JeremyNicoll

Member
  • Content Count

    1840
  • Joined

  • Last visited

  • Days Won

    29

Everything posted by JeremyNicoll

  1. You're going to have to do the things mentioned in the forum's "Start Here" announcement - right at the top of the forum's main page.
  2. As far as I understand what pallino is saying, having gone to the BB overview which forced a reputation check, none of the items thus identified as malicious were then quarantined. Yes, ok, maybe they weren't at that moment doing anything actively malicious... but if you're not going to act on the bad reputations then, what's the point? No-one wants unnecessary programs running, especially if they are using lots of CPU - it's going to be wasting power, generating heat etc if nothing else. Would it be so hard for the BB to ask the user whether such things should be quarantined then? And, if they are actually executing, terminate them?
  3. Even if NVIDIA might not take much notice of Emsisoft complaining about that, isn't there any kind of AV-vendor consortium that could pressure huge companies to sign their stuff? It must be a pain to you all.
  4. > A ton of applications do excessive DNS lookups. ... But wouldn't an NVIDIA driver be signed & therefore trusted?
  5. Fabian: > they use a DGA to generate domain names, then try to resolve those names. Isn't a whole series of DNS lookups itself an indication that some app is attempting something that might be iffy? Clearly good apps do that too - but more common apps doing so, ega browser, are going to be on the trusted apps list.
  6. A while back, Arthur said: They are almost certainly stuck trying to contact a C&C server that no longer exists So what does that mean? Does malware typically use DNS to find the IP address of such a server, or are the addresses hard-coded? Does "trying to contact" mean that the malware is sending something (a request for instructions?) but no server ever receives it? If that's so, how does EIS distinguish between that something being sent, and any private information (eg machine configuration?) being sent? I wouldn't want any malware doing anything at all on my machine.
  7. Aren't such dumps (sometimes/always?) saved in the paging files when they occur, and only copied out of there and into the nominated disk dump file when you reboot?
  8. > Unfortunately more aggressive checking of running applications causes performance problems. That surely depends on the capability of the user's computer? Wouldn't it be better if more agressive checking was something that people could turn on if they're willing to take the performance hit - which in nay case might not even be noticeable on some systems.
  9. Ah, I see it's the new permissions system. But, after signing-out from my ordinary user and in as an Admin id (under W8.1), and using the EIS GUI under the Admin id to grant my ordinary user 'full access', when I signed out of the Admin id and back in as the ordinary user, although I see that the greyed-out stuff is now accessible again, it DOESN'T get the full access that the Admin id had. In particular there's no Permissions tab at all. The explanation at: http://blog.emsisoft.com/2017/02/01/introducing-emsisoft-product-updates-new-versioning-scheme/ does not say that that difference will exist (I used the 'Custom' feature to specify 'Full Access' for my ordinary id).
  10. I noticed settings were greyed-out in this new version of EIS, an hour or two ago. Since then I've done a complete/cold shutdown and reboot, and the same situation continues. Any clues? Oh... and it's still not possible to c&p a version number from the About screen. Why's it so hard for you to make simple changes like that?
  11. With all these various tools, I note that some people think some are better than others. Is that because they seem - more robust, or they have better documentation (if they have any) for what the options do, or better support from their authors.... or more to the point that there's some way to see what spy operations are being blocked? Do people also run tools like Wireshark (if that's appropriate) to see spy traffic being sent before they turn on these products options, and then see the traffic no longer being sent?
  12. On the GUI pane where you start a scan there's a 'Performance Options' button; if you click that you can choose how many cores EIS will use, how many threads it will use, and also the priority that such threads will be given by Windows. Maybe you need to reduce the core count or priority a little - it depends on how much else you were trying to do on the machine at the same time as the scan was running. Personally I never scan the contents of zips/archives, mainly because on my machine many of those are password protected so EIS will not be able to open them anyway. I'm not sure, but maybe opening/extracting contents of large archives might be cpu-intensive. I have a feeling that some of the optional(?) bits of Windows I've installed in the past were downloaded from Microsoft in enormous zips/archives and - for me anyway - there's no point in scanning those at all. Their contents were scanned when I used them, ,and will be scanned again if I ever re-install from them, but I have no need to scan them repeatedly.
  13. How many CPUs/cores does your machine have? And, in the definitiion of what the scan should do, have you asked it to examine the contents of zips/archives?
  14. If you import a set of rules that only contain firewall rules, do those get added to whatever was already there, or replace what was already there? If it's 'replace', would that implicitly delete one's pre-existing application rules?
  15. Surely you know that OA hasn't been a supported product for ages? This was announced in 2015. See: http://blog.emsisoft.com/2015/03/31/emsisoft-online-armor-support-roadmap/
  16. You might get a quicker response if you ask this in the "Help, my PC is infected!" forum here.
  17. Does it follow, then, that one can un-quarantine it in Windows Defender and then, provided you don't reboot, EIS will continue to run ok?
  18. Arthur, he's a Vista user. You told him yourself that it's not supported in another thread...
  19. You've already been given a screenshot of what's necessary. So if that didn't help you, we're not understanding your problem. Maybe you need to show us a screenshot of what you are actually asking EEK to do. Arthur's made the point that ALL THE DRIVES listed in the top section of the panel get scanned. Earlier you said "but you should be able to click on D drive (indicated by blue highlite similar to copy and paste"... which makes me wonder if in the list of several drives you're clicking (turning blue) the entry for D:\ ? From what Arthur said, that will NOT just ask EEK to scan D alone. Did you follow his advice to remove the other drives from that list?
  20. No oridnary forum user (eg me) can see the files you attached, though Emsisoft staff will be able to. If there's nothing private in them, c&p their contents into posts. Depending on what options each scan ran with, presumably what was examined will be "C drive only" - system files on C, plus user files on C "D drive only" - system files on C, plus user files on D
  21. Hmm. Does EEK produce a report at the end of its scan? If so, what did it say?
  22. In EIS, the pop-up help for "Malware Traces" says that means the registry and configuration files will be looked at... obviously that's going to include the system drive. But I don't see what your problem is. If you tick these systemy things, locations of system files on C will get looked at, and after that, the ordinary files elsewhere on your nominated drive(s) will be examined. Are you stopping each of your test scans before processing of the ordinary files starts?