fluid

Member
  • Content Count

    15
  • Joined

  • Last visited

  • Days Won

    1

fluid last won the day on September 7 2015

fluid had the most liked content!

Community Reputation

2 Neutral

About fluid

  • Rank
    Member
  1. ​Ok this is a false positive. I have received reply from a second vendor on this today and they, along with the vendor who replied yesterday, both agree it is a false positive. This thread needs to be renamed to: "False positive, EAM needs update". If you will forgive me for being blunt, support needs more speed in the future. For a real infection, the support response here is way too slow IMO. If this were real and I a non-technical person, this would've been completely compromised computer(s) and the response time bordering on negligent. I'm not giving up on you yet. Privacy is important to me and you declare loudly that it matters to you too. Assuming you are stick to that, you continue to have my support. This is just constructive feedback. I will be keeping this thread though, to be fair (https://archive.is/7FdF0).
  2. Ok thank you! I'll take the time to run them when I get back tomorrow. Which VMs do I need to run them on. All of them? I've already destroyed the one that had the Media Center 17.exe. Any feedback on if it was a false positive or not?
  3. Are those tools different/better than EAM? I think EAM has a log, or do I disable EAM and run those tools instead? Thanks! Edit: Not that I don't want to run those tools but I don't know those tools and I do know EAM. Also, my primary concern is to determine if those are a false positive or not? Because I won't bother with disinfection, I will burn everything to the ground. All my critical files are on Linux based machines or VMs and what files Windows has are all entertainment related. I have config backups from before yesterday, so I have very little to no irreplaceable data at risk. Just the PIA of reinstalling Windows, installing apps, re-downloading media, Steam games and configuration for, mostly, HTPCs and gaming builds. So if infection is true, a full wipe of everything Windows would be the best way forward no matter what. ​
  4. Hi, I am up-to-date licensed to EAM. Yesterday, I was logged into my main Windows computer for a few hours and Firefox was open and I was doing occasional browsing. Suddenly EAM popus up and quarantines Firefox (mind you it was running at the time) and says Behavior.CryptoMalware, I submitted the exe inside EAM to you guys and added a note. Did a full system scan with both EAM and Malwarebytes anti-malware (also licensed) and both scans came up clean. I assumed it was a false alert, and reinstalled Firefox (from Mozilla as I did the old Firefox) and am using that Firefox install right now to post this. Today I have both Chrome and Firefox running (doing some stuff that doesn't work well on Firefox), again while Chrome is running, EAM popus up and quarantines Chrome and says Behavior.CryptoMalware. Now I am worried. So I do a full Antimalwarebytes and EAM scan of every Windows VM and machine I have. All comes up clean. Then I move on to my home server which has a Windows VM that I use for testing media stuff for my home entertainment setup (it runs EXSi as host). I haven't opened this VM in months. I install a trial of EAM and reboot the VM. As soon as it reboots, I get a EAM popup quarantining Media Center 17.exe as Behavior.CryptoMalware. That particular exe is many years old and has not been updated or networked in months but I guess it was set to open at boot in this VM. So now I am puzzled, how is this possible? Is this a false positive? I completely scan the VM with the trial of EAM and it comes up clean. I don't know what to think now? Do I spend the next 2 weeks scorch earth every Windows VM and host on my LAN? Or is this a false positive? I am attaching the 3 exes that EAM labeled as Behavior.CryptoMalware. Please can you check and let me know what my next 2 weeks is going to look like? Thank you very much! ​ ​ ​ ​ mal.zip
  5. Just wanted to say thanks! GT500 not only converted my license but added time to my license commiserate with the price difference between EIS and Anti-Malware. This is more than fair considering I was willing to eat the price differnce. Great support, hope EIS can catch up and I can come back to it one day!
  6. Thanks again GT500 and thanks for your direct answers! As feedback to the devs, I would say that this is logically flawed. If the rule is to explicitly allow all x.x.x.0/24 traffic and it is placed before the rule for processing any application rules, then there is no reason why EIS should ever ask about x.x.x.0/24 traffic. EIS should get to the rule that allows all x.x.x.0/24 traffic, see that it is allowed and stop that process thread. It should never even get to the rule to process per application rules and therefore there is no reason for it to ask if the traffic should be allowed, as it already knows the answer is yes. Yes, I have regretfully come to the same conclusion. Can I ask if there is a way to downgrade my license from EIS back to Anti-Malware? I still really like Anti-Malware. I will eat the difference in price, but I would like to go back to the Anti-Malware binaries. Thanks!
