Jump to content


  • Posts

  • Joined

Posts posted by qwerty

  1. Hello,

    I have a few questions regarding the current situation of Online Armor license keys.

    1) Can keys be used with any version of OA, or only the latest version? (If only the latest, how long after release, does an update become mandatory?)

    2) Is support given to Premium users of previous versions?

    3) Is there any way to upgrade/install the latest version of OA without losing the web filtering functionality?

    4) If not, is there any chance that you would release the Web Filter as a small, standalone utility? I think it might be very popular, considering that, as well as it's primary function of enhancing security, it also saves bandwidth and speeds webpage loading, with the bonus that it also blocks the most aggressive ads, and anything can be unblocked with a single click. There is no other software that provides that functionality. It works so well and is so intuitive and easy to use, that it would be a great advert for your company, and very popular, I'm sure.

    5) When purchasing a key, does it act like a rolling contract, with automatic renewal every year, or is manual renewal required?

    6) Why is a name and delivery address required for something that won't be delivered?

    Thank you.

  2. "how adobe flash works" .....Since when?

    Adobe Flash did not drop a temp file when it ran until version 11 (or was it 11.2 when they made that change?). If you were to install Flash 10, you wouldn't see notifications about that temp file in OA like you did (although using outdated versions of Adobe Flash is a security risk, and is not recommended).

    This is interesting.

    Anon - Are you going to follow this up at the Adobe forum? (You seem like you like to keep on top of things)

    If so, could you reply to this thread with what their answer/solution turns out to be, please? This must be affecting not only OA, but everyone using any program that works in a similar way.

  3. Hello qwerty,

    Please see PM.

    Thank you.

    With regard to the blocking events in the firewall logfile (I've found an old logfile relating to the old router, which seems to contain genuine events), does each event consist of a line stating the MAC addresses involved, followed by a line stating the IP addresses involved? (They often occur in blocks, so it can be hard to tell them apart.)

    Also, does the MAC address on the left, belong to the IP address on the left, the MAC address on the right, belong to the IP address on the right and the arrow indicate the direction (<- for incoming, -> for outgoing)? Finally, there doesn't seem to be any association with a program, why is that?

  4. Hello qwerty,

    Would unticking "Filter invalid MAC addresses" checkbox (at Options->Firewall) help you with this issue?

    Hello Andrew,

    Yes, I imagine that would function as a workaround, and I was looking for such an option myself. Your suggestion implies that there is such an option, but as this installation has lapsed to free, the option has been removed (though remaining active). Can I disable this via the config file(s)? I've also looked for them, but couldn't find any (e.g.) .ini files.

    Christian - I will e-mail you the file now.

  5. Having found the firewall log file, it contains numerous pieces of information that are somehow hidden when viewing the firewall log.

    OA seems to be blocking all data from/to the router on the basis "Blocked (fake MAC)".

    Looking through the 1 remaining log file from the previous router, this also contains several "Blocked (fake MAC)" entries, suggesting that it was working (blocking) correctly before, but has some trouble with the new router for some reason.

  6. Hello,

    I've just replaced a DSL modem router and everything is working perfectly, except for when the desktop machine has OA firewall enabled.

    Somehow, and in some way, OA is blocking all traffic from the machine. The only way for the desktop machine to access the internet (or the router) is to disable OA's firewall. With the firewall enabled, the firewall log shows everything allowed and nothing blocked.

    Upon opening the OA UI, I can see under the "Interfaces" tab, the new network, however the description simply says "Discovering network. Wait, please ..." This never changes. I have tried toggling the "Trusted" option, to no avail. I've tried setting to "Trusted" and then reconnecting. I've tried using the "Reset list" option under the "Computers" tab. I've tried disabling "New networks discovery", in which case the description changes to the connection name, followed by the NIC model, but the connection is no more usable. The Firewall Status screen (for what it's worth) shows an "Active connection", and occasionally even shows 1 connection in the upper right graph, but nothing happens.

    Windows XP, SP3. OA v4.5.1.431 (I'm aware that a newer version is available).

    Have I failed to reconfigure something? How is the firewall blocking traffic without registering it?

  7. akm - I am also reluctant to upgrade to v5 due to the loss of the web filtering functions. Unless your situation is a freak occurance, I can only assume that when they stripped away most of the "Web Sites" section, they may also have changed the format of the Domains list, therefore deleting your "incorrectly formatted" list during the "upgrade". Either way, I agree that software updates should not destroy vast swathes of data that may have taken years to accumulate and fine tune.

