Nick

Member
  • Content Count

    394
  • Joined

  • Last visited

  • Days Won

    7

Posts posted by Nick


  1. << Keyloggers are programs designed to monitor and record everything that you type on your computer. Online Armor detects Keyloggers by how they act, assuring the greatest level of detection and ensuring that they cannot bypass the Online Armor Firewall.

    If an Unknown program is Allowed to run and begins to act like a Keylogger then Online Armor will Block the behavior and pop-up to ask you if you want to Allow it to proceed. As many programs use these same techniques for non-malicious reasons, such as "Hot Keys", you may see detections for legitimate software that does not actually record keystrokes. We do not recommend blocking behavior of software known to be legitmate and trustworthy, as doing so may cause unpredictable problems (...) >>

     

    [Online Armor Help: http://www.emsisoft.com/en/info/oa/Keyloggers.shtml]


  2. Random names means that you can't anticipate what the next file name will be, so you won't be able to add it to the Programs list as Trusted. In order to prevent HIPS softwares from displaying notifications about these executables, AVAST will have to redesign their software to not run executables out of temp folders with random names. ;)

     

    Yeah, you're right.

    For the moment, I think that the OP could try checking "Automatically trust programs signed with valid digital signatures" in OA, since the downloaded file is digitally signed - and/or enabling OA Learning Mode as previously suggested.


  3. Thanks, Arto,

     

    For your convenience, I've attached some notes I had taken in the past  from the Avast forum about the Emergency Update.

     

    What is avast! Emergency Update?
    A new feature -- allows us to push out critical product updates in case of some big issues where the main avast service is not able to start / crashing.
    Such situations, till this new version, meant the user had to reinstall avast as there was no way for us to fix such problems from remote.
    With this new mechanism, we can push out fixes even to such issues (...)

    ---

    (...) The "emergency update" is as simple as possible, it has nothing to do with the normal update process, it's not really an update. It basically only downloads a file from our server (if any is available - which is normally not the case).
    So if this "emergency scenario" occurred, we would have to prepare some fix - a program that would fix the avast! installation. This is just a way of distributing it without the need of user's intervention, nothing else (...)

     

     

    Basically it's quite unusual to see Avast! pushing out an emergency update through AvastEMUpdate.exe.

    The Emergency Update task is delayed for 2 minutes on system boot, it checks the servers for some fix and then it disappears (up until the next boot).

    In any case, the file you mentioned should be digitally signed as far as I can tell - Do you have  "Automatically trust programs signed with valid digital signatures" enabled in OA?

     

    You may want to try enabling Learning Mode (be sure that your system is free from malware, first) in OA and then reboot you system so that the Avast's exe file downloaded in C:\WINDOWS\Temp could do its things and then be automatically removed.

     

    Hope this could be helpful.


  4. Hello,

     

    When I try to remove foobar2000 v1.2.6 (it happened also with  v1.2.5) using "add / remove programs", the system  hangs/freezes for a few minutes and oasrv.exe CPU usage increases to 50% and remains that way.

    After several minutes, I got an error message from Windows saying the application couldn't be removed or it has already been removed. However, oasrv.exe CPU usage stays around 50% and it shows a message on the History tab:

     

    Created:      13/05/2013 12.24.25
    Summary:      Program Guard: kernel event
    Description:  OADriver: - 256 SignalAndWaitForAnswerEx - TIMEOUT. pid = 1732 tid = 612
    Event type:   Kernel event(26)
    Event action: None(1)
    Processes:

     

     

     

    The only way to make the system stable again is rebooting.

     

    An important thing to point out is that after receiving the error message from Windows, if I immediately try to remove any other application, many of them show the same behaviour and I got the same system freeze (e.g. IrfanView 4.35 / VLC 2.0.6).

    However, if I reboot and try to remove them again, no problem. Trying to remove foobar2000 is always impossible, though.

     

    Obviously if I turn OA off, no issue with foobar2000 (or any other application).

    As far as I know, this issue has started very recently.

     

    I've checked also my father's system (same OS/security software, different hardware) and the problem is also there.

     

    The only "new things" on my system are the brand-new verions of HostsMan & HostsServer, but turning  both completely off, makes no difference. I've also tried to clean install foobar2000, disabling Avast! or enabling OA Learning Mode to no avail.

