• Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by JeremyNicoll

  1. EIS 2017.3.2.7392   (and I see one STILL cannot c&p that value from the About box - why is that so hard to do?)

    In the GUI, Protection -> Firewall lists firewall rules.  There used to be a column that showed whether a rule applies to a private, public or all networks.   There's still a column title "Address" which I think is that column, but there's no values listed under it.   That makes the list pretty hard to understand! 

  2. Frank said:

    > If you don't want to see those notifications, just disable them, as they have not much sense when a scheduled scan already is going to start, right ?

    But... you might want to have notifications on for randomly-inserted USB sticks, while at the same time scheduling scans of, say, a more or less permanently attached USB external drive. I think I agree with Stapp that the message, as worded now, is confusing.

  3. According to what Arthur said... the file that gets quarantined is NOT the file you are double-clicking inside the archive.   It's the extracted copy.    WinRAR isn't file explorer - it's showing you a picture of the files that are stored in the RAR archive.  When you double-click on the picture of the keygen.exe filename, WinRAR does what it has to to extract a copy of that file and then run it.  EIS quarantines the extracted copy.   It's not removing the original  keygen.exe  from the WinRAR archive - that's still there and you are able to extract it repeatedly.

  4. On 15/08/2016 at 9:47 PM, Elise said:

    Keyword here is "don't open it". If it is not opened, it cannot infect you.

    If you're viewing a picture in a browser then the browser has downloaded the picture and displayed it.  If there's a vulnerability in the graphics support in the browser then surely a 'specially crafted picture' (as Microsoft would typically describe it) could infect you?    In essence, the file has been 'opened' by the browser's graphics support.

  5. As far as I understand what  pallino  is saying, having gone to the BB overview which forced a reputation check, none of the items thus identified as malicious were then quarantined.  Yes, ok, maybe they weren't at that moment doing anything actively malicious... but if you're not going to act on the bad reputations then, what's the point?  No-one wants unnecessary programs running, especially if they are using lots of CPU - it's going to be wasting power, generating heat etc if nothing else.   Would it be so hard for the BB to ask the user whether such things should be quarantined then?  And, if they are actually executing, terminate them? 

  6. A while back, Arthur said: They are almost certainly stuck trying to contact a C&C server that no longer exists

    So what does that mean?   Does malware typically use DNS to find the IP address of such a server, or are the addresses hard-coded?  Does "trying to contact" mean that the malware is sending something (a request for instructions?) but no server ever receives it?  If that's so, how does EIS distinguish between that something being sent, and any private information (eg machine configuration?) being sent?   I wouldn't want any malware doing anything at all on my machine.

    • Upvote 1

  7. Ah, I see it's the new permissions system.    But, after signing-out from my ordinary user and in as an Admin id (under W8.1), and using the EIS GUI under the Admin id to grant my ordinary user 'full access', when I signed out of the Admin id and back in as the ordinary user, although I see that the greyed-out stuff is now accessible again, it DOESN'T get the full access that the Admin id had.  In particular there's no Permissions tab at all. 


    The explanation at:  does not say that that difference will exist (I used the 'Custom' feature to specify 'Full Access' for my ordinary id).

  8. With all these various tools, I note that some people think some are better than others.  Is that because they seem - more robust, or they have better documentation (if they have any) for what the options do, or better support from their authors.... or more to the point that there's some way to see what spy operations are being blocked?   Do people also run tools like Wireshark (if that's appropriate) to see spy traffic being sent before they turn on these products options, and then see the traffic no longer being sent?

  9. On the GUI pane where you start a scan there's a 'Performance Options' button; if you click that you can choose how many cores EIS will use, how many threads it will use, and also the priority that such threads will be given by Windows.   Maybe you need to reduce the core count or priority a little - it depends on how much else you were trying to do on the machine at the same time as the scan was running.

    Personally I never scan the contents of zips/archives, mainly because on my machine many of those are password protected so EIS will not be able to open them anyway.  I'm not sure, but maybe opening/extracting contents of large archives might be cpu-intensive.  I have a feeling that some of the optional(?) bits of Windows I've installed in the past were downloaded from Microsoft in enormous zips/archives and - for me anyway - there's no point in scanning those at all.  Their contents were scanned when I used them, ,and will be scanned again if I ever re-install from them, but I have no need to scan them repeatedly.