Jump to content

Duncan Mac Leod

  • Posts

  • Joined

  • Last visited


1 Neutral

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

3010 profile views
  1. Is EMSIsoft aware about the new SysJoker threat? Does the engine scan for SysJoker? https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
  2. Ok, thank you, I'll give it a try. Didn't look at the parameters the last year(s) ūüėČ ! When I coded our Virus Check, there was no /am switch.
  3. Hi, we are using the CommandLine Scanner to detect Malware in Email-Message-Source-Format (RAW). Works with EICAR-Test-Virus and we often detect viruses in our mails (source) before they are received by our backend-servers. I must admit, we did not go into further debugging as it works with EICAR and we usually catch some viruses from time to time. But today we noticed that an attached Word-Document (infected) passes the command-line scanner in Email-Message-Source-Format (RAW) with the attachment in MIME encoded and didn't get recognized by the command-line scanner. But as we put the Document from our Mail as File on Disk, it was recognized (File-Explorer Menu-Scan) as VB:Trojan.Agent.DLEJ (B). Strange! FYI: any Mail that is received by our servers is put to disk (file - raw mail source), then scanned by the command-line scanner and if it is OK (checking return code and output from the scanner), post-processing continues to our backend-servers. Unfortunately, our Admin has deleted the Mail and the File on Disk, so we neither cannot provide you the file nor the mail - sorry! Are there any differences in scanning Mail-Source (MIME-Attachments)?
  4. Everything seems to work again. No more issues on 2012 R2 servers. Indeed there is a connection between AV scanner in file explorer (right mouse click on file -> scan) and the Command Line Scanner. Tested first in file explorer, no more hangs. Then we used the Command Line Scanner, no problems so far. Thank you for fixing (whatever you did ;-) !). P.S.: I DID NOT disable self-protection.
  5. We had the same problem with a Win 2K8 R2 server. I 've read in another posting on this forum that reset to default settings will solve the problem. We did not test this, but we did a complete uninstall (cleaned also all settings) and did install EMSIsoft again. No more crashes, no more errors. HTH
  6. Yes, all 2012 R2 Servers are 64-bit! Any ETA for the fix? Should we switch to Beta-Channel to get the fix asap?
  7. Sorry, memory dump not possible as our company has very strict policy for data security. I try to ask a friend of mine for a memory dump as he has exact the same issue on his 2012 R2 server. Oh, one more thing. My friend send me the file logs.db3 of his system and I am allowed to provide you with that data. If you want it for debugging, please mail me at: ******** and I'll send it to you. We also found out that using AV scanner in file explorer (selected some files for scanning, right mouse click -> scan with EMSI) hangs EMSI completely (see our screenshot). This occured on our system and on my friend's system, so I am sure you can reproduce this behavior on every 2012 R2 server. I also assume that this error/behavior is connected to our command line scanner problem.
  8. I 've installed the EMSIsoft AV Software for Windows Server (a2cmd.exe is part of it). Downloaded LATEST Version yesterday from your Site to make a reinstall, after I could not fix the problem. After reinstall problems still exist. Parameters are: /f="<Filename>" /s /pup /a Please read my posting exactly. My application is running for YEARS without any problems. The problem occured yesterday for the very first time. A friend of mine who is also running EMSIsoft on a 2012 R2 server told me that he noticed the same 'HANG' of his service (completely different software, not my software) using the scanner. As I reported in my previous post, our two Win 2008 R2 server are not affected so far. These 'hangs' started yesterday before MS released their patches and after the patches the situation is still the same.
  9. I am using the Command Line Scanner within my Application scanning incoming files in a certain directory. My Application opens a DOS process in which we run the command line scanner, capturing the output and analysing the results (I wrote a little parser for the output). This worked for the last years without any problems. We use it on three servers, 2 of them are running Windows Server 2008 R2 and 1 server runs on Windows Server 2012 R2. Since yesterday the 2012 R2 server had problems running the command line scanner, the process hangs and did not finish. The other 2 servers on 2008 R2 are still running without any problems. I did a reinstall of EMSIsoft on the 2012 R2, the problem still exists. Are there any known problems on 2012 R2 using the Command Line Scanner?
  10. Hallo EMSIsoft, bitte um kurze Stellungnahme zu FinFisher - erkennt eure AV dies? In der CHIP (http://www.chip.de/news/Nach-CCleaner-Hack-Verseuchte-Versionen-von-WhatsApp-VLC-und-Skype_123962083.html) wird nämlich behauptet, dass ESET dies könnte. Zitat aus dem o.g. Artikel: "Die betroffenen infizierten Dateien von VLC & Co. wurden aber unter anderem auch in Deutschland gesichtet. ESET will die Spionage-Software mit seinem Free Online Scanner entdecken und entfernen können."
  11. Hallo EMSIsoft, kurze Frage: heisst das konkrekt, dass der normale AV eine Firewallintegration (der Windows-Firewall) bekommt, oder betrifft dies nur die EIS version? Möchte nämlich nicht, dass sich unser AV an der Firewall zu schaffen macht!
  12. Thank you! Using the new BETA fixed the problem - any news on the release date?
  13. Running Windows 10 workstations (members of an AD-Domain) with EMSIsoft freezes Workstations after User Logoff. Even local User Accounts (i.e. local Administrator, or some other local User) are affected, not only Domain Users. Tested it with 3 different AD Domains(!!)/Networks. As soon as we disable all EMSIsoft components, the logoffs are working again with no freeze. Is there anything special/different during the logoff event if EMSIsoft is enabled? As I said, it only happens on Win10 stations, which are Domain-Members (every account, local AND domain accounts). Please help!
  • Create New...