• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by JeremyNicoll

  1. > Adding UI elements ... Ah. > If you want to copy the version number ... If all that information is deemed useful (and I can see why it would be) when someone sends an email, it would sensible to have all of it placed on the clipboard when someone clicks the yet-to-be-added button in the About box!
  2. > It's not a form field It shouldn't be beyond the ability of your programmers, since that dialog pane had X and OK buttons and four other clickable links on it to add one called, say, 'paste details' that places the release number on the user's clipboard. > I've asked about that, ... Thanks!
  3. EIS 2017.3.2.7392 (and I see one STILL cannot c&p that value from the About box - why is that so hard to do?) In the GUI, Protection -> Firewall lists firewall rules. There used to be a column that showed whether a rule applies to a private, public or all networks. There's still a column title "Address" which I think is that column, but there's no values listed under it. That makes the list pretty hard to understand!
  4. Frank said: > If you don't want to see those notifications, just disable them, as they have not much sense when a scheduled scan already is going to start, right ? But... you might want to have notifications on for randomly-inserted USB sticks, while at the same time scheduling scans of, say, a more or less permanently attached USB external drive. I think I agree with Stapp that the message, as worded now, is confusing.
  5. According to what Arthur said... the file that gets quarantined is NOT the file you are double-clicking inside the archive. It's the extracted copy. WinRAR isn't file explorer - it's showing you a picture of the files that are stored in the RAR archive. When you double-click on the picture of the keygen.exe filename, WinRAR does what it has to to extract a copy of that file and then run it. EIS quarantines the extracted copy. It's not removing the original keygen.exe from the WinRAR archive - that's still there and you are able to extract it repeatedly.
  6. You shouldn't post licence codes in public. If you can, edit them out of your post. Then wait until one of the Emsisoft employees sends you a personal message about this.
  7. If you're viewing a picture in a browser then the browser has downloaded the picture and displayed it. If there's a vulnerability in the graphics support in the browser then surely a 'specially crafted picture' (as Microsoft would typically describe it) could infect you? In essence, the file has been 'opened' by the browser's graphics support.
  8. You're going to have to do the things mentioned in the forum's "Start Here" announcement - right at the top of the forum's main page.
  9. As far as I understand what pallino is saying, having gone to the BB overview which forced a reputation check, none of the items thus identified as malicious were then quarantined. Yes, ok, maybe they weren't at that moment doing anything actively malicious... but if you're not going to act on the bad reputations then, what's the point? No-one wants unnecessary programs running, especially if they are using lots of CPU - it's going to be wasting power, generating heat etc if nothing else. Would it be so hard for the BB to ask the user whether such things should be quarantined then? And, if they are actually executing, terminate them?
  10. Even if NVIDIA might not take much notice of Emsisoft complaining about that, isn't there any kind of AV-vendor consortium that could pressure huge companies to sign their stuff? It must be a pain to you all.
  11. > A ton of applications do excessive DNS lookups. ... But wouldn't an NVIDIA driver be signed & therefore trusted?
  12. Fabian: > they use a DGA to generate domain names, then try to resolve those names. Isn't a whole series of DNS lookups itself an indication that some app is attempting something that might be iffy? Clearly good apps do that too - but more common apps doing so, ega browser, are going to be on the trusted apps list.
  13. A while back, Arthur said: They are almost certainly stuck trying to contact a C&C server that no longer exists So what does that mean? Does malware typically use DNS to find the IP address of such a server, or are the addresses hard-coded? Does "trying to contact" mean that the malware is sending something (a request for instructions?) but no server ever receives it? If that's so, how does EIS distinguish between that something being sent, and any private information (eg machine configuration?) being sent? I wouldn't want any malware doing anything at all on my machine.
  14. Aren't such dumps (sometimes/always?) saved in the paging files when they occur, and only copied out of there and into the nominated disk dump file when you reboot?
  15. > Unfortunately more aggressive checking of running applications causes performance problems. That surely depends on the capability of the user's computer? Wouldn't it be better if more agressive checking was something that people could turn on if they're willing to take the performance hit - which in nay case might not even be noticeable on some systems.
  16. Ah, I see it's the new permissions system. But, after signing-out from my ordinary user and in as an Admin id (under W8.1), and using the EIS GUI under the Admin id to grant my ordinary user 'full access', when I signed out of the Admin id and back in as the ordinary user, although I see that the greyed-out stuff is now accessible again, it DOESN'T get the full access that the Admin id had. In particular there's no Permissions tab at all. The explanation at: does not say that that difference will exist (I used the 'Custom' feature to specify 'Full Access' for my ordinary id).
  17. I noticed settings were greyed-out in this new version of EIS, an hour or two ago. Since then I've done a complete/cold shutdown and reboot, and the same situation continues. Any clues? Oh... and it's still not possible to c&p a version number from the About screen. Why's it so hard for you to make simple changes like that?
  18. With all these various tools, I note that some people think some are better than others. Is that because they seem - more robust, or they have better documentation (if they have any) for what the options do, or better support from their authors.... or more to the point that there's some way to see what spy operations are being blocked? Do people also run tools like Wireshark (if that's appropriate) to see spy traffic being sent before they turn on these products options, and then see the traffic no longer being sent?
  19. On the GUI pane where you start a scan there's a 'Performance Options' button; if you click that you can choose how many cores EIS will use, how many threads it will use, and also the priority that such threads will be given by Windows. Maybe you need to reduce the core count or priority a little - it depends on how much else you were trying to do on the machine at the same time as the scan was running. Personally I never scan the contents of zips/archives, mainly because on my machine many of those are password protected so EIS will not be able to open them anyway. I'm not sure, but maybe opening/extracting contents of large archives might be cpu-intensive. I have a feeling that some of the optional(?) bits of Windows I've installed in the past were downloaded from Microsoft in enormous zips/archives and - for me anyway - there's no point in scanning those at all. Their contents were scanned when I used them, ,and will be scanned again if I ever re-install from them, but I have no need to scan them repeatedly.
  20. How many CPUs/cores does your machine have? And, in the definitiion of what the scan should do, have you asked it to examine the contents of zips/archives?
  21. If you import a set of rules that only contain firewall rules, do those get added to whatever was already there, or replace what was already there? If it's 'replace', would that implicitly delete one's pre-existing application rules?