stapp

Global Moderator
  • Content Count

    3302
  • Joined

  • Last visited

  • Days Won

    59

Posts posted by stapp


  1. 28 minutes ago, marko said:

     

    this issue isn't new stapp, it still happens with many of the other 'pages' where you click on a heading and a different heading gets underlined

    It never affected me much until now.


  2. 20 minutes ago, Frank H said:

    if you test this again with defender disabled eek will detect eicar.

    Realtime protection (like Windef, EAM etc) usually use mini filter drivers.

    EEK doesn't use a file system mini filter to do file I/O. It just opens a file. 
    And ANY file system mini filter gets to check out the file first.This is why Defender and other realtime protection always detect files first.

     

    Thanks for the explanation Frank.


  3. 8 minutes ago, Frank H said:

    2020.4 improvement is: if you try to uninstall EAM and you have set the administrator password, you will get  a dialog presented,  asking for the admin password.

    This prevents unauthorized uninstall by (local admin) users.

     

    Thanks.

    By the way, there is definitely something not right with the GUI as shown in my screenshot above. It's still doing it sometimes despite trying other areas of the settings.


  4. Win 10 1909  with all updates.

    Updated beta enabled 10048 to 10065 without issue.

    Did a malware scan and again Defender caught eicar first (debug logs and screenie attached) There is no trace of eicar on machine now even though I selected for Defender to allow it.2043100445_Annotation2020-03-27061011.jpg.d29f879040e76c08d7426508d3639ab4.jpg
    Download Image

    Can confirm that right-click delete now works on EEK folder using Win10 :thumbs:

    Downloaded and installed EEK again. I noticed in Forensics that it says ''detect pups has been changed to enabled'' It didn't ask me about that!!

     

    Logs.zip


  5. Win 10 1909 all updates.

    Autoupdated without issue.

    Noticed that whenever I choose Settings.... Permissions, it shows Updates as underlined in the GUI.

    It may correct itself perhaps after a reboot. Just looking around at the moment.

    What do you mean by 'Setting the Administrator password''? Do you mean that setting wasn't working as expected in some cases?

     

    Annotation 2020-03-27 044925.jpg
    Download Image


  6. 3 hours ago, Frank H said:

     

    ps. you sent logs.db3 instead of the debuglogs :P. i've replicated the issue, so we have the debuglogs now.

    Frank with EAM debug logs are easy to find C\Progdata\Emsi\logs

    With EEK I cannot find them even though I have debug logging enabled (selected always option)

    Tell me where they are please  (a tooltip on debug logging for EEK would be handy)

    There are none in C\EEK logs only logs.db3, and none in ProgData\Emsisoft, only updates.


  7. Using 10048 on Win 10 build 10083.720

    Okay. I installed EEK. I updated it and turned on beta updates and debug logs and updated again. Now using 10048 on Win 10 build. 

    I closed EEK.

    I did cmd as admin for query. Please see screenshots and logs attached.

    I still cannot uninstall via right-click delete.

    Did a malware scan and EEK caught eicar this time. This was with WD real time on. So perhaps there was a race last time and WD won.

    Why does Emsisoft allow the updates folder to stay on the machine when EEK is deleted?

     

     

    Annotation 2020-03-15 074414.jpg
    Download Image

    Annotation 2020-03-15 075008.jpg
    Download Image

    Logs.zip


  8. Win 10 1909

    Updated to new beta.. no issues with update.

    1.....Did a malware scan and something odd happened. EEK always catches my eicar.txt file in downloads. This time it didn't, instead during the EEK scan Windows Defender notified me and I told it to allow it (see screenshot).

    EEK scan then did not catch the eicar file in the scan. Does it pick up on Defender allowing it?

    2..... Why is there a Emsisoft folder in ProgramData? It is called Updates and has only BD definitions listed in there but both files are empty. It does not get deleted with the other things in C\EEK obviously.

    3.... When will I be able to use right-click delete on the C\EEK folder without being told it in in use? (I am using new beta 10048)

    I just tested the deletion and ended up having to use sc delete epp

    Logs of scan attached plus WD screenie.

     

     

      

    Annotation 2020-03-14 140552.jpg
    Download Image

    logs.zip


  9. 4 minutes ago, GT500 said:

    This happens when the EPP driver doesn't get unloaded. All you have to do is open a Command Prompt with admin rights, run the following command, and then reboot:

    sc delete epp

    Once you've run that command and rebooted the machine, the folder is deletable.

    That may be so but that should not happen.

    So...

    I did a scan and then tried to delete the clean install of 100032. No success.

    So I did a machine restart and tried again.. no success

    Here are 2 sets of logs covering both attempts.

     In my opinion this should not be happening and is a bug.

     

    Annotation 2020-03-05 065134.jpg
    Download Image

    Logs.zip Logs (2).zip


  10. I updated my 100025 version through the beta updates.. no problem.

    Did a malware scan with 100032... no problem.

    Thought I'd check out doing a clean install of 100032 to check license issue fix... problem

    C/EEK would not delete.

    First I had deleted shortcut to it from my desktop.

    Then went to C/EEK right-click delete. It got to a certain point and said it couldn't delete as it was still in use. 

    I did a restart of machine to 'unlock' it.

    It still wouldn't delete.

    So I ran Emsiclean and deleted EEK through it and did the requested restart of the machine.

    After restart C/EEK was still there. So I right-click deleted it again and this time it went.

    I shall install 100032 as a clean install now and report in another post.