• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by JeremyNicoll

  1. Which version of Firefox? What happens in Firefox safe mode? Do you run ad/script blockers?
  2. There's more than one type of Exclusions list in EAM - one so that files/folders named in it won't be scanned, and one to prevent programs from being monitored. I think you need to add mbam's .exe's (or maybe its whole programs folder) to the Exclude from Monitoring list (which is under the other one).
  3. I suppose also, anyone concerned with viewing/changing BB rules ultimately has to know what the actual .exe's name is (and where it runs from). You'll also be aware (from TM) that multipe simultaneously running programs can have the same Description name, but (of course) different .exe names.
  4. Here (albeit using the Portable Apps version of LibreOffice), I do see "LibreOffice" in the Description column in BB, but the .exe name in the Process column. If I type libre in teh search field BB does show me all the relevant entries. Task manager's "Processes" tab (on W8.1 anyway) distinguishes between "Process" which is BB's Description, and "Process name" which is the name of the .exe. In the "Details" tab the column names work differently with "Name" being the .exe and "Description". (I hardly ever use TM, preferring Process Hacker.)
  5. I think it's because the actual .exe's that form it all have names starting with "s", eg sbase.exe, scalc.exe...
  6. I don't know, but I think that what that means is that the actual blocking/allowing of traffic is done in either case by the Windows Filtering Platform code. The thing you can switch off is the MS-supplied GUI and the set of rules it maintains. I think it means you can maintain a set of rules using MS's hard-to-use interface, or a set of rules using Sphinx's product. But the actual power of the thing is in both cases dependent on what the filters that are built-in to Windows are capable of doing. Ah... I read further into the FAQ. At the bit entitled "Leak found": "W10FC is based on Windows Filtering Platform (WFP), security core of Windows10/8/7/Vista/2008/2012 completely. (Note: The built-in Windows10/8/7/Vista/2008/2012 firewall is based on the same security core). So any leaks detected in Windows 10 Firewall Control should be addressed to Microsoft directly probably. Windows 10 Firewall Control is not able to affect quality of the underlying core neither positively nor negatively anyway, Windows 10 Firewall Control is a user friendly front-end to WFP. "
  7. I'm sure Emsisoft would say there's two columns, and each one has a left-justified piece of text and a right-justified clickable thing. It's unfortunate that the rh part of the left column is next to the lh part of the right column. It'd be better if there was a wider gutter between the columns.
  8. Because you screenshotted the middle part of the display? Layout is Firewall (windows) <switch> Last update: (longago> <update now> Network lockdown <switch> Your licence ends in: <when> <View details> so there's two columns on each line; each tells you something then perhaps lets you affect it. It might be better laid out as: Firewall (windows) <switch> Last update: (longago> <update now> Network lockdown <switch> Your licence ends in: <when> <View details>
  9. Why do you say that? According to: - the third question in: "Windows 10 Firewall Control is based on Windows Filtering Platform (WFP), the security core of Windows10/8/7/Vista/2008/2012, completely and does not install any third party kernel drivers." which means (to me) that a front-end is exactly what it is.
  10. If I simply unplug the LAN cable I achieve no internet traffic and no increase of cpu in either Firefox or a2service though.
  11. This doesn't fix the problem of a2service (and firefox processes) going mad if one turns on lockdown.
  12. It's not altogether surprising that a link from a post more than two and a half years old is no longer right.
  13. Only Emsisoft support staff will be able to see those files. Someone will take a look in due course, though maybe not until Monday. When an MSI installer runs it can optionally generate a log file (which can be anywhere between slightly detailed or very very detailed). Turning on such logs is done by setting up a registry key, as described at: As it says there, if you do turn this on you should probably plan to undo that later on as every MSI install would then create its own log file. The log file might indicate why your install is not working... but it might also be hard to understand. If you're a programmer it's maybe worth trying, otherwise, probably not. Oh - the logs will most likely be placed in your admin user's %TEMP% folder.
  14. OK, so what are you asking? What IS happening when you try to install? Which installer are you using, and where did you find it? Also, what version of Windows?
  15. Since (at least in W8.1), Security Overview opens on a single click of the taskbar icon, that's what I normally do before any other selection anyway. Then the lockdown and firewall switches are right in front of you - where anyone who doesn't know their way around the menus and submenus will see them often enough to have a decent chance of 'just knowing' where they are.
  16. If there's a huge slowdown when you do non-networky things, does that imply that your EAM is trying to do an antimalware-network lookup each time some process attempts to start?
  17. Hmm, tried again a few minutes later - this time cpu for a2service 'only' climbed to about 9.5%. I do have a lot of Firefox tabs open at the moment and I noted, when I sorted the Process Hacker display by cpu that lots of those were showing around 5% cpu use. Once lockdown was off again the Firefox processes show typically 0.05%.
  18. Hmm. With W8.1 64bit, as soon as I turn on lockdown, cpu usage for a2service climbs from its normal 0.25% (or so) to 12.5% (which is to say that core, one of 8 here, is then 100% busy). As soon as I disable lockdown it falls to its usual low usage.
  19. Quite a few of us have made this complaint but, so far, the only way to reverse it is to email [email protected]
  20. The user only sees the GUI though. It could say something like "Cancel acknowledged" so someone wasn't waiting two minutes for an apparent reaction to their click. It doesn't matter to us if the backend is still waiting for something provided when it either times out or manages something, it then halts the attempted update.
  21. Shouldn't the GUI be able to set a 'cancel' flag asynchronously from whatever the backend is doing?
  22. Ach, so they are. I just c&p them out of the OP's report and looked them up separately. I wonder why the OP had two copies?
  23. Ah... I think you're complaining that the links in the post above no longer work. As the images etc were not hosted on Emsisoft's servers I doubt anyone will be able to help you. Why are you so interested in such an old piece of malware?