• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by JeremyNicoll

  1. Like Stapp I had to do two application restarts and a reboot between them. That's wildly unusual. I don't see why "a new proxy.exe requires an app restart" is the answer to this - why wasn't it shipped to us before the reboot? The whole system restarted then.
  2. If they do then that's a problem. The settings I mean are in the 'Custom scan - Scan now' dialog and get set just before initiating a custom scan. I use different settings depending on what I want done in such a scan... But if the settings also affect context-menu scans, for which one has no opportunity to set them at the point of initiation, then it means I would need after every Custom can to go back to the dialog concerned and reset options to what I want for the next Context scan. I know I won't always remember to do that. Or, are there separate options somewhere else?
  3. Do you mean a 'custom scan'? Then it only happens if you also actually turn that option on. What about a File Explorer context scan? I'm not clear on that - not least because (a) it seems too fast, and (b) the report only ever says one object was scanned. I think that if a user intentionally ask for a zip to be scanned, that way, then the contents should be looked at and the report should show the true counts.
  4. > Shutup10 I suppose I should ask: which version of this were you using? Is that the uptodate one? And which options do you think may have been the wrong ones to use? (I don't use this program myself, but any help you can provide to anyone else who comes along with the same issue in future, would no doubt be appreciated.)
  5. That's not encouraging... Hopefully someone from Emsi will come along and explain. It seems to me that there's three issues: first, whether or not with 'Paranoid' being set, files are being scanned as they are downloaded. I'd certainly have hoped so; if not we need an "even more Paranoid" setting... Secondly (if files are being scanned on download): why is a scan-on-download not making the same detection as a custom scan later on? Downloading files is surely the main way that most of us get potential malware, so a scan then should be as thorough/rigorous as possible. Thirdly, the Behaviour Blocker's behaviour. If all you've let the installer do is start & display its splash screen then it probably hasn't yet done anything that the blocker would think is suspicious, so no BB alert is fair enough. (I'm not suggesting you should let it do more if you think it is dodgy.) I don't think/know that the fact that the installer is running with Admin privilege is relevant. I /hope/ that malicious softare running under Admin auth is blocked when it actually does do something dodgy.
  6. If you go to the Protection settings (click on the Shield icon on the left side of the main GUI screen), then look at the File Guard settings there, you can make a choice ("Scan Level") for how often EAM looks at files. The default is probably less often than you'd like, but means less impact on system performance.
  7. I've a feeling they won't tell you, at least not in great detail, because doing so might give clues to malware writers about how they detect things. For example, it's clearly ok for some programs to update certain registry keys - installers do it all the time - but maybe they flag that when there's a good reason not to think that the program is a 'proper installer'.
  8. Your wizcase article says: "Samsung TVs run on Tizen OS". Tizen is not Windows, so EAM will not run on it. I can't think of any reason why a VPN would damage the TV, and that website suggests it's perfectly possible to do it. It's probbaly not legal/ethical though, if you're planning to circumvent georestrictions or licences. Using a VPN to stream video on a TV presumably won't put you at risk of, for example, losing financial information. But when people use VPNs (on eg a laptop, which can also run more general-purpose software) and then use them to connect to anything that involves payment systems (especially a bank), I wonder how one finds a VPN service one is sure is trustworthy. After all, they work by you sending your internet traffic to them and then they send it on to somewhere else. That sounds to me pretty similar to a man-in-the-middle attack... if one doesn't trust the service in the middle.
  9. I expect that's not possible, because EAM requires Windows to be running, and what's more it might need to be Windows on amd/intel cpus. What cpu and OS does the TV run?
  10. It's the installer that got the EAM warning though, not the Brave browser itself. Unless the installer also uses TOR to grab the full program? You will need to wait for Emsisoft to comment.
