• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by JeremyNicoll

  1. @GT500said: You will also need to disable self-protection in EAM's advanced settings before it will be possible to terminate a2start.exe this way. Are you sure? Self-protection is on, here, but I terminate a2start several times a day (using Process Hacker's Terminate, rather than TM's End Task) with no difficulty.
  2. @Jason F - in your screenshot, is CPU use the second column from the right? (Column layout is up to you - they can be reordered - and that means I can't tell.) Because if it is, you're showing a2start (which runs the GUI) using 4% cpu. And - as @GT500pointed out above that means one core is running flat out on a2start. It should be using much much less. As well as the known problem when a2service sometimes uses far too much cpu, there's a related (maybe) problem where a2start uses far too much cpu. That's discussed in the thread: EAM works fine with a2start stopped - you should be able to right-click it in Task Manager and choose to End Task. (Though that will need you to run Task Manager under Admin auth.) If and when you later click the systray icon to access the GUI, a2start will be restarted.
  3. If you have a Dropbox (as I do) or similar account with another cloud storage provider you could upload it there and send GT500 a personal message (hover over his avatar to here to see the option) telling him the URL. That's how I normally do this. I also ask Emsi to let me know when they've grabbed it so I can delete the file from my Dropbox.
  4. In 2019 when I renewed my licence, there was an entry in EAM's log that said: A notification message "Your license has been extended by 365 days. The new expiry date is in 395 days." has been shown" This year, there's nothing in the log about the licence changing ... though it's clear from elsewhere in the GUI (the auto-renewal thing being turned back on and the expiry date no longer being visible, not even in a tooltip) that it has done. Why no log entry?
  5. Have you made sure that any BB rules for the programs you were testing, were deleted before each test?
  6. Did you read: ? I think it only matters for programs that appear to be doing something odd. When EAM might at first think that they are malware, it will look online (if you have also chosen "Look up reputation of programs". Then, if the online system thinks the program is ok, it will allow it if you have also set "Automatically allow...". So, when you tested to see if there's a difference, were you running a program that tried to do something suspicious? Was that program one that EAM (or you) hadn't already created a rule for? Do you have "Look up reputation..." set?
  7. Why? Might be if your version of Chrome runs any plugins or extensions that go looking for things. However, I looked in the Google Chrome Help forum for references to this "Continue running..." option and found some people who have the option turned off still have google tasks running. Nobody who actually knows why Chrome does stuff answered any of the questions; answers were just guesses from other users. One example / guess I saw related to "Metro" / "Modern" apps ... suggesting that if you have any that eg use google to fetch news headlines and show them in tiles, that some of these tasks could be the fetchers that have to run all the time for that to work. I have no idea if that's actually the case.
  8. I have no GoogleUpdater running here (Win 8.1, using Firefox). But I do have a "GoogleCrashHandler" and a "GoogleCrashHandler64" both of which were started by a parent process that's no longer running - probably an instance of Google Chrome. They were started a couple of weeks ago; one has used no cpu time and the other less than a quarter of a second's cpu time - which is fair enough if they just start and wait for something. @andrewek - you say one machine doesn't have the updater running; have you looked at every page of options in Google Chrome on both systems to see if they are set up the same way? Who starts them? Dunno. Have you searched the registry for entries naming these programs? Have you looked in the event logs for audit records showing them being started (only possible if you have process creation auditing turned on)? If you go into Chrome (and it itself is uptodate) what about the things listed at (URL) chrome://components - you should be able to ask Chrome to (try to) update each of those. If you do, do they actually get updated, or say they're uptodate? Maybe although the main part of Chrome is uptodate one of those smaller bits is not, and it keeps trying to update and fails for some reason?
  9. @MJmusicguy - when the OS dumps, it has to write a copy of everything in the in-use memory, to disk. It's not safe on a system that's hurt to use usual files for that (the file system may be in a mess because of whatever has gone wrong) so the OS instead writes the info to the pagefile (which is a private file only ever used by the OS). When the OS is rebooted the dump data inside the pagefile is then copied out and put into C:\WINDOWS\MEMORY.DMP It follows that the pagefile needs to be big enough to hold a LOT of data. You maybe don't normally have a very large pagefile, but to allow this dump process to work you'll have to make a big one. On the webage about pagefile changes, do you see the screenshot at "F" in section 6? Follow the instructions to get to the same place on your system and screenshot it or make notes of what it says - how many drives, what sort of pagefiles any of them have, and tell us what the values are. Don't change anything for now, just Cancel out of that pane.