    Getting to your database file question - I have just opened OA on this machine and deleted a number of domains from the list. The only file to change within the Online Armor directory, is the "server.dat" file (and the corresponding "server.dat.bak"), which reduced in size.

    Whether or not this file also contains other information (the copy on this machine is over 2MB), I have no idea. Also, whether it is simply a case of closing OA, pasting the preferred version of the file and then restarting the computer, or whether, as catprincess suggested, it is more complicated than that, I can only guess. However, if you have an old image (or the other machine) to copy from, it would appear that this is the most likely candidate.

  8. Blocking a program from starting is not the same as blocking it from starting automatically.

    Therefor, it's being blocked because it's blocked from starting, but the related autorun entry is still allowed.

    Yes, this can be confusing. I managed to work it out for myself, but my suggestion would be that the wording for Autoruns be changed to "Disabled" instead of "Blocked".

    If I block the program in Autoruns directly (having it allowed in the programs) , OA kills it SILENTLY without leaving a clue in the History Log. I thought might be in the future OA should add Autorun (block) actions too rather than only the change of preference.

    This is where the confusion comes in. I also believed the same thing, trujwin, however OA is not actually "killing" or even really "Blocking" the program at startup. Rather, when you choose to "Block" something from Autoruns, OA removes the information that tells Windows to run the program at startup. So, if you find the entry in the registry, then "Block" the autorun within OA, you will see that the registry entry disappears (and presumeably, OA backs up this information, in case you decide to put it back).

    So you see, once you have chosen to block an autorun in OA, Windows doesn't even attempt to load the program at startup and so OA has nothing to "Block" (or report in the History).

  9. There is a bug that can cause the settings of a previously allowed and trusted program to be forgotten after a period of time. This will be fixed for the next release. The fix is also already present in the 5.1 public beta, publically available now here http://support.emsis...51-public-beta/

    Even if it had "forgotten" the settings, it seems strange that the first time this program was detected, it was trusted by OA, but now when it is detected (like new), it is not trusted. This is inconsistent. It also seems odd that it would forget in the middle of a day, rather than after the date changed.

    Unfortunately, it doesn't appear to be something that can be beta tested, as it has taken months to suddenly happen. I suppose I will just have to install the newer version and hope that it never happens again.

    One other thing is that although I have allowed the graphics driver startup .exe, it's purpose seems to be to load another .exe, but this is now being blocked. If I check the advanced options for the startup program, everything is set to "Ask", but I am not being asked if it should be allowed to start another program. The action is simply blocked. How can I get to see the prompt?

    Thank you.

  10. This machine has had OA installed for a few months, but a few days ago, suddenly blocked two programs that run at startup.

    One is a program that was not only "Allowed", but I believe also "Trusted". The other is my graphics driver software (it places an icon in the systray that provides access to various settings and information).

    The History simply says that the "Program Guard" "Blocked" both programs after a restart, even though there had been a previous restart on the same day (and many more since installation of OA) without any problems.

    Neither of these programs has changed, so why would OA suddenly do this?

    OA v4.5.1.431, Windows XP SP3.

    Thank you.

  11. Hey, it's good to hear from someone else with the same experience. I wouldn't call it a thread hijack.

    Good eye; my History only has one "l" in oawatch.dl, but after I clicked "block" (with "create rule" checked) when the prompt came up, oawatch.dll (located in the OA program folder) turned up in the Programs tab with a rule to block it automatically. Not wanting to cripple my firewall, I changed "block" to "ask" in the rule, but it hasn't raised its head again.

    It seems that we are having a very similar experience, the difference being that I am not given the option to answer (that may be related to different settings, or the fact that you are using v5, while I am using v4.5).

    Oddly enough, when checking my History for this reply, I notice that it has done the same thing again today. "Program Guard: OAwatch.dl" and under Action it says "Blocked". The information pane is empty. It seems to have happened at startup. If I check my Programs list, there are 2 entries for OAwatch.dll (no OAwatch.dl), both with the same MD5. One is set to "Allowed", the other is set to "Ask" and both have a "First Detected" time identical to the "Blocked" History entry for today.

    What I really find disturbing about all this is that the OASIS database knows that OA has been blocking