cutting_edgetech

Tester
  • Content Count

    53
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by cutting_edgetech

  1. Does Emsisoft internet security scan HTTP traffic for malware, or does it just block known bad domains?
  2. I noticed that rundll32 says "NO" for the monitored status in the BB process list. Rundll32.exe is used often by malware so why is it not being monitored? Is this a bug? Should it be monitored? I'm using the latest stable build of Emsisfot Antimalware on Windows 7X64 Ultimate.
  3. I always got more prompts from the BB than Online Armor. Things could have changed since then, but Online Armor rarely ever prompts me for anything so why would I want to change.
  4. I also like the status window a lot. No other firewall I know of offers one that informs the user what country an IP is originating from in real time.
  5. Online Armor should not overwhelm the user with prompts. If the user chooses to block the threat when they are first prompted they probably will not receive anymore prompts. OA usually has remember action checked by default. If they do then it should not be many. The user will only continue to get prompts if the user continues to allow the infection to proceed. So if the user makes a mistake, and chooses to allow the infection they will probably still have the opportunity to block the infection from doing additional harm. This all depends on the design of the malware though. I think the only prompts I have received from Online Armor all week was when Adobe flash updated. Online Armor rarely ever even prompts me when installing Microsoft's monthly updates. I didn't receive a single prompt when installing Microsoft's updates this month. Online Armor's whitelisting works extremely well so it eliminates the user from having to respond to most prompts for harmless actions. UAC will prompt you a lot more than OA will.
  6. I have seen OA easily block CryptoLocker. It alerted me to every little thing CryptoLocker attempted to do. I have not tested OA against any of the others since I don't have a test machine available now.
  7. Actually there is not always a patch for vulnerable software so keeping your software up to date does not guarantee you are safe from exploits. Exploits can go unknown for some time before being patched. Even when an exploit is discovered it is not usually patched right away. Sometimes an exploit is not patched for months after being discovered.
  8. I want to install the latest stable build of EIS, and give it a trail run. Has the network blocking when receiving a prompt been fixed?
  9. Did you already go to Control Panel\Network and Internet\Network Connections, right click on your Network adapter and untick File and printer sharing for Microsoft Networks like in the screenshot below? If you didn't then untick it, and click ok. Then reboot. Then try turning off File, and printer sharing from Control Panel\Network and Internet\Network and Sharing Center\Advanced sharing settings. Let me know if that works. I've had the same issue you are having now. My file, and printer sharing are currently disabled with Windows FW disabled.
  10. I did not know OA was compatible with Windows 8.1. It only list compatibility with Windows 8 here. http://www.emsisoft.com/en/software/oa/
  11. I did not even know Adobe reader, and flash had a sandbox. I will look into the possibility of setting up some SRP rules like you suggested. Thanks.
  12. Could this be why I keep having to delete over 5,000 dns logs per week from OA's log folder? If I download anything using Tixati torrent client then OA begins creating dns log files one after the other.
  13. Ok, thank you! I will. Is controling remote code, and remote data modification an effective means for mitigating many exploits? Will this technique do anything to stop exploits that only attack the memory, and do not use a payload? Also, will Adobe reader, and Adobe Flash need remote code, and remote data modification in order to update? I was thinking maybe I will have to give them this permission on-demand when they are updating. Thank you so much for your help!
  14. I was trying to compare OA's memory protection to that of AppGuards at the time I opened this thread. There are a few members at Wilders that are saying all HIPS offer the same memory protection that AppGuard does. I now know that OA's memory protection is different than that of AG's. You did make a very good point though in answering my question. Those applications should not be accessing the physical memory at all. Web facing apps are the most likely to be used by exploits to gain access to the physical memory. Web facing apps should not be allowed physical memory access, but OA was allowing most of them physical memory access with it's default settings. I changed the settings for all of them to notify me if they attempt physical memory access. Thank you for your help!
  15. Well, developers don't always code with security in mind. I know you know that as good as anyone. Firefox does read the memory of explorer.exe, and I thought maybe OA would alert me when applications attempt to read/write to the memory of other applications. So are you saying that the memory guard works for 64bit machines? Can the HIPS memory component keep applications from reading, and writing to the memory of other applications? So far it appears that OA memory guard does not do this. When would the memory guard component alert me to possible malicious behavior? It would probably be easiest if you gave me a few examples when memory guard would alert me to a violation of the memory guard policy. I read the link you gave me. So basically you want me to understand that reading, and writing to the memory of other applications is a completely different concept than reading the physical memory?
  16. I'm using Windows 7X64 Ultimate, and I configured OA's physical Memory access HIPS component to prompt me when ever a web application attempts physical memory access. I did this for Firefox, Opera, IE, java, Adobe reader, Adobe Flash, Windows Media Player, VLC Player, Jitsi Messenger, etc.. It has been 2 days now, and OA has never prompted me for any action to do with physical memory access. Does OA physical memory access component work for 64bit machines? Also, are there any other OA HIPS components that do not work on 64bit machines? I read the link you posted. So reading the physical memory is not the same as applications reading, and writing to the memory of other applications? I still need some examples of when OA memory guard would alert me to possible malicious behavior to clear on exactly what OA memory guard can do. I read the page you linked, and it leads me to believe that OA does not prevent applications from reading/writing to the memory of other applications. I just want to make sure that is what you are telling me.
  17. I was on Wilders Security Forum last night when all of a sudden Online Armor prompted me asking if I wanted to allow Cmd.exe to launch bcdedit.exe. I was not familiar with bcdedit so I Googled it, and discovered bcdedit is the primary tool for editing the boot configuration. I was not installing anything at the time, and the only web page I was on was Wilders. The only other web application I was using at the time was Tixati, but I was not downloading anything executable. I had already downloaded the latest Windows updates the day before this occurred. I decided to block bcdedit.exe from launching because I did not know why any application would be silently trying to change my boot configuration. I did a scan with Hitman Pro, and Malwarebytes. I did not find anything. I also have NOD 32 installed. Is this harmless, or more likely a threat?
  18. Sorry for the late reply! I've been gone for the weekend. Yes, it will be a shame if OA is abandoned, but it is not looking good. They have not been responding to Online Armor support request on the forum for a few months now. OA is the only Emsisoft product I use. Emsisoft said they would start working on OA again when they get the bugs sorted out of their latest product line of EIS, and EAM. I guess we will have to wait, and see. I have turned in several bug reports for OA over the past few months, and none of them have been responded to. My time is precious also. I hope I did not waste my time submitting bug reports.
  19. Did anyone ever pm you about this, or anything? I hope you are not being ignored.
  20. I'm not sure what you mean by tool chain. Do you mean the Compiler, and IDE? Edited 05/30/14 @ 15:35: Disregard, I was not familiar with the terminology tool chain so I googled it. It looks like I was correct in assuming it refers to basically any development tools used to create an application which would be a Compiler, IDE, etc.. I'm obviously not a coder. I do hope Emsisoft decides to continue OA development, and upgrade parts of OA like the firewall, add support for ASLR, DEP, etc.. I've been using OA since 2003, and I don't want to switch to something else.