Jorg

Member
  • Content Count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jorg

  • Rank
    Member
  1. Hi Thomas, sadly the learning mode did not do anything different, and I have included the log file with loop back turned off. Once again, I can't see anything useful in there. I have also run a debug log session, but I can't understand the debug file at all, it does not seem to be an ascii file. I am going to PM it to you after I send this message.
  2. Hi Thomas, sorry for the slight delay in getting back to you. I did 2 logging sessions, first without "Additional debug info" and then with it. I am no log expert, but I could not see anything in there showing me that the helper agent is trying access a port and is then rejected. I believe that because I get the error irrespective of whether I use VC++ or not in order to start the helper, it is solely a helper problem. I also use Chrome as my default browser, but the Helper agent does not look to me as though it uses Chrome to display the help that it interfaces too, but is uses HlpViewer.exe, at least that is the program I see in task manager when I see the help. So on my system when I press F1 in VC++ to activate the context sensitive help, HelpLibAgent is started if it is not already running and then HlpViewer displays the help information. And while OA is running, I can't convince HelpLibAgent to run as it displays an error box and then shuts down after I acknowledge it. Anyway, here is the log file. I hope it helps, but I can't see anything in there. The .73 ip address is the machine with OA and VC++, the other local ip addresses are valid machine ip's on my local network. I checked them out. Jorg. P.S. I just pressed Attach This File twice, but there is still a message that says 0bytes of your 250MB used. Not sure if it only counts in MB and the file is tiny, so either you end up with none, because it did not work, or I ended up passing 2 to you.
  3. Just to confirm it is not just port 47873, I changed the port to 47888 via the registry key setting as described in the readme file, the same error occurred and once I shut down OA, it instantly worked and is using 47888, so unless OA uses both 47873 and 47888 internally, there is no conflict.
  4. Hi Thomas, I am running Online Armor Premium 5.1.1.1395 on a Win 7 64-bit system with all the current updates applied to it. I also run Anti-Malware 6.0.0.49. I believe both are the current products. I am using Visual C++ 2010 which has the option of viewing help files online or local help files. If I set the option for online, there is no problem. It fires up Chrome and displays the help online. I prefer the local help though, so I set the help system for local help files. Thus when I activate the help by pressing F1, VC++ tries to launch a program called HelpLibAgent.exe which is part of the Microsoft supplied Help Viewer V1.0. This local help does not use a browser, it is a custom written Microsoft program to navigate through locally installed help files from Microsoft. When HelpLibAgent.exe starts, it throws a popup error window stating : The Help Agent is not be able to attach and use the requested port due to incorrect security settings. To correct the http.sys ACL settings it is necessary to run the following http.sys configurtion command from an admin elevated command line. netsh http add urlacl url=http"//127.0.0.1"[port]/help/ sddl=D:(A;;GX;;;WD) Then when I click on OK (the only option I have), the popup disappears and the program exits. If I try to run the program manually, ie. go to its directory and fire it up without using Visual C++, exactly the same thing happens. Thus this has nothing to do with Visual Studio. The HelpLibAgent program refuses to start, irrespective of how it is invoked. Firing up the HlpViewer.exe program has the same result. It tries to start HelpLibAgent and produces the error. I tried using several other ports as suggested in the Help System Readme.zip file you included in your response (just in case 47873 was used, but there was no change to the problem. The same error message each time. As part of the error testing I even temporarily allowed all ports to be allowed to access all programs for input and output on both TCP and UDP in the OA Firewall settings. Again no difference. The only way I can get the HelpLibAgent to start is by shutting down OA. Then it fires up without any problem at all, if OA is not running. Once it is running, I can start OA again, and as long as the HelpLibAgent runs in the background, I can invoke local help from VC++ by pressing F1. If I shut down the HelpLibAgent, I am back in the same boat as before. This makes me believe that there is no conflict with port 47873, unless just per chance, OA uses that port for internal purposes and thus has it locked and no other program can use it. I hope this helps. I guess I can could send you the HelpLibAgent to see if you have the same problem if you can't advise me on what could be the problem.
  5. Hi there, when I press F1 in Visual studio to get context sensitive help, it tries to start a process called HelpLibAgent.exe to handle the help request. From what I can gather, it passes these help requests via http on 127.0.0.1:47873 to the help agent which then displays the relevant help topic. The problem is that Online Armor is blocking this communication attempt. I have added the HelpLibAgent.exe into the firewall rules, even allowing in and out traffic on all ports. I have tried to allow all traffic on 47873 to any program to be passed through. Nothing has helped. There are no blocking messages in the History. If I shut down Online Armor, there is no problem with pressing F1 and getting help, and once the Help Library Agent is up and running, I can restart Online Armor and provided I do not shut down the agent, help works as expected and the communication on 127.0.0.1:47873 continues. If I close down the agent, I am back where I started. Is there anybody out there who uses Visual Studio with local help and Online Armor and can get the help to work?
  6. I used to use Kaspersky with OA, but I found they did not work well together under Windows 7 64-bit. They work great under XP 32-bit. So I changed from Kaspersky to Emsisoft Anti-Malware which seems to be working great with OA.
  7. I have a dual boot setup with XP and Win 7 on the same PC. Do I need 1 or 2 licenses for that?
  8. Actually, OA is a Rootkit, its just one you manually installed and want running to protect the rest of your system
  9. I run OA and Malwarebytes on Win 7 64 bit and they seem to happily co-exist without having any exclusions set up. I am a bit worried that if Malwarebytes was compromised, having it as an OA exclusion, I would not get an OA warning that it has been modified, so I have no exclusions set up and it all seems to run really well. So far.
  10. The easiest way to downgrade back to version 4.0 is to uninstall version 4.5.1.431 and then to install version 4.0. I have gone back to previous versions a number of times in the past, and that method works great.
  11. Thanks again Martin. I am downloading EAM as I am typing this and will give it a go. I guess I have 30 days to work out if I am satisfied, and I have a system image that I can restore to from a CD boot if all goes wrong
  12. Hi Martin, I must admit that some of my fear is based on not knowing how these new products work, and what they consider a new program. If a website downloaded some unwanted java, would the downloaded code be scanned once it was tried to be executed (by EAM or OA++), or would the fact that the java runtime has not changed and has been trusted allow any web based scripts to be happily run without further scanning? The same question would arise from word macros. Once MS Word has been scanned as safe, could a nasty .doc document wreak havoc because the actual executable has not changed? It is those things that cause me to worry a little bit, as KAV had intercepted malicious code on web pages in the past where I had inadvertently followed an interesting link to the wrong place and had appeared to have been rescued from a fate worse than death by KAV's vigilance. I can't recall if that code was java, js or activeX, but it was trapped before it was executed by a trusted process like Chrome. I am still curious if EAM offers anything on top of OA++ that would warrant having EAM + OA rather than just OA++, or if I am better off with OA++ and Sandboxie. Actually, the other fear is that when I search the web for "antivirus comparisons" or "antivirus top 10", I have never ever seen anyone compare EAM against any of the other popular names. Maybe that is because I don't look for german language sites, but it gives the impression that EAM is not a well known product on the global market. I had always imagined that large companies have 10 000+ virus technicians sitting at the computers around the clock investigating all the code snippets sent to them to identify and defeat new viruses and send out hourly updates whereas the smaller companies have 2 guys going through a backlog of potential viruses dating back to the early 90's. Well, maybe not quite that bad, but having a large staff actively identifying and defeating new threats has to be more timely than a small staffed company. So do the AV companies share the virus signatures so that they don't all have to identify the same virus or are small companies at a serious disadvantage when it comes to protecting their customers from new threats? As my highest priority is a great firewall, and having found nothing that comes even close to OA, it is definitely the product that stays, the only question is what is going to replace KAV as they don't seem to happily work together on my Windows 7 64 bit.
  13. Thanks Lynx for the excellent reply. What you explained makes perfect sense. The only question that is still left unanswered is do I need EAM for this functionality, or does OA++ do the same thing, as it contains the same engine? Please bear in mind I already have an OA license, thus my decision is to buy EAM in addition to my existing license or to upgrade the OA to OA++. Thanks for your help
  14. I have a question that I think fits in here, rather than starting a new thread. Is there any advantage in getting Emisoft Anti-Malware to complement OA rather than just getting OA++? I just spent several hours reading through the Anti-Malware Tutorial and through the OA++ Antivirus section and I am not sure if I would be better off getting Anti-Malware as a standalone product with OA. I couldn't find any mention of Anti-Malware scanning email attachments as they are downloaded or scanning web traffic to see if it contains something nasty trying to reach your browser. Any info would be great.
  15. Hi Martin, I always have the intercept loopback interface turned on (which I had mentioned in my initial post), because otherwise it doesn't even work on 32 bit. And I could not delete any created rules, because OA never created any rules, because it was 100% oblivious to half my programs ever making internet connections. Even when I manually inserted rules to block a whole range of .exe files, none of the rules were ever applied because OA did not notice those programs making internet connections. As I have never heard of Ikarus or Emisoft prior to their acquisition of OA, I don't have any gut feel if their products are on par with the big name players like KAV, etc. I have been a KAV customer for a long time and was always happy with it, so I never really needed to look around for a change. If the OA++ solution is as secure in preventing viruses from being downloaded from compromised Internet sites as the other big players, I will have no problem changing over to OA++ from my OA license.