Jump to content


  • Posts

  • Joined

  • Days Won


Posts posted by Petrovic

  1. AVLab: protection test against ransomware threats
    In the category for home users, these applications received the highest award:
    Emsisoft Internet Security 11 
    Emsisoft Internet Security 12
    In the category for small and medium businesses, these applications received the highest award:
    Emsisoft Anti-Malware for endpoints
    Congrats Emsisoft team! 
    I wish you success in you work!


    • Upvote 1
  2. Last month, developer Emsisoft rolled out the ninth edition of its premium anti-malware application called Emsisoft Anti-Malware. Version 9 brings a redesigned interface, improved malware detection ratio and speed, minimum resources consumption, optimization for Windows 8/8.1, and other general improvements. 

    NOTE: Emsisoft Anti-Malware 9.0 was tested on 64-bit Windows 8.1 Pro. 

    License, price, installation 

    The trial version can be tested for 30 days without any feature restrictions. Once it expires, users may purchase the full package for $19.97 / €19.97 (one-year license, including VAT), which is lower compared to the previous version ($39.95 / €39.95).

    The whole installation process may take some time to finish. Apart from the setup itself, Emsisoft also downloads the latest virus signatures to keep the database up-to-date. In addition, it is possible to enable PUPs detection (Potentially Unwanted Programs, such as toolbars, adware and search providers). Toward the end of the setup, it is possible to run an initial scan to establish the PC's current security status. 

    Not mentioned in the installer is that Emsisoft automatically integrates an entry in the Windows Explorer context menu to quickly scan files, folders and drives (can be later disabled).

    New interface 

    As promised, the application has completely redefined its interface. It seems that the flat UI dominates the world of antivirus software (and not only) in terms of look, since most popular av developers have implemented it into their products, and Emsisoft makes no exception. It is more colorful now compared to the previous edition and seems lighter overall. 

    The Overview section shows a summary on the latest update and provides quick access to the three layers of protection, scan modes, quarantine and logs. 

    Get an overview and run a scan
    Moreover, the app creates an icon in the system tray area to quickly bring up the main panel. It gets sent there on close, a feature shared with many av products. By opening the tray icon's context menu, users may disable any protection component or all of them, switch to game mode to prevent notifications from popping up when working with other programs in full screen, turn off or pause real-time protection (for 10 or 60 minutes, or until reboot), configure application and host rules, run a scan, and check for updates. 

    Three levels of real-time protection 

    Emsisoft maintains its previously implemented three layers of protection against threats in real time. For those unfamiliarized with the concept, Surf Protection blocks access to infected or suspicious websites which are otherwise likely to harm the computer, File Guard runs on a dual-engine (Emsisoft's and Bitdefender's) to automatically scan all new and modified files (including USB devices) for malware, while Behavior Blocker detects new threats based on their behavioral pattern and assistance via cloud. Any of these three components may be deactivated at any time. 

    Surf Protection comes packed with a predefined list of malware-prone hosts to automatically block, while new host names or IP addresses may be added to the list. The av tool can be set to block malware hosts, phishing hosts and privacy risks on access silently or show notifications after, prompt the user for action, or grant access. 

    Configure the Surf Protection and File Guard
    The scanner sensitivity level of the File Guard may be adjusted to fast (scan programs at startup), balanced (scan files when modified) or thorough (scan files when accessed). When detecting malware or PUPs, the tool can show alerts and let the user take action or automatically send the files to the quarantine (silently or with notifications). As previously mentioned, the PUP scanner may be deactivated. 

    By default, the File Guard scans only files with specific extensions. Emsisoft integrates several ready formats and enables users to add new ones, as well as to scan all files with any formats instead. It automatically protects the computer even when the user is logged off, but this option may be disabled. Additionally, handpicked files may be excluded from the scanner for the File Guard and Behavior Blocker. Email notifications may be sent as soon as malware is detected (via SMTP authentication). 

    Since the Behavior Blocker relies on cloud assistance to detect the latest malware, it studies the actions taken by the community to decide whether to allow or to block files. Users may raise or lower the default percentage of the total users required in the decision making (default is 90%), disable the "allow" or "block" decisions, or just disable the community-based analysis. Activating paranoid mode will show extra activity, which is not necessarily malicious but at least suspicious. 

    Configure the Behavior Blocker and application rules
    Furthermore, users may disable any type of monitored behavior, such as backdoors, spyware, hijackers, worms, keyloggers, Trojans, rootkits, and Hosts modifications. Any applications may be blocked or monitored while allowing or blocking specific activities, such as the ones previously mentioned. 

    Scanning modes 

    Emsisoft keeps the same four scanning methods as in the previous edition, namely quick, full, smart and custom. "Quick" looks only into active processes, "full" takes the entire computer for a spin, "smart" checks only typical hiding places for malware, while "custom" lets users personalize scanning settings. 

