cutting_edgetech

Thank you for the info!

Does Emsisoft internet security scan HTTP traffic for malware, or does it just block known bad domains?

Ok, thank you! That sounds like a smart approach.

So the BB will still see how executables are using rundll32?

I noticed that rundll32 says "NO" for the monitored status in the BB process list. Rundll32.exe is used often by malware so why is it not being monitored? Is this a bug? Should it be monitored? I'm using the latest stable build of Emsisfot Antimalware on Windows 7X64 Ultimate.

I always got more prompts from the BB than Online Armor. Things could have changed since then, but Online Armor rarely ever prompts me for anything so why would I want to change.

I also like the status window a lot. No other firewall I know of offers one that informs the user what country an IP is originating from in real time.

Online Armor should not overwhelm the user with prompts. If the user chooses to block the threat when they are first prompted they probably will not receive anymore prompts. OA usually has remember action checked by default. If they do then it should not be many. The user will only continue to get prompts if the user continues to allow the infection to proceed. So if the user makes a mistake, and chooses to allow the infection they will probably still have the opportunity to block the infection from doing additional harm. This all depends on the design of the malware though. I think the only prompts I have received from Online Armor all week was when Adobe flash updated. Online Armor rarely ever even prompts me when installing Microsoft's monthly updates. I didn't receive a single prompt when installing Microsoft's updates this month. Online Armor's whitelisting works extremely well so it eliminates the user from having to respond to most prompts for harmless actions. UAC will prompt you a lot more than OA will.

I have seen OA easily block CryptoLocker. It alerted me to every little thing CryptoLocker attempted to do. I have not tested OA against any of the others since I don't have a test machine available now.

Actually there is not always a patch for vulnerable software so keeping your software up to date does not guarantee you are safe from exploits. Exploits can go unknown for some time before being patched. Even when an exploit is discovered it is not usually patched right away. Sometimes an exploit is not patched for months after being discovered.

I want to install the latest stable build of EIS, and give it a trail run. Has the network blocking when receiving a prompt been fixed?

Did you already go to Control Panel\Network and Internet\Network Connections, right click on your Network adapter and untick File and printer sharing for Microsoft Networks like in the screenshot below? If you didn't then untick it, and click ok. Then reboot. Then try turning off File, and printer sharing from Control Panel\Network and Internet\Network and Sharing Center\Advanced sharing settings. Let me know if that works. I've had the same issue you are having now. My file, and printer sharing are currently disabled with Windows FW disabled.

I did not know OA was compatible with Windows 8.1. It only list compatibility with Windows 8 here. http://www.emsisoft.com/en/software/oa/

I did not even know Adobe reader, and flash had a sandbox. I will look into the possibility of setting up some SRP rules like you suggested. Thanks.

Ok, thanks.