Raul90

Member
  • Content Count

    30
  • Joined

  • Last visited

Everything posted by Raul90

  1. The concerns are: 1) I am unhappy with the direction taken (but it's all done now). Just voicing out my unhappines and concern for the other users. 2) It has been stated there in my last reply. Am concerned about those people I mentioned especially those that are not very well versed with setting up a firewall, like the persons given as example there in my previous statement -- the average officeworker or office staff, or a grandma etc --the non-techy people). The burden is on the user(them), not Emsisoft. Not all Emsisoft users are geek or techy. I know a lot who have just learned to use EIS because it's just a little amount of effort to set up it's firewall module. Even my old boss is happy with it and doesn't want to change security app believing (still) that it will not push through (sorry to her). It maybe that you are a "techy" because you loved Online Armor because it will take a lot from you setting it correctly/making it run in the leanest possible setting to not bother your everyday work but other people are not like you/us.
  2. Does O&O Shut up take care of this?
  3. The alerts that are given do not contain much information to understand most of the time I scratch my head searching what was being triggered or what is being affected. I want to understand those alerts but the logs and less information is not helping. I remember someone stating that the logs are "exhaustive" because they are quite long or abundant --something like that. Less information = less understanding.
  4. As mentioned I am unhappy with the decision BUT it's all final now so nothing's gonna change that or "us" who don't agree of the change. For those people who came to love EIS (especially those who are not into setting up a firewall like the average officeworker or office staff, or a grandma etc) will definitely consider looking some place else or swallow the bitter-pill of getting/trying to make it work with the Windows firewall. Emsisoft says, "less error in setting up ---or something like that" but it actually is "more settings to be done" to compensate for the loss of the firewall module. Less is only for Emsisoft (as they will not think anymore of firewalls per se) and not the user (especially those that are not very well versed with setting up a firewall, like the persons given as example there in my previous statement). The burden is on the user, not Emsisoft. Chances are they will be looking for a suite that's an "install and leave" because, "are not very well versed with setting up a firewall". A lot of us came to like EIS (though I feel there's something more to be done about the firewall logs --more information). It's not hard to set-up plus the default setting with the in-built rules for the user to actually adapt is user friendly. But the burden has been passed-on to the user now and we will be all left without that firewall module we came to love in exchange for additional/extension of the license. So the question now is a week or two after the final change...to stay or not to stay...that is the question. If Emsisoft's goal is to reach that lower-end crowd who is the "install/leave-kind" (just as I remember when it discontinued Online Armor and shifted to EIS) then this direction isn't for them because of the additional burden/work to achieve the same level o security. You are actually making them to re-think and see what else is out there. Online Armor was labeled as "geek-only" (learned to use it after some months/year of checking it out), but the new EAM user (especially the crowd that I am mentioning) will need a geek to teach them setting-up the Windows firewall, get something else or get something to augment/strengthen EAM) to have that same level of security that EIS has provided. So goes the question (a week or two after the final change)...to stay or not to stay...that is the question.
  5. You guys did it before when you got rid of Online Armor... Now you are doing it again with Emsisoft Internet Security....you really are getting out of the firewall business huh....Previously you said that, Are software firewalls useless? http://blog.emsisoft.com/2014/09/19/whats-the-point-of-having-a-firewall/ Now you are abandoning all your loyal users to the default Windows Firewall.... Have a great Windows Firewall -default allow-day!!!!
  6. Quick question here. Is there a way to disable surf protection and not get the yellow color of the tray icon? I have Online Armor Premium and have been using it's Web Shield instead of EAM's. I do not want to use EAM's as a choice so I disable it. Is there a way? Thank you. Whatever happened to the resizing of the gui? It's too large!
  7. -- So sorry for it. There was no intention to hide it. Here it is in full. -- OK. --- -- I think that is the best explanation I've heard. and this one too. (below) It does have it's pro's and con's depending on the user. Trying it out is best and learning it another mattter. Learning/understanding it is best especially when you intend to use the product for the family pc. Having a food grasp of EISv9 is crucial to me as I am now distancing the mentality from being a long user of OA Premium firewall to the new Emsisoft firewall. -- OK. -- Will try that out and re-try from scratch. Thanks for all the explanation and understan ding.