  10. > Keep in mind that Microsoft already implemented such a feature... But don't users have to turn it on? Security-minded users might well do so, but those who couldn't care less, or are non-technical, or think it won't happen to them, won't do. Tell me, can Win 10 users enable Controlled Folder Access and also use EAM? Or is CFA only possible if you use Defender's a/v capabilities instead of EAM? (I would very much like to have CFA, not just for protection against ransomware etc, but also programming accidents (ie situations I hadn't properly thought through in my own code) and mistakes made using unfamiliar products. As far as I can tell CFA is a pretty crude system, with folders being protected or not - whereas it's even better if you can dictate which processes can access particular folders. CFA - as far as I know - does allow you to grant access to all allowed folders, per program, but that's a bit unsubtle. There's no reason why - say - my favourite graphics utility should be able to update system folders; it'd be far better if it could be set up only to be able to update the folders where I kept the project I was working on.)
  11. So what happens if nearly the same bat file is used but instead of the EICAR file an innocent .exe or .dll is aligned with the AV product's one?
  12. Ok, that's better than nothing. But the vulnerability is down to the symlink/directory junctions aspect (being used to redirect the filesystem from eg a required DLL to something else, presumed to be malicious as was the EICAR file in the example shown on the website). Presumably replacing the AV product's DLL with something non-malicious would also be a risk - diminishing the power of the AV product. If QA's test only worked because the EICAR file was detected, it's not checking the right thing.
  13. @eliastz Or, you could help Emsi to find out what the problem is? The interesting thing about your most recent complaint is that it kind of implies that you've NOT had the high cpu problem recently, and it just started again ("is back to its old ... tricks"), along with the Windows updates. You reported you had the problem in Feb and early March. When did it go away? (Just to be clear: I have the other problem: a2start goes mad, a lot. That though can be worked around because a2start doesn't have to be running all the time.)
  14. > Unfortunately that doesn't say a whole lot, Indeed... > and I haven't been told if EAM is known to be effected. Have you asked? I expect the OP (and anyone else reading this) would at least like to be sure that your programmers know about this particular potential problem.
  15. EAM's not listed, but at the foot of the page they do say "We have received questions about lesser-known antivirus software not listed on this page and all were found to be vulnerable." which doesn't make it clear whether they tested EAM or not.
  16. That sounds like a Windows error message. If it is, it's presumably not an Emsisoft /mobile/ security issue. Can you clarify what device this is, also what OS (and version), what version of EAM or (if it is) mobile security this is, and whether the device has any other security software on it?
  17. @Cranfield No you don't. Send an email to [email protected] and give them the info about who you are and what you want. The new(ish) subscription model came in ages ago, and has been discussed here often. Many of us do not like it.
  18. You need to contact [email protected] and ask to be taken off the auto-renewal subscription option; then the old-style "License ends in nn days" text will come back.
  19. An interim solution might be for EAM to offer to add the context scan request to a queue and do it as soon as the main scan is over, or - maybe more useful - interrupt the main scan at the next file boundary and do the context scan, then return to the main scan.
  20. /I/ don't know the ins & outs of how the OS settings for dumps interact with (as must have happened here) an application's trapping of the problem. Your screenshot shows that EAM itself knows that a2guard.exe has crashed (as indeed it did last time). Maybe in this case EAM (rather than the OS) has dumped whatever the EAM programmers think is relevant, though I don't know where it would have put it. Did you - as the pane tells you to - click "Send"?
  21. I think the overhead of having full protection turned on is so small, you'd be better to have it on. Otherwise, you'll have to be very careful and also - probably - run full scans of all the files on the machine much much more often than you would otherwise, to be sure that nothing bad has sneaked onto the machine.
  22. Well, I'm glad it worked (if it did?). Maybe the Inno installer checks different things, or fewer things, than the MSI ones? Did you actually run the install with logging on? Your screenshot shows no protection is actually running though, even though it also suggests it's uptodate ("last update 6 mins ago"). You said you wanted it to run "just as a scanner, with no real-time protection". Why? If you context-scan a known-bad file, does the scan actually tell you the file is bad?
  23. Complicated... Why? We don't know either. But logs /might/ help work out why. Try the Inno installer, with its logging turned on, as I suggested. If the log file is created it /might/ say why the process thinks EAM is still installed.
  24. @stapp I thought the problem was on a Win 7 machine, but I see there's some ambiguity in what @andrewek wrote. Is the problem on the older Win 7 machine, or the newer Win 10 one?