Jump to content

Durew

Member
  • Posts

    17
  • Joined

  • Last visited

  • Days Won

    2

Durew last won the day on April 22 2017

Durew had the most liked content!

Reputation

0 Neutral

Profile Information

  • Gender
    Not Telling
  1. Turning of EAM and then manually clearing the quarantine folder did the trick. Thanks @stapp and @JeremyNicoll for your help.
  2. Dear support, Lately I had some false positives on my machine. I send the files to be reviewed and reinstalled the software, this time being alert enough to tell EAM to not quarantine the files. I recieve word back that the files were indeed clean and everything seemed fine. Except that EAM asks me multiple times a day whether I want to put the files back. 'No' is not an option. I figured that if I emptied the quarantine EAM would stop offering it's suggestions. Then I found out that the 'delete' ('verwijder') button refused to activate and thus does not respond to my requests to remove the files from quarantine. This is after enabling admin-mode EAM. How can I remove the files from quarantine? System info: -Emsisoft anti-malware - version 2021.7.0.11059 - Windows 10 Pro, 64-bit -version 20H2 - build 19042.1052 - other security software: - OSArmor 1.4.3 - pumpernickel (entire emsisoft folder exempt from all restrictions) - memprotect (entire emsisoft folder exempt from all restriction) - malwarebytes windows firewall control 6.5.0.0 - anti-exploit via windows defender - does hard_configurator count? (no SRP) - some browser hardening stuff (for example Emsisoft browser security) step by step: -boot computer -log in as user or administrator (hasn't mattered so far) - open Emsisoft anti-malware - click on the square with the circle in it to open the quarantine view -click on a file in the quarantine view to select it - click on 'verwijderen'/'delete' - enter password to enter admin mode, click OK - click on the file again to select it. - furiously but fruitlessly click on 'verwijderen'/'delete'.
  3. Thanks for your answer.
  4. Hi all, Recently I've added memprotect from excubits to the security setup of my PC. I've added an exception to allow everything in the "C:\Program Files\Emsisoft Anti-Malware" to inject code into everything else, I don't know much about the innerworkings of EAM to I made the whitelist rule quite broad. For as far as I could test this would suffice, but for obvious reasons my testing was limited. Thus my first question: Does this white-list rule suffice or are more exceptions required? Or could I even reduce the whitelist to individual files (and if so, which ones)? In addition to what was mentioned in the introduction to memprotect (above) memprotect can also do the inverse: disallow programs in general to inject code into a specific program. Thus it is possible to disallow any program (from outside "C:\Program Files\Emsisoft Anti-Malware") from injecting into anything in "C:\Program Files\Emsisoft Anti-Malware". So I figured: maybe I could use this to (help) protect EAM from unwanted termination by malware. Would this have any added benefit? Kind regards, Durew
  5. Hi GT500, Thanks for the tips about the wildcards. Your colleagues however had their own suggestion it seems: EAM started an update today (required restart of EAM), it changed the build number to 2018.2.1.2.8483 and it resolved the issue. I'd like to say thanks to all those who assisted me, both seen and unseen. Regards, Durew
  6. I only directly excluded the program of the updater. I looked into excluding the file it downloaded and the containing folder. The updater creates a new folder in %temp% and stores the file in there. Excluding the entire temp folder seems unwise to me. As both the file name (includes version number) and the directory change name each time I update I can't set readily an exclusion for it. (I could take a look at using multiple wild cards though.) Regards, Durew
  7. Hi GT500, I excluded the updater (both types). BB still shows up and crashes. If there is any change it would be in how long it took (in time, not installer progress) to get the error or how much of the 'checking malware network' was readable before it disappeared. (Please note the the updater downloads the file that made EAM crash.) Regards, Durew
  8. I tried recreating the problem again as a reaction on JeremyNicolls posts. The good news is that Firefox, VLC, proces monitor and autoruns update (now?) without problems. (BB says hi on occasion but doesn't crash) The bad news, Libreoffice still crashes the BB. (The error report mentions this topic)
  9. That is the correct translation, for clarity I've edited this into my original post.
  10. Hi all, For quite sometime now I've encountered the same bug (and send the error report to Emsisoft many times ). So far no error reports seem to have helped over the versions. I use the portable apps platform to have some programs on my USB drive. URL to site below. https://portableapps.com/ One of the features is the ability to update the portable programs downloaded via the platform. Whenever I try to update a portableprogram (today libreoffice) the behavior blocker notices something suspicious ("Program tries to modify files in a suspicious way") and asks what to do. (quarantine, allow etc.). Sadly, EAM chrashes at that moment. the window with the four choices freezes and underneath a window opens with the request to please tell what you did so it can send an error report. (see screenshot attached) A while later the updater tries again and I could send error-reports to emsisoft all day if I would feel like it. When other programs, not related to portable appss, are intercepted by the BB everything works fine. So far the problem, now the additional information. Windows 10 Pro, Fall creators, 64-bit, build 16299.248 Emsisoft Anti-Malware 2018.2.02.08461 (The crash doesn't show up in the logs) The error report I send today refers to my username. Other software (never caused problems before, exceptions are set): Malwarebytes, tinywall, sandboxie (I ran unsandboxed), OSarmor (problem exsisted before OSarmor was installed as well as after), Ransomfree and winpatrol. (ignored browser extensions) An overview in the malwaretips thread below https://malwaretips.com/threads/the-set-up-of-durew.74163/ I hope this will lead to a fix, turning off EAM everytime i need to update is a pain. Regards, Durew EAM settings.zip
  11. Hi, I was wondering which executables of EAM need internet access. This for setting the firewall rules. (Tinywall) Regards, Durew
  12. But Emsisoft is on the list, via the bitdefender engine. According to a presentation (https://wikileaks.org/ciav7p1/cms/files/2014_EN_BreakingAVSoftware_JoxeanKoret.pdf) the bitdefender engine is both vulnerable and makes vendors who use it vulnerable. That the CIA found at least one of the vulnerabilities for Bitdefender puts EAM at risk.
×
×
  • Create New...