved. > I have the latest version, whatever that is, You can find out by clicking on "About", near the bottom right corner of the "Security Overview" screen. Bear in mind that our latest version might not be the same as other people here are on, because (a) some of us are using "Betas" ie things that have not yet been released to everyone else, and also (b) the updates don't get released to everyone spread across the world all at the same time. Maybe EAM was genuinely very busy. Despite the date being only the 4th of the month I noticed that Windows Update is offering updates today. One of those is a "Preview" of changes to .NET support. If you've just installed that, it's normal for Windows to do some cpu-intensive work soon afterwards - I think it recreates indexes or cross-reference info or something, whatever "rebuilding assemblies" means... And if that was happening there might have been lots of files being opened and EAM might have been suddenly busy. If it was that... there's something else to say though. Here (for W8.1), that .NET update is a "Preview" one, described in Windows Update as "optional". You might think that it's a good idea to install optional updates as well as "important" ones... but that's not so. In particular, the "Preview" versions of fixes are not meant to be installed by ordinary users. Microsoft aim them at software developers so they have a chance - a month or more before everyone else gets the update - to see if these updates introduce problems. If your version of W10 allows you to choose, you should opt out of automatic installs of Previews.
  25. Who knows? Which version of EAM have you got? Which browser (and what version)? Which OS? Are you using the browser extension?