  8. Thank you for your explanations Fabian you rock man! This is trying-out / testing really is -- understanding the product so you will get a grasp of it. Do allow me some more questions, -- Any comment on the "Block connections" and "Block all connections"....? Also on the log details, I rather think that is exhausting to the user and might just instead "allow all".....especially that you target "most users" who do not want to be inconvenienced. That is actually what I did. Allowed all and started to click "Allow/Block" in BB until I have landed on to I accepted. It took some time for me. So it may very well be "allow all" and not "Custom"... Can you try Imageburn.exe with no rules and see how will EISv9 perform...? I have just installed Imageburn.exe in an old x32 pc with Comodo and I nearly uninstalled it due to the exhausting pop-ups. If not for the logs that I got and checked each item I would have been tempted to place it as Trusted. See "some" of the info I got that nearly led me / tempted me to put Imageburn.exe as Trusted. This is also an exhaustive log (which you guys do not want) which is as you said also a long one, but that is in a way the only thing that will help the user make a correct decision. Just my two cents here.... Will EISv9 throw a pop-up if you have Imageburn.exe installed and the BB is set to "All Allowed"..? (May not throw one...correct?) If you set "Custom Monitoring" but leave it all unchecked...will BB throw a pop-up when you launch Imageburn.exe? Most of the info quoted above were thrown when I wanted to exit Imageburn.exe. Will EISv9 BB be able to intercept the listed behavior when you exit Imageburn.exe...? What may be a good setting in EISv9 BB for the given info above..? I am really trying to understand EISv9 so please pardon me for many questions.
  9. As to the logs, there will be no way of actually checking what I may did wrong in rule setting...It will just stay there and not assist the user. So in order to correct or check what I may have done wrong I'd have to delete the rule and do it all over again. After that check it again and see what is the result, if not to my liking, I'd have to delete it again and do it all over again. This is what happened to me when EISv9 was blocking the launch of Minitool Partition Wizard. I thin think that is exhausting to the user and might just instead "allow all"..... So in EISv9 we cannot set BB to block or restrict an application from being triggered to run by a program even if you do not place it as trusted. EISv9 BB will throw a pop-up on the "triggered application" (which in this case, firefox.exe.) From there you will make an app rule for firefox.exe based on the interception that it (firefox.exe)wants to connect to a computer via port 10xx. Firefox.exe's "behavior to connect to" is being intercepted/classified as a negative behavior by EISv9's BB and not PuranDefrag's stealth-trigger behavior... But what happens when another application (say, a trusted application) wants to access the blocked ports? Will I get a pop-up or the port will be blocked/restricted from use in firefox.exe. If EISv9 BB intercepts/blocks the triggered application instead the guilty program's behavior is free to behave as it wants and start/launching whatever it wants. I went online and there is a new pop-up again about firefox wanting to connect to a computer via port 10xx. I selected "Blocked all connections" and as a result no connections can be established using firefox.exe. I deleted the "Autorule" that was created from the "Blocked all connections" and started again this time selecting "Block connection" only. Connection was still established. See image below. Booting to a partition with Emsisoft IS (EAM_OA Premium), OA Premium HIPS blocks access to the triggered application firefox.exe and prevents it from launching altogether. Thus any connection from the triggered application get's blocked altogether. You can still use firefox.exe. It just blocks firefox.exe launch from Puran. But this is as you say a HIPS feature. Another question comes to my mind which is to block a program from placing an autorun item in, HKCU\Software\Microsoft\Windows\CurrentVersion\Run Encountered one program like this, Glary Utilities 5>StartupManager.exe. When you exit the StartUp Manager it places an autorun there so when you restart your pc "GUDelayStartUP" will appear as a startup. Can we block that in EISv9 BB? If so how? In contrast with OA Premium HIPS I have created a registry block rule for any program that will place an autorun there. The images where done on the same partition I am now using with EISv9. See image below.
