JeremyNicoll

Member
  • Content Count

    1509
  • Joined

  • Last visited

  • Days Won

    24

Posts posted by JeremyNicoll


  1. Since (at least in W8.1), Security Overview opens on a single click of the taskbar icon, that's what I normally do before any other selection anyway.  Then the lockdown and firewall switches are right in front of you - where anyone who doesn't know their way around the menus and submenus will see them often enough to have a decent chance of 'just knowing' where they are.

     


  2. 34 minutes ago, marko said:

    just tried the new network lockdown feature but when I turn it on, my pc grinds to a halt - opening windows explorer, task manager, start menu, etc has severe lag to the point of being unuseable

    When I finally managed to get task manager open, I notice that a2start alternates between running and not responding, every couple of seconds

    If there's a huge slowdown when you do non-networky things, does that imply that your EAM is trying to do an antimalware-network lookup each time some process attempts to start? 


  3. Hmm, tried again a few minutes later  - this time cpu for a2service 'only' climbed to about 9.5%.   I do have a lot of Firefox tabs open at the moment and I noted, when I sorted the Process Hacker display by cpu that lots of those were showing around 5% cpu use.   Once lockdown was off again the Firefox processes show typically 0.05%.


  4. Hmm.  With W8.1 64bit, as soon as I turn on lockdown, cpu usage for a2service climbs from its normal 0.25% (or so) to 12.5% (which is to say that core, one of 8 here, is then 100% busy).  As soon as I disable lockdown it falls to its usual low usage.


  5. 13 hours ago, GT500 said:

    It more than likely does, however the backend won't respond to it if waiting for an HTTP timeout.

    The user only sees the GUI though.  It could say something like "Cancel acknowledged" so someone wasn't waiting two minutes for an apparent reaction to their click.  It doesn't matter to us if the backend is still waiting for something provided when it either times out or manages something, it then halts the attempted update.


  6. Searching for those two hashes on VirusTotal produces these two report pages, for something called " App Explorer ":

    https://www.virustotal.com/gui/file/d6fce4e58f95e983ec26eb1f0d865bd24c98ddd26dafaf8384747d652254bec2/detection

    and

    https://www.virustotal.com/gui/file/d6fce4e58f95e983ec26eb1f0d865bd24c98ddd26dafaf8384747d652254bec2/detection

    and the files (at least those analysed by VT)   DO appear to be  signed... by "Sweetlabs".    Nothing on the VT pages mentions TopazLabs. 


  7. > Am I correct in assuming these are actually Emisoft servers

    I don't think so.   GT500 fairly often refers to "CDNs" when people ask about problems with updates.   You'd hardly expect Emsisoft to run servers all over the world when CDNs can do that for them.


  8. Like Stapp I had to do two application restarts and a reboot between them.    That's wildly unusual.   I don't see why "a new proxy.exe requires an app restart" is the answer to this - why wasn't it shipped to us before the reboot?  The whole system restarted then.


  9. 7 hours ago, GT500 said:

    A context menu scan should use that option as well.

    If they do then that's a problem.  The settings I mean are in the 'Custom scan - Scan now' dialog and get set just before initiating a custom scan.  I use different settings depending on what I want done in such a scan...   But if the settings also affect context-menu scans, for which one has no opportunity to set them at the point of initiation, then it means I would need after every Custom can to go back to the dialog concerned and reset options to what I want for the next Context scan.   I know I won't always remember to do that.   Or, are there separate options somewhere else? 


  10. 4 hours ago, GT500 said:

    The contents of archives will only be scanned when running an on-demand scan.

    Do you mean a 'custom scan'?  Then it only happens if you also actually turn that option on.

    What about a File Explorer context scan?   I'm not clear on that - not least because (a) it seems too fast, and (b) the report only ever says one object was scanned.   I think that if a user intentionally ask for a zip to be scanned, that way, then the contents should be looked at and the report should show the true counts.


  11. That's not encouraging...   Hopefully someone from Emsi will come along and explain.

    It seems to me that there's three issues: first, whether or not with 'Paranoid' being set, files are being scanned as they are downloaded.   I'd certainly have hoped so; if not we need an "even more Paranoid" setting...

    Secondly (if files are being scanned on download): why is a scan-on-download not making the same detection as a custom scan later on?   Downloading files is surely the main way that most of us get potential malware, so a scan then should be as thorough/rigorous as possible.

    Thirdly, the Behaviour Blocker's behaviour.   If all you've let the installer do is start & display its splash screen then it probably hasn't yet done anything that the blocker would think is suspicious, so no BB alert is fair enough.  (I'm not suggesting you should let it do more if you think it is dodgy.)    I don't think/know that the fact that the installer is running with Admin privilege is relevant.  I /hope/ that malicious softare running under Admin auth is blocked when it actually does do something dodgy.

    • Upvote 1

  12. I've a feeling they won't tell you, at least not in great detail, because doing so might give clues to malware writers about how they detect things.   For example, it's clearly ok for some programs to update certain registry keys - installers do it all the time - but maybe they flag that when there's a good reason not to think that the program is a 'proper installer'.


  13. Your wizcase article says:  "Samsung TVs run on Tizen OS".    Tizen is not Windows, so EAM will not run on it. 

    I can't think of any reason why a VPN would damage the TV, and that website suggests it's perfectly possible to do it.   It's probbaly not legal/ethical though, if you're planning to circumvent georestrictions or licences.  

    Using a VPN to stream video on a TV presumably won't put you at risk of, for example, losing financial information.  But when people use VPNs (on eg a laptop, which can also run more general-purpose software) and then use them to connect to anything that involves payment systems (especially a bank), I wonder how one finds a VPN service one is sure is trustworthy.  After all, they work by you sending your internet traffic to them and then they send it on to somewhere else.  That sounds to me pretty similar to a man-in-the-middle attack... if one doesn't trust the service in the middle.