  11. Ok. I plugged that SHA1 hash into the search option at the VirusTotal website, which then displays what various anti-virus & anti-malware utilities think about a file (regardless of what it's been named) that contains the same thing as your file did. See: When VT looked at an instance of that file - 11 hours ago - none of the 72 utilities they used thought it was infected. However, those results are all checks of the file itself. EAM's Behaviour Blocker looks at what the file does when it is run. Although the VT website lists some of the things that this program is known to do - files it opens, registry keys it sets etc (on the "Details" tab at the VT results page), neither you nor I have any idea what the Behavior Blocker didn't like. It occurs to me that this file is pretty small - only a couple of MB - so probably what it does is contact the Brave server and download the actual browser. That might look a lot like a piece of malware trying to contact its command & control server. On the other hand lots of installers do that sort of thing. I wouldn't take the risk - Crypto Malware is extremely bad news. I think you will need to wait until someone from Emsisoft can say if the EAM warning is a mistake or genuine.
  12. Where - tell us the URL - did you find the installer for this? And what did EAM say about it?
  13. Your screenshot looks ok to me. The forensic log has one entry when a scan completes. For example, one of your scans terminated at 13/07/2019 16:13:52 It does make sense to show previous messages which said "in progress" because when they were issued, they /were/ in progress. The "in progress" message is shown for/at past dates/times, not for the current time. In computing, all logs show things afterwards that were happening at a prior time. No-one ever writes a program so that it issues messages at the time, then afterwards goes back and changes the language to show that it is now a past event. In your case the details display shows when that scan was started: - at 15:59:16 the scan was in progress doing one thing (la zone amorce) - at 15:59:16 the scan was then doing something else (the CSIDL_DRIVER line) - at 15:59:19 ie 3 seconds later it scanned memory - at 15:59:24 it scanned something? "traces?" I can't quite tell BECAUSE THE DISPLAY NEEDS TO BE SCROLLED - if you scroll it down you will find, at the end of the list of detail messages, the one showing that this scan completed at 16:13:52
  14. I think you've misunderstood. The entry in the forensic log tells you when the scan completed and what it found. When you click on that to get the detailed info you see a series of messages, of which you've highlighted initial ones. That detaied list scrolls. Scroll down to the bottom of it and you'll see all the status messages about that scan, including the final one.
  15. DPI = dots per inch. See:
  16. Hmm, dragging the grid - can't fully replicate that today. I /can/ get the buttons off the bottom of the screen (move window as far up screen as possible by dragging second lowest pixel of window border upwards), then stretch grid as open as possible, then move window down so its whole title bar is visible as normal) but the window contracts a little as soon as it is then clicked on.
  17. Hmm. I see that the grid part of that display has a draggable bottom-righthand corner. Even with no files listed in the grid it's possible repeatedly to drag the grid size out a little more so that after a while the action buttons are not visible if one scrolls the display back up to the top. If there's a reason why the grid can be dragged deeper than the screen, it might be more sensible for the buttons to be at the top of the grid and therefore always visible.
  18. Hopefully, as this problem appears to be reproducible, @GT500 will advise debug logs are created - to see why things are listed as being in the Quarantine, and also see why the option to delete is not then presented. I wonder if the list of what is in the Quarantine is kept separately somewhere (and gets out of step with actual contents) or whether as soon as one investigates the Quarantine actual contents are summarised, in which case they really should be deletable...
  19. Which version of Windows? Assuming these aren't EAM notifications, presumably in the applicable part of Control Panel?
  20. You need to provide more information. Are your users children or adults, responsible or not? Technically-aware or naive? What sort of things should they be able to do? What sort of things do you wish to stop them from doing? Is this business use, or home use or at a school, or what? What have done so far?
  21. > ... and it happens when the notification window auto-closes, not when I manually close it That's interesting. When I had this problem ages ago, I was always manually closing notifications, and I still do. I have them all set to display for the maximum time (999 seconds) so very very few of them will automatically close - perhaps only if I've been away from the pc for ages. And then I'd have forgotten precisely what I'd been doing.
  22. I successfully repeated the scan (1207668 files, about 48 minutes) later in the day.
  23. WIn 8.1 64bit, EAM 2019.5.0.9476 I set up and started a custom scan, which would normally take about 45 minutes and scan about 1.2 M files. I wasn't watching the machine as it scanned; when I came back to it I found the scan screen saying the scan was complete, only 510 files examined, no report file available. I don't know how long that took, though presumably not very long. Couldn't see anything in event viewer. I'll PM the debug logs to @GT500