  10. Continuing my trial of EISv9. Some questions if I may.... I was fiddling with the rules creation earlier and there where pop-ups that EIS threw. When I checked the logs and double-clicked an item I could not get any details of any log there. Along the process of launching programs (after rules creation) I needed to review/check what I may did wrong or what needs to be corrected. As I see it all the logs you cannot review or see details or additional info except that in the Firewall logs which have a "App rule added". Firewall logs with "App rule added". Can there be some kind of way to see the details of all the logs? Also I happened to a pop-up when I wanted to launch PuranDefrag. It says that PuranDefragGUI is "attemting to manipulate other processes". I do not know what "processes" they are? Is it possible for the EIS pop-up to state/list what "process" or "processes" the program is trying to manipulate? Also along the line of the pop-ups, I seem to remember that in OA Premium when a pop-up is thrown and you answer it, say, "Block" the application rules is updated to include the answer you gave to that pop-up or something like that. That is true with the pop-up I got when I tried to click "View Website" in PuranDefrag. But the target application is the one identified in the pop-up. There is no hint of PuranDefrag trying to launch Firefox.... "The program firefox.exe wants to connect to a computer on port 10xx"...So the connection to a computer(URL) via the port 10xx will be blocked and not firefox.exe...? Correct..? So application(firefox.exe) launch will be allowed? I see that when I repeat to click "View Website" there is still the pop-up with another port number. PuranDefrag triggers firefox.exe for a connection and continues to search for every port available(1031, 1053, 1059, 1061, 1087 and counting). Isn't it more simpler to block the "trigger" or PuranDefrag to start another application? Can that be done with EISv9..?
  11. I just took the plunge and installed EIS 9 Beta. At first it went well until I tried to import my config for EAM and then the gui changed from EIS to EAM! So I uninstalled and did a clean install again. See images below. Would it be possible to have a way to copy a created rule from another application? It's a bit time consuming to do rules creation from scratch and there are similar rules that I use for, say, media players and image editors...is that possible? I seem to see that every update I have a pop-up that I have to restart. Is that normal? Have seen it around 3x now and I did restart after the two updates(so I restarted 2x now). Still observing here.
  12. Okay will do and report back here. Thanks.
  13. Hello GT500, Thanks for the reply. It is strange as using Comodo's own cleaner removes all traces of it even the browsers like Dragon and Ice Dragon. I checked the installed programs and the Comodo's driver is not listed there. Here is a snapshot of Revo Uninstallers Installed apps. Where should I check?
  14. To continue: This is on the EAM/OA Partition In RAS(modem), In NDIS,
  15. Hello GT500, I tried that the first time I had installed EAM/OA and got the bcdedit.exe error the first time. I thought that it was EasyBCD that is being blocked or somewhat conflicting with EAM and OA. In OA I placed the exclusions and also allowed iReboot / Easybcd.exe in the firewall. It was only when I had to exit/re-start iReboot everytime I was to boot to the other partitions that I had the inkling that it might be iReboot that's conflicting and not EasyBCD. When I checked both folders has "bcdedit.exe". Even when I removed the exclusions for, C:\Program Files\NeoSmart Technologies\iReboot still had the error. There was also no pop-ups(still at iReboot ver1.0). I upgraded to iReboot 1.1.1 from 1.0 and it disappeared. No errors of the same kind but pop-ups occurred specifically for iReboot.
  16. I was to edit but was not allowed.... Anyway, kindly see the 4th image. The Mobile Broadband Connection shows an "X" there when using RAS(modem). When it's NDIS that connection does not show an "X". Is something further wrong here...? I am getting confused...
  17. @GT500, The connection is wireless and the OA Helper driver is there but I was shocked to see a "Comodo Internet Security Firewall Driver" is also there. This is using RAS(modem) See image. This partition had previously CISver5.12 as it's firewall. Prior to uninstalling it and using it's cleaner. From there I installed EAM/OA --which now is Avira/OA. I do not know about the partition with EAM/OA as both are the same. I'll check it later and post with NDIS and the other partition. This is using NDIS Now I mentioned it's wireless and I also checked the properties of the mobile plug-it(seems it should have been this..correct?). In NDIS, In RAS(modem), Both allows connection but using NDIS I don't have the firewall status. @trujwin, I change it via the interface gui of the Mobile broadband application.
  18. I booted to the other partition with EAM/OA and it was the same. See image with connection type: NDIS below. Will wait for your assistance on some explanations Thanks again!