  7. Thanks again GT500! Yup thats the template I meant. Ouch ok. Ok. Can I ask, given your user account labels I assume you are offical support? There seems to be absoloutely nothing in the UI to aid in making rules in EIS, even the very basic stuff that other Windows desktop firewalls have had for a long time (copying rules, setting up presets, etc). I am wondering how do non-caual users handle this and is this a high priority area on the list for improvement? Thanks! I will await their confirmation. Ok so a bit of miscomunications here, my bad. I was avoiding posting up a screenshot, but its really the best way. So this is my firewall rules. I just added that "lopback" rule today as I was testing, otherwise these are the stock rules. So, this should mean that all LAN traffic (192.168.1.0/24) is allowed and processed before "Traffic handled by Application Rules (TCP/UDP)", right? If so then why, when an executable is connecting to a LAN IP in the 192.168.1.0/24 range, am I still being ask to allow or disallow the traffic? I understand that I set "Automatic rule settings" to "ask" but I have explicitly already allowed that traffic with the 2 rules of "Trusted Traffic (TCP/UDP)" and "Trusted Traffic (ICMP)", which are processed before applications rules are processed. So EIS should just allow the LAN traffic and the internal cycle should end there. Why is it then asking me to allow or block the traffic in a pop up? Is there a fix for this? Thanks again!!
  8. Well that would be ideal and please make that a feature request (Kaspersky, Comodo and Outpost all have this basic UI feature), but no actually. What I am referring to is what EIS itself calls a "template" such as "Email Server" or "Web Server" in incoming rules or "Email Client" or "FTP Client" in outgoing rules. In the UI, EIS calls these "templates". Where are these "templates" stored and how can I add my own? Great thanks! And thanks HazBeen! Ouch, copying is beyond basic UI, I hope this is coming? Without any other GUI way, I will take this. Do you have a link to more info on this method and what is the correct syntax? Ok thanks! So I have a follow up. In "Manage Network" in Firewall settings, I have set the SSID I am connected to as a "Private Network". EIS reports the IP as 192.168.1.220 and this LAN is a /24 subnet. So does that mean all traffic to JUST this subnet (e.g. 192.168.1.0/24) is considered Private and any other destination IPs outside of this range would be considered "Public"? A follow up to that is, so I have my rules such that the untouched inbuilt rules are ordered like this: "Windows Services (TCP)" for public networks is blocked and first. Followed by "Windows Services (UDP)" public and blocked, followed by "Trusted Traffic (TCP/UDP)" private and allowed, followed by "Trusted Traffic (ICMP)" Private and allowed, followed by "Traffic handled by Application Rules (TCP/UDP)". Then I have my "Automatic rules settings" set to "ask" for everything. My question is, this should mean that all LAN traffic (192.168.1.0/24) is allowed and processed before application rules are processed, right? If so then why, when an executable is connecting to a LAN IP in the 192.168.1.0/24 range, am I still being ask to allow or disallow the traffic? I understand that I set "Automatic rule settings" to "ask" but I have explicitly already allowed that traffic with the 2 rules of "Trusted Traffic (TCP/UDP)" and "Trusted Traffic (ICMP)", right? EIS should just allow that traffic and not ask me about it. Is there a fix for this? Because with the extremely limited rule making UI, its becoming a serious pain to make an allow LAN rule for every single windows executable and all the 3rd party apps. In fact, after having had to write over 30 of the exact same Allow LAN rule so far, I am starting to wonder what I am missing or how everyone is coping with this extremely repetitive activity. Thanks GT500 and HazBeen!
  9. New to EIS but been using desktop firewalls for a very long time. Just upgraded one of my Anti-Malware licenses to EIS as I need to get familiar with Windows 10 and EIS one of the few to support Win 10 right now. I have installed it and I have some fast questions: 1) In application rules, under custom rules there are 4 pre-set templates there. This is pretty weak but easy to fix as I can easily whip up a few dozen templates I will need as I set things up. However, I can't figure out how to create a template. Any instructions anyone can point me to? 2) Where would I put a simple list of IPs/domains I wish to block? Looks like surf protection is the best place, right? 3) Is there a way to copy/duplicate rules? I wish to apply the same 9 rules to 26 executables. Do I have to go and manually enter those 9 rules 26 times? 4) I assume rules are processed in order of top to bottom (ie top of the list is processed first)? So if I have a rule that says allow x.x.x.x.0/24 traffic and then a rule that blocks all traffic, EIS will allow all x.x.x.x.0/24 traffic but then block everything else? Thanks!
  10. Same has happened to me twice this week along with a host of other problems. I just uninstalled Anti malware and am downloading it to re-install. All my problems started earlier this week when Anti-malware asked me to reboot. Thought I'd check the forums to see if others were having problems, and it seems lots of problems and very little responses so far. I will try a re-install and open a ticked if problems persist. So far very unhappy with 9.0 after almost a year being very happy with 8.0.
  11. I've been using Anti-Malware for a while now and I love it. What I really need now is a firewall product for a WHS install. Does OA work on WHS 2011? By "work" I mean even if its not supported, its ok. Just that it functions and doesn't cause unworkaround-able issues on my home server. Thanks!
  12. Thanks for the reply! I see, so is there a way to keep host blocking enabled but exclude Firefox (eg exclude an individual app)? I like the host blocking, I just don't need it for Firefox and its a pain to enable every blocked host. Thanks!.
  13. Hi! I'm new to Esmisoft and I can't seem to find a way to exclude Firefox from the host blocking portion of the "Guard". I want traffic to be scanned for malware, but all the ad and tracker stuff I have plenty of that in Firefox itself via extentions and its annoying to constantly make accept rules for all the thousands of evil privacy stealing companies out there. How do I do this? Thanks!