Nick

Member
  • Content Count

    394
  • Joined

  • Last visited

  • Days Won

    7

Everything posted by Nick

  1. << Keyloggers are programs designed to monitor and record everything that you type on your computer. Online Armor detects Keyloggers by how they act, assuring the greatest level of detection and ensuring that they cannot bypass the Online Armor Firewall. If an Unknown program is Allowed to run and begins to act like a Keylogger then Online Armor will Block the behavior and pop-up to ask you if you want to Allow it to proceed. As many programs use these same techniques for non-malicious reasons, such as "Hot Keys", you may see detections for legitimate software that does not actually record keystrokes. We do not recommend blocking behavior of software known to be legitmate and trustworthy, as doing so may cause unpredictable problems (...) >> [Online Armor Help: http://www.emsisoft.com/en/info/oa/Keyloggers.shtml]
  2. Yeah, you're right. For the moment, I think that the OP could try checking "Automatically trust programs signed with valid digital signatures" in OA, since the downloaded file is digitally signed - and/or enabling OA Learning Mode as previously suggested.
  3. Yes, they are. However, they are rarely created.
  4. Thanks, Arto, For your convenience, I've attached some notes I had taken in the past from the Avast forum about the Emergency Update. What is avast! Emergency Update? A new feature -- allows us to push out critical product updates in case of some big issues where the main avast service is not able to start / crashing. Such situations, till this new version, meant the user had to reinstall avast as there was no way for us to fix such problems from remote. With this new mechanism, we can push out fixes even to such issues (...) --- (...) The "emergency update" is as simple as possible, it has nothing to do with the normal update process, it's not really an update. It basically only downloads a file from our server (if any is available - which is normally not the case). So if this "emergency scenario" occurred, we would have to prepare some fix - a program that would fix the avast! installation. This is just a way of distributing it without the need of user's intervention, nothing else (...) Basically it's quite unusual to see Avast! pushing out an emergency update through AvastEMUpdate.exe. The Emergency Update task is delayed for 2 minutes on system boot, it checks the servers for some fix and then it disappears (up until the next boot). In any case, the file you mentioned should be digitally signed as far as I can tell - Do you have "Automatically trust programs signed with valid digital signatures" enabled in OA? You may want to try enabling Learning Mode (be sure that your system is free from malware, first) in OA and then reboot you system so that the Avast's exe file downloaded in C:\WINDOWS\Temp could do its things and then be automatically removed. Hope this could be helpful.
  5. Hello Arto, Since I'm using Avast+OA (mutually excluded) on WinXP Pro just like you, may I ask you what kind of file Avast generates that is triggering OA's HIPS and in which folder Avast generates the file? I'm asking because I've never noticed this OA pop-up related to Avast - and also never heard of it on the Avast support forum. Thanks in advance
  6. Hello Peter, Ticking the checkbox will include also subfolders in the Exclusions. Both the main folder and all of its subfolders will not be monitored by Online Armor in any way, preventing pop-ups or restrictions of any kind by Online Armor for the programs within the specified folders (OA Web Help: http://www.emsisoft.com/en/info/oa/Options.shtml).
  7. OK thanks, Christian. I will try to wait for the stable release for the moment. Anyway, just in case I'd decide to try the beta, could you please confirm that the "Beta updates" option (in Options/General) must stay ticked even after the upgrade? As far as I remember disabling that option makes OA revert back to the latest stable version...
  8. Thanks, Christian. Honestly, I'm not comfortable with using a beta of OA (or any other "important" software). Could you please tell me what kind of uninstallers are affected by that issue? Is there a way to avoid it apart from turning off OA? Windows security updates/patches are affected somehow?
  9. Nope stapp. I checked it, there isn't anything. Check it yourself: EDIT: pic added.
  10. Hello, When I try to remove foobar2000 v1.2.6 (it happened also with v1.2.5) using "add / remove programs", the system hangs/freezes for a few minutes and oasrv.exe CPU usage increases to 50% and remains that way. After several minutes, I got an error message from Windows saying the application couldn't be removed or it has already been removed. However, oasrv.exe CPU usage stays around 50% and it shows a message on the History tab: Created: 13/05/2013 12.24.25 Summary: Program Guard: kernel event Description: OADriver: - 256 SignalAndWaitForAnswerEx - TIMEOUT. pid = 1732 tid = 612 Event type: Kernel event(26) Event action: None(1) Processes: The only way to make the system stable again is rebooting. An important thing to point out is that after receiving the error message from Windows, if I immediately try to remove any other application, many of them show the same behaviour and I got the same system freeze (e.g. IrfanView 4.35 / VLC 2.0.6). However, if I reboot and try to remove them again, no problem. Trying to remove foobar2000 is always impossible, though. Obviously if I turn OA off, no issue with foobar2000 (or any other application). As far as I know, this issue has started very recently. I've checked also my father's system (same OS/security software, different hardware) and the problem is also there. The only "new things" on my system are the brand-new verions of HostsMan & HostsServer, but turning both completely off, makes no difference. I've also tried to clean install foobar2000, disabling Avast! or enabling OA Learning Mode to no avail. System Info: Win XP Pro SP3 Avast! Free AV 8.0.1489 Online Armor Free 6.0.0.1736 *Avast!/OA mutually excluded HostsMan 4.0.95 (MVPS HOSTS + hpHosts "ad/tracking servers only") HostsServer 2.0.57 Norton ConnectSafe aka Norton DNS v2