     

    System Info:

    Win XP Pro SP3
    Avast! Free AV 8.0.1489
    Online Armor Free 6.0.0.1736
    *Avast!/OA mutually excluded
    HostsMan 4.0.95 (MVPS HOSTS + hpHosts "ad/tracking servers only")
    HostsServer 2.0.57
    Norton ConnectSafe aka Norton DNS v2


  5. The idea of having Banking Mode functioning is to protect my banking activities - isn't it? So why neutralise it and leave myself at risk?

     

    Exclusions are not permanent. If Banking Mode didn't work properly, you could always revert back deleting the exclusions and rebooting your system - this was the reason why I wrote "give it a try" in my previous post.

     

    Obviously, mine was just a simple suggestion.

     

    I wanted to also provide some useful info about your issues with Avast, since you wrote "I have posted on their forum to find out what the heck has gone on". That's all.

     

    Regards


  6.  

    I don't really want to exclude Avast in OA as I read in one post somewhere that Banking Mode doesn't work when that is done.

     

    Why not giving it a try and see what happens? If you have the latest version of Avast on your system, it's very easy to exclude also OA in Avast: simply add OA folder (including subfolders) to the Global Exclusions list of Avast (Setteings/Global Exclusions).

     

     

    So I went back to a system restore for 1st April, did a manual update of Signatures and  Rules and all seems to be well now with OA.

    However, the Avast Free anti-virus tells me that my trail period for Avast Pro has not been activated. That doesn't surprise me as I haven't activated the trial. I have posted on their forum to find out what the heck has gone on.

     

     

     

    This is a well known bug involving system restoring with the current version of Avast - it will be corrected in the next program release.

    A member of the Avast team in a recent thread suggested to remove Avast and install it again from scratch (clean install: http://www.avast.com/uninstall-utility) to solve the issue - Just in case, you may want to save your Avast preferences and also add Avast to the exclusion list of OA first.


  7. I did see mention of setting the Avast web shield to 'scan traffic from well known browser processes only'.  That works, but I don't know what protection I am loseing be setting that option.

     

    Thanks;

     

    I have not enabled that option. If you enable it, basically Avast will monitor HTTP traffic only for common browsers (e.g., Firefox, Internet Explorer, Chrome and perhaps Opera), ignoring  HTTP traffic generated by any other application, though.

    Obviuously the  File System Shield should still  take care of any possible malware that could find its way into your system...

     

    You might want to try asking also some other user on the Avast Support Forum - several people there use OA + Avast.

    Perhaps, someone else will confirm your issue and let the developers know,,,


  8. Are you suggesting I remove these entries from the exclusions?

     

    Absolutely not.

     

    Since you have Avast excluded in OA, I just wanted to suggest that you should try deleting all the Avast related items in OA's Autoruns, Programs and Firewall lists and then reboot your system.

    If Avast is fully excluded in OA, there's no reason for any possible related item to be present in Autoruns, Programs or Firewall lists, in my opinion.

     

    As far as I know, the issue you described doesn't affect OA + Avast (also according to the Avast forum).


  9. @Arto

     

    I have never seen this issue on my system. I have mutually excluded both programs.

     

    In your original post you wrote that "each program is excluded from being scanned by the other" but you also wrote that "there are only entries for Avast stuff" in the firewall log. I suspect that you might still have some items related to Avast in the Firewall program list and/or in the Programs list and/or in the Autoruns list of OA.

    You may want to try deleting those Avast's entries in OA and then reboot.

     

    System Information:
    Win XP Pro SP3
    Avast! Free AV 8.0.1483
    Online Armor Free 6.0.0.1736

    (Avast!/OA mutually excluded)

     


  10. @blues,

     

    I experienced the same, during the manual upgrade (via GUI) of one of the recent versions of FF - I don't remember which one exactly, but I'm sure it wasn'tt any of the 19.xx.

     

    For some reason, OA didn't trust the new components of FF automatically and asked me what to do during the upgrade process - actually 3 or 4  pop-ups. The same happened shortly after with Thunderbird as well.

    Perhaps it was just a temporary problem (server side related) with the online look-up (see the "Contact Anti-Malware Network in realtime" option in Programs/Options).

     

    Cheers,

    N.

     

    --------------------

    Win XP Pro SP3
    Avast! Free AV 8.0.1483
    Online Armor Free 6.0.0.1736