  19. Fiddling on, I have noticed that my broadband plug-it modem has two connection types. RAS(modem) and NDIS. At the time of the "no active interfaces" it was in NDIS. I changed it to RAS(modem) and here is what I got. See image below. The IP address is now seen in the top of the Firewall Status. Plus there are active intrfaces. Have not really checked out the settings but both works (RAS (modem) or NDIS). This is the first time I have noticed it since using OA again. Normally I'd check Process Hacker or the firewall status of Outpost (which is not in graph form as Emsisoft's) or KillSwitch (same as Process Hacker). Either one works but my question is: What is the difference between the two as far as safety is concerned...or how can OA protect me..? While it is a concern that I cannot see what's happening when it's in NDIS, the connection seems a bit better as compared to RAS(modem). I don't know about peak hours though. Usually at peak hours I use an old dial-up which is much stabler than a plug-it here in my part of the world. At peak hours you'd be blessed by server time outs -- a lot! RAS setting is a dial up connection...correct? NDIS is a LAN or Broadband connection...correct? Which is better to use..? Which is safer to use..? If I use NDIS is there a way I can see firewall status data? As in the image all I get is like a loopback 127.0.0.1. What maybe the best setting for NDIS in OA..? In RAS(modem)..? I am not a firewall expert but I trust the product that protects me especially tried ans tested products like OA. But I's like to learn more on how this is. I have the Emsisoft Internet Security from where I have this OA installation. Now that it is paired with Avira may I ask if I attempt a "re-install" or an "install over-existing installation" can I still use the EmsisoftInternetSecuritySetup.exe (298mb) installer (latest)..? Or can I use the OnlineArmorSetup.exe (version6 - 29mb)..? Thank you
  20. So sorry about the images attached. Here it is again(I was to edit it but I got a pop-up saying "You do not have permission for this action" --- huh? what the... Now I do not know if this is related to the issue I am having with another partition I have with EAM/OA (internet suite) but this partition is from an image created from that EAM/OA partition. I just removed EAM and installed Avira(which was to test a "bcdedit.exe error" I am having if it's EAM or OA whose the culprit). Now I stopped and restarted OA but it's the same. No active interfaces. Is a re-install warranted or..... Can someone explain this to me please.... Thanks very much
  21. I'd like to attach this photo(edited) so it would not cause confusion. I marked the partitions with the Avira_OA and EAM_OA in it. Thanks for the patience.
  22. A funny thing happened today! I connected to the internet and updated my AV and OA Premium. Then Malwarebytes Pro(on-demand). The I started to surf the net and when I checked the Firewall Status I have "no active interfaces". See images below. Now at the time I was downloading from Softpedia SRWare Iron ver 27 Stable both .exe and Portable version. Connected to support.emsisoft.com and tipradar.com. I am dumbfounded. This is a first! Can someone explain this to me please.... Is OA still protecting me when it's like that? How can I be sure..? This is on a Win 7 x32 with Avira IS (no firewall / backup/ Proactive). Avira is excluded in OA and vice versa.
  23. Hi, Thanks for the reply and explanation there. This is a bit long and I beg for your patience and understanding as to the "bcdedit.exe error" I am experiencing while using EAM / OA. As of last post I mentioned that I now set the second partition which formerly was Avira IS (no firewall etc) + Outpost Firewall Pro ver8 to have Avira IS (no firewall etc) + Online Armor Premium. Now I am also having bcdedit.exe error as of the partition with EAM/OA (let's call it partiton A). See image attached. This partition when it was with Avira IS (no firewall etc) + Outpost Firewall Pro ver8 (let's call it partition B) "never" had any issues like this one. I used the same partition as of the EAM/OA. What I did was to make an image of the partition using Acronis True Image 2011. Deleted the partition housing the former Avira IS (no firewall etc) + Outpost Firewall Pro ver8 and restored that system image to it. a. imaged partiton A with EAM/OA b. deleted/formatted partition B c. restored imaged partiton A with EAM/OA to partition B d. uninstalled EAM via Revo Uninstaller, rebooted 2x e. installed Avira IS (no firewall etc) and updated it via the internet). f. rebooted g. error in bcdedit.exe Now I have searched for some possible resolve in this issue as I do not want to just not use a prduct because of