  11. Exclusions are not permanent. If Banking Mode didn't work properly, you could always revert back deleting the exclusions and rebooting your system - this was the reason why I wrote "give it a try" in my previous post. Obviously, mine was just a simple suggestion. I wanted to also provide some useful info about your issues with Avast, since you wrote "I have posted on their forum to find out what the heck has gone on". That's all. Regards
  12. Why not giving it a try and see what happens? If you have the latest version of Avast on your system, it's very easy to exclude also OA in Avast: simply add OA folder (including subfolders) to the Global Exclusions list of Avast (Setteings/Global Exclusions). This is a well known bug involving system restoring with the current version of Avast - it will be corrected in the next program release. A member of the Avast team in a recent thread suggested to remove Avast and install it again from scratch (clean install: http://www.avast.com/uninstall-utility) to solve the issue - Just in case, you may want to save your Avast preferences and also add Avast to the exclusion list of OA first.
  13. You're welcome. Happy to hear that you solved the issue. No, I don't think so. However, I don't know the reason why it's not enabled by default. Perhaps, it's uncked just to avoid some pop-ups that may result a bit confusing for some users?...
  14. Yes, with an AV like Avast (which basically uses its own web proxy), the "intercept loopback interfaces" option should be enabled. Do you have VLC Media Player on your system? Try blocking it in Firewal/Programs (OA) then open VLC and go to Help/Check for Updates. OA should prevent it from looking for updates - and VLC should show you some error message.
  15. I have not enabled that option. If you enable it, basically Avast will monitor HTTP traffic only for common browsers (e.g., Firefox, Internet Explorer, Chrome and perhaps Opera), ignoring HTTP traffic generated by any other application, though. Obviuously the File System Shield should still take care of any possible malware that could find its way into your system... You might want to try asking also some other user on the Avast Support Forum - several people there use OA + Avast. Perhaps, someone else will confirm your issue and let the developers know,,,
  16. Absolutely not. Since you have Avast excluded in OA, I just wanted to suggest that you should try deleting all the Avast related items in OA's Autoruns, Programs and Firewall lists and then reboot your system. If Avast is fully excluded in OA, there's no reason for any possible related item to be present in Autoruns, Programs or Firewall lists, in my opinion. As far as I know, the issue you described doesn't affect OA + Avast (also according to the Avast forum).
  17. You can save the Firewall settings though - and you can import them once Online Armor is reinstalled. Go to Firewall/Programs List or Firewall/Ports, then right-click any item in the list to access the Export/Import options.
  18. @Arto I have never seen this issue on my system. I have mutually excluded both programs. In your original post you wrote that "each program is excluded from being scanned by the other" but you also wrote that "there are only entries for Avast stuff" in the firewall log. I suspect that you might still have some items related to Avast in the Firewall program list and/or in the Programs list and/or in the Autoruns list of OA. You may want to try deleting those Avast's entries in OA and then reboot. System Information: Win XP Pro SP3 Avast! Free AV 8.0.1483 Online Armor Free 6.0.0.1736 (Avast!/OA mutually excluded)
  19. ...and in all honesty, a very strong Firewall/HIPS like OA doesn't have to follow the Mozilla/Google upgrade schedule madness.
  20. @blues, I experienced the same, during the manual upgrade (via GUI) of one of the recent versions of FF - I don't remember which one exactly, but I'm sure it wasn'tt any of the 19.xx. For some reason, OA didn't trust the new components of FF automatically and asked me what to do during the upgrade process - actually 3 or 4 pop-ups. The same happened shortly after with Thunderbird as well. Perhaps it was just a temporary problem (server side related) with the online look-up (see the "Contact Anti-Malware Network in realtime" option in Programs/Options). Cheers, N. -------------------- Win XP Pro SP3 Avast! Free AV 8.0.1483 Online Armor Free 6.0.0.1736
  21. When OA encounters a new item that it cannot identify, it will pop-up. What happens when you choose to remember your decision? In your original post you mentioned that "Remember my decision" didn't work for Microsoft Office related entries. Is it properly workig now?
  22. You're welcome. Please, let us know if it worked for you.
  23. Hello Arnauld, You may want to try deleting those entries in OA's Program list (Office must be closed, first of all), rebooting your system and then running Microsoft Office. At this point you should allow and trust again any component related to Office. I had a similar issue in the past and I was able to solve it following these directions.