• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by JeremyNicoll

  1. WIn 8.1 64bit, EAM 2019.5.0.9476 I set up and started a custom scan, which would normally take about 45 minutes and scan about 1.2 M files. I wasn't watching the machine as it scanned; when I came back to it I found the scan screen saying the scan was complete, only 510 files examined, no report file available. I don't know how long that took, though presumably not very long. Couldn't see anything in event viewer. I'll PM the debug logs to @GT500
  2. Here (Win 8.1) such a file is shown as 0 bytes by File Explorer... but it's open to a2service, so I suppose what FE shows is misleading. Sysinternals says: C:\Windows\system32>handle -a \temp\tmp Nthandle v4.21 - Handle viewer Copyright (C) 1997-2018 Mark Russinovich Sysinternals - a2service.exe pid: 9140 type: File 27E0: C:\Windows\Temp\tmp0000049d\tmp00000000 C:\Windows\system32> and dir also shows it's empty C:\Windows\system32>dir /s "c:\windows\temp\tmp*.*" Volume in drive C has no label. Volume Serial Number is F607-7930 Directory of c:\windows\temp 11/06/2019 20:48 <DIR> tmp0000049d 0 File(s) 0 bytes Directory of c:\windows\temp\tmp0000049d 11/06/2019 20:48 0 tmp00000000 1 File(s) 0 bytes Total Files Listed: 1 File(s) 0 bytes 1 Dir(s) 210,853,363,712 bytes free C:\Windows\system32> So... did something get unpacked into it,then removed, or what?
  3. > Did it update when it ran? Not so far as I know. I always download the newest available version immediately before running that. It never asks if it can update or shows any sign of doing so. Should it?
  4. > Perhaps I can send the debug logs ? Only if you had debug logging turned on before and during the problem. Most users do not ever have it on because it can slow EAM down. It also creates files which grow in size very fast... You can check - the place where you'd choose to turn it on is at Settings -> Advanced -> Debug Logging.
  5. Yes. I've PMed you a link to that too. But note that it's been (a) scanned again ok, and (b) run ok, since then.
  6. Win 8.1 64bit, EAM 2019.5.0.9476 Every couple of weeks I run FRST64.exe, just so I have a set of its reports going back through time, for comparison with a current report, if I need it. Today, having downloaded that file, I used File Explorer's context menu to ask EAM to scan it. I have a 4 cpu, 8 core machine, and instead of getting a near-instant response, one cpu core went 100% busy - ie Process Hacker showed cpu at 12.5%. After a quick look at it in PH, and restarting PH under Admin auth, I dumped a2service. After doing that, EAM reported the scan complete. I've since scanned an innocuous text file and also FRST64.exe again, both without a2service going mad. I'll zip up the dump and debug logs and PM them to @GT500 .
  7. > I suppose you could argue that it should be called Mon Emsisoft ... Or "Ma"? What gender is an "Emsisoft"? Maybe it would be more, umm, sympathetic (or do I mean sympathique?) to say "Ma". Or "Mes" if they're a plural entity?
  8. Does Settings -> Advanced -> User-interface language say English or French? (I don't know why it might have changed, but at least you should be able to get French back.)
  9. You said, and I asked: > I saw plenty in the forums of people losing data and wiping drives. Do you mean the forums here, or somewhere else? and you replied: "Forums here.". I read everything (in English) here, and I am amazed that you say "you saw plenty"... I have no recent recollection of anyone reporting this problem, at least not in the English part of the forum. How about the URLs for these "many" occurrences? Moreover, if there were lots of these, surely you saw that Emsisoft support would have been involved? So why go off on a rant by yourself; why not wait for help?
  10. > I saw plenty in the forums of people losing data and wiping drives. Do you mean the forums here, or somewhere else?
  11. What do you mean by "when I went to uninstall it because of their drivers"? Whose drivers, and why? Did you note down the types of stop errors? Do you have any other antivirus or antimalware programs installed?
  12. Any update? Today's scan again reported every find twice.
  13. > I have been right-clicking and selecting..send to compressed zip.. on in use debug files for years now. But that has only ever given you (strictly) an incomplete copy of such a log. You've never noticed because the data as yet unwritten to the log has presumably never been for a period of time that mattered to you. In computing in general it's better to get the application that's creating the log to close it, so all data not yet written to disk is written out, and then you can copy it or copy and zip or whatever.
  14. OK, got you. It'd have been clearer if you'd said "all forensic logs" though, when talking about stuff deleted from the EAM GUI. I wondered if you'd found a facility I didn't know about. It's also just occurred to me that you (still?) turn off your machine every day? That would mean you'd have new sets of debug logs every day. I leave my machine on for days at a time, which means there's no such thing as an older debug log a lot of the time.
  15. > I wnted to start... Sure, but not the debug logs.
  16. Peter, you know that MS sometimes re-issue updated versions of some updates, with the same KB number as earlier versions? Eg: KB890830 comes around every month (the MSRT). But it does happen also with fixes they rework.
  17. > I purged all logs via the gui But that's surely forensic logs only?
  18. If I right-click an in-use debug log here, I can certainly choose 'send to zip' and that does work, in the sense that I end up with a zipped file. But - unless something in Windows asks the owning application to flush the file to disk, it might not be complete. It depends also on how often EAM does that flush. If I try the 7-zip equivalent command, 7zip says it cannot do it because the file is open. When you say "... the context menu of the EAM debug logs has become corrupt..." here I just see a normal 'File Explorer' context menu. Nothing special. When you say "I have purged all logs from the GUI" do you mean the EAM GUI or File Explorer? I wasn't aware that you could 'purge' debug logs from anywhere inside EAM.
  19. On Win 8.1, I got a dark version of this "remind me again" screen. I was busy doing something else so didn't look very close, though I did see some sort of text bleeding through the area to the right of the "1h" part. I also tried clicking the drop-down arrow, and there was only one option "1 hour".
  20. I'd expect "send to zip" to be able to send only the data in the disk file, not anything still pending a flush to disk. I wonder how often the flush occurs? Here [Win 8.1], deleting old ones isn't an issue except that they have to be old (ie not the current file) before that works. If I try to delete an in-use log Windows tells me it's in use by EAM. I have debug logging on all the time and while some of the debug logs seem to close & start anew every few days (maybe each time there's a restart of part of EAM?) others span many days' use. The only way I can get rid of them is to close them first.
  21. I would expect the debug logs to be permanently open to EAM as it is writing to them. Whenever I want to delete old ones, or send any to Emsisoft, I disable and immediately re-enable the debug logs. The disabling closes the in-use files, and re-enabling creates new ones and starts writing to them. (I have been doing this close & re-open process every three to four days for months now, to delete the older log files.)