this. I made an upgrade of iReboot from 1.0 to iReboot 1.1.1. Now I remember that the reason that I was using 1.0 is that I do not want iReboot 1.1.x trying to use port xxx (I think I was with Comodo at that time (or Avast IS firewall). For me those that do not need to call home I block. I went to Neosmart Forums and saw this: This is the link where I got the info, http://neosmart.net/forums/showthread.php?t=8089 Now as of this writing, I am leaning on the idea that it's OA whose blocking or not allowing iReboot to function properly eventhough that it's iReboot 1.0.x which as stated in a thread in Neosmart forums does not behave like iReboot ver1.1.1(uses the local loopback IP 127.0.0.1 and needs an open port to work/talk between the service and the taskbar icon to get around UAC). This is what I see in 'Process Hacker ver2 > Network': Name : iRebootd.exe (3956) Local Address : 0.0.0.0 Local Port : 9076 Remote Address: Remote Port: Protocol : TCP State : Listen Owner : iReboot I was not able to check the behavior when I was still in iReboot 1.0.x (sorry..dont wanna revert back to an image..I'm tired now). Also I cannot check the Process Hacker log as I do not have internet at the moment as the dumb guys of my ISP have borked something and connection is not available at the moment(well at least not now). Now as mentioned I have upgraded to iReboot 1.1.1 and I see that the issue has disappeared for both the partitions (Partition A and B). I have booted around 5x on both partitions, even coming from a cold boot and there is no issue. While the issue is solved, I'd like some explanation as to why is this happening in OA ver6 and iReboot ver1.0.x. Now to test I blocked iReboot in the firewall and removed it from the "Exclusions" and rebooted. There was no error of the same sort but I cannot even use iReboot now. I cannot even right-click the icon to select what partition I would like to boot to. The icon is there but I cannot use the application. Checking 'Process Hacker ver2 > Network' there was no entry of iReboot. This is the pop-up that OA gave when it booted. In the "History" tab it says there, So I set in the Firewall, Status: Allowed ICMP: Blocked RAW : Blocked Program: iReboot.exe Program Name : iReboot Not Excluded: "C:\Program Files\NeoSmart Technologies\iReboot" Logged-off so OA will adopt the new rule. After I came from the log-off, I got a pop-up from OA asking me about iReboot as it blocked it. I clicked "Allow" (just 'Allow' and not 'Trust'). See image below. After I "allowed" it, I got a second pop-up from OA warning me of iReboot wanting to remotely control another process. I clicked "Remember my decision > Allow". Afterwhich I checked via the right-click if iReboot will function. It will not and I still cannot use iReboot > right-click to select a partition to boot to. I tested again and changed the rule in the firewall to: Status: Allowed ICMP: Allowed RAW : Allowed Program: iReboot.exe Program Name : iReboot Excluded: "C:\Program Files\NeoSmart Technologies\iReboot" Afterwards rebooted. I got a pop-up about iReboot asking to 'Create a rule' about loopback. I answered, 'Create Rule > Allow'. Another pop-up came asking about "A program wants to run" C:\Program Files\NeoSmart Technologies\iReboot\bcdedit.exe on which I answered "Remember my decision > Allow" after that I logged-off so OA will adopt the rule. See images below. After coming off from the log-off I checked and I can now use iReboot. See image below. So in order for iReboot to run properly the firewall rule has to be: (Rule 1) or, (Rule 2) -- Question: If you exclude the folder "C:\Program Files\NeoSmart Technologies\iReboot" in the Exclusions tab, why does OA still block iReboot processes...? Ain't it suppose to be that the whole folder and everything in it get's automatically allowed? In iReboot ver1.0.x exclusions were in place for "C:\Program Files\NeoSmart Technologies\iReboot" but still there was an error of bcdedit.exe. When I upgraded iReboot to ver1.1.1 there was no error of the same kind. Exclusions for "C:\Program Files\NeoSmart Technologies\iReboot" were still in place and so as the rule set: NOTE: iRebootd.exe is not included (it maybe because "C:\Program Files\NeoSmart Technologies\iReboot" is excluded that there was no pop-up or any kind in reference to iRebootd.exe) So what is the best rule in OA for iReboot...? Also since you have to Allow > TCP Outbound for iReboot to run, how can it be controlled as to not call home or connec to any site other than local loopback IP 127.0.0.1...? I do appreciate the help and again please have patience on this long post. I really wanna make this one work well. And by the way there was no pop-up of any sort for EAM. Thanks.