Batman

Member
  • Content Count

    273
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by Batman


  1. 6 hours ago, GT500 said:

    The Behavior Blocker uses a set of rules that we can update at any time. We base those rules on what kind of behavior we see from real-world malware, so if something is submitted that isn't triggering the Behavior Blocker then we can quickly update the rules to make sure that the behavior it exhibits is detected in the future.

    Is Behavior Blocker able to create its own rules without YOU? I mean, is it possible BB use machine learning or artificial intelligence? I think, Using these technologies for BB may reduce the false positive and detect Zero-Day malware.

    Anti-Malware software cannot have effective protection and detection as long as it is dependent on its creators. Do you agree with me?


  2. 3 hours ago, Frank H said:

    2020.4 improvement is: if you try to uninstall EAM and you have set the administrator password, you will get  a dialog presented,  asking for the admin password.

    This prevents unauthorized uninstall by (local admin) users.

     

    Hello Frank

    I am pleased to present this feature.
    One question:
    Can the feature prevent uninstall Emsisoft by RDP hacker via any way like Third-Party tool, PowerShell, and...?


  3. Dear Arthur, Thanks for your excellent support.

    Is there a solution other than "Limit User Accounts in Windows" for this issue? I need to set the maximum possible limit for users with administrator access.

    Will I be able to view and check uninstalled EAM from the cloud console in the future? This feature will be very beneficial.

    Unfortunately, over the past few months, this has diminished my credibility and performance.
     


  4. Many thanks for your attention.

    7 hours ago, GT500 said:

    Is it not possible to teach them how to add exclusions?

    I always set their permission level to "No access". 
    For this reason, they cant to exclude and change the configuration.
    Therefore they choose the fastest option: Uninstall Emsisoft.

    In your opinion, Does this feature help improve protection and security?

    Most unauthorised users are unable to uninstall EAM and other AV via the registry key and other options, which means improved protection.
    Also, this feature can disrupt hackers' work and even stop them from continuing their malicious activity. Do you agree with this argument?

    Most companies have this feature. Did they mistakenly develop this feature?

    Password_undefined.png.fbaaddb13f49dd8326be785e4084f384.png
    Download Image

    post-624098-1491206443.jpg.9bc170ca48db3432e3358e53c148c6a1.jpg
    Download Image

    66409_WechatIMG37.jpeg.416b52c89fce40c92fff169974cf1b57.jpeg
    Download Image

    download.png.4d7e97fe503da494ad1f8a0cfb47faab.png
    Download Image

    Pic2.jpg.198c3af02a4af73873141673f7d75663.jpg
    Download Image

    2016-03-12_16-43-35.jpg.f84f4ead11d9c8fc639c55f5dd985f5f.jpg
    Download Image

    OfficeScanUninstallPassword.png.2b650563e792a1d458a8811d591969d6.png
    Download Image

     

    5.png
    Download Image


  5. 10 hours ago, GT500 said:

    Limited user accounts in Windows can't install or uninstall software. If you don't want someone to be able to uninstall your security software, then you should keep a single account with administrator rights that is protected by a reasonably secure password, and then all other accounts (including the one you normally log in with) should be limited accounts.

    I'm a little confused about what's the difference between these two cases.
    Any user with the administrator account cannot shut down the protection or disable the components due to the password, but they can uninstall it without any limitation!

    I have several antivirus contracts with small companies.

    They require admin user accounts for their third-party software. It's not possible to limit their user accounts, and they uninstall the software whenever they have conflict within the Emsisoft. 

    Also, it is not possible to monitor if the EAM has been removed in the cloud console.

    I've worked with Kaspersky, Sophos, and Eset before. They didn't have this problem. Using them, I was able to limit the uninstall of antivirus.


  6. On 8/28/2019 at 5:22 AM, GT500 said:

    My apologies, I misread your original post.

    To my knowledge, there is no way to uninstall Emsisoft Anti-Malware on all workstations on a network automatically. Automating uninstalls of Anti-Virus software is a major security risk, as it would allow an attacker to remove protection from all computers on the network easily (a good example of where this would be possible is RDP compromise).

    A hacker can easily uninstall the Anti-Malware without any problems and hardship!
    There is no password request even for uninstallation!
    Do you have a solution to this problem other than the group policy?


  7. 5 hours ago, GT500 said:

    Try the following, and let me know if that helps (feel free to export your settings first to make a backup):

    1. Open Emsisoft Anti-Malware.
    2. Click on Settings.
    3. Click on Advanced in the menu at the top.
    4. Scroll down to Factory defaults (second option from the bottom of the Advanced list), and click the Revert button.
    5. Select the option in the dialog for Permissions (make sure that's the only option selected), and then click OK to revert permissions back to default.

    Note that the changes should take effect immediately, however you can also right-click on the Start button, go to Shut down or sign out, and select Restart from that menu in order to force the Emsisoft Protection Service to reload on startup.

    I made the changes
    But the problem remains

    Untitled.png.5f139eaf9162dfb3ed3352d7a59874da.png
    Download Image


  8. 5 hours ago, GT500 said:

    Is this the same computer you're having the other notification issue on?

    This problem has happened to this computer and my costumers' computers.

    On 9/13/2019 at 8:05 AM, GT500 said:

    It could be the Quarantine re-scan that is automatically performed after new updates are installed. Can you check and see how many files are in your Quarantine?

    Also, if you'd like to try turning off the Quarantine re-scan to see if that helps, then you can find the option in the settings in the Advanced category (I would believe the default option is Always).

    image.png
    Download Image
    Download Image

    I think this problem related to "Quarantine re-scan after updates". After disabling, I no longer see the problem.