    For all four scanner types it is possible to select the number of processors, threats and scan thread priority level, disable advanced caching, create a list of files, folders and apps to skip, as well as view reports only or quarantine detected objects when the scanner finishes (plus, the PC can be set to immediately turn off afterwards). 

    Select a scan type, configure custom scan settings
    Apart from pointing out the exact drives and folders to verify in custom mode, users may disable the scan of active rootkits, memory, malware traces (in the registry or non-executable files), PUPs, compressed archives (ZIP, RAR, CAB, not encrypted), and NTFS alternate data streams. It is also possible to use direct disk access (slower, recommended when scanning for rootkits only), as well as to look only for specific file extensions, or all of them except those mentioned in the list. 

    Quarantine and logs 

    The Quarantine shows the full path for each contained file, along with the alert type, risk level and date of submission. More information on the alert type may be examined online in Emsisoft's database by clicking its entry in the list. It is possible to create copies of files before eliminating them, re-scan the files, restore them to their original location, sent them to the Emsisoft labs for closer inspection, and add new files. The Quarantine list may be exported to a text document. 

    Manage the quarantine and examine logs
    The av utility records the activity of each component to logs: surf protection, file guard, behavior blocker, scan, quarantine and updates. It displays process IDs, full paths, times and dates, actions taken, detection types, scan methods, and so on. The text document of each scan may be consulted to find out in-depth information. Any these lists can be saved to text files. 


    As far as program settings are concerned, users may disable the real-time protection at startup, self protection (prevents any attempts to modify Emsisoft's installation and configuration files), captcha protection at software shutdown (prevent malware from turning off Emsisoft), memory usage optimization (deactivation is recommended when encountering performance issues), Explorer integration, and logging. 

    Configure general settings
    Settings for all areas or just specific ones (general software, application rules, host rules, permissions, whitelist) may be exported to file and imported at a later time or on another computer running Emsisoft Anti-Malware. The UI language can be changed, while the automatic quarantine re-scan may be disabled or switched to manual mode. All settings may be restored to their factory values. 

    Schedule scans and manage permissions for non-admin users
    Scans may be scheduled to run once, regularly and in silent mode. The update scheduler can be configured as well, while notifications can be disabled for news updates, restart and application restart. Last but not least, administrators may customize permissions for the other PC users in terms of execution (e.g. view main window, shut down protection), protection (e.g. enable and disable File Guard or Behavior Blocker) and configuration (e.g. quarantine or delete detected objects), as well as password-protect Emsisoft Anti-Malware. 

    Evaluating virus detection ratio and scan speed

    We put the av utility to the test on an Intel Core i5-3470 with CPU @3.20GHz and 12GB RAM, running Windows 8.1 Pro, in order to rate the virus detection ratio and scanning speed. 

    8,502 virus samples spread across 2.36GB were used in custom scan mode (the same database used for Norman Malware Cleaner and Dr. Web CureIt!). In order to speed it up, we customized the scanner by disabling checkups for PUPs, rootkits, malware traces, active malware, archives, and NTFS alternate data streams.

    Emsisoft finished the scan job in 20 minutes and 23 seconds, identifying 8,475 infected files. The removal procedure took a longer time, however, and the app froze at some point, forcing us to restart Windows and re-scan the remaining files, so we could not evaluate the total scan time for file deletion. In the end, it managed to eliminate all detected files, leaving only 27 items behind. Thus, the virus detection ratio was roughly 99.68%.

    The real-time guard immediately popped up notifications to send the suspicious files to the quarantine (after we configured settings to take into account .vir-formatted files).

    CPU and RAM were minimally used, but the computer's responsiveness was significantly reduced (it worked smoothly when Emsisoft was not busy with scan jobs as well as when silently sending files to the quarantine on detection).

    The Good 

    Extensive product documentation is available, and helpful hints are spread across the interface. Multiple languages are supported.

    First-time users may apply the tool's default configuration to ensure protection against malware, while the experienced ones can customize each module's behavior mode.

    Scan tasks may be scheduled for times when the user leaves the workstation unattended. Administrators can password-protect Emsisoft as well as manage permissions for the other PC users.

    Since the real-time protection guard can be turned off, users may install another av product whose real-time shield they prefer and keep running Emsisoft Anti-Malware as a secondary line of defense against e-threats.

    The app showed almost perfect virus detection ratio during our evaluation. The real-time safeguard's response time was excellent.

    The Bad 

    The whole operating system froze while Emsisoft was deleting infected files after a scan job, forcing us to reboot the PC.

    The tool popped up errors at some point while its real-time guard was sending files to the quarantine. These eventually forced the av to shut down.

    Although the Surf Protection module was prompt in blocking URLs that we added to the blacklist, it did not detect infected websites otherwise.

    The Truth

    Although we have encountered some stability issues during our evaluation, users shouldn't feel discouraged, since they will most likely get fixed with future builds. According to our recent tests, Emsisoft Anti-Malware easily rivals with other big names in the av industry, thanks to excellent performance results.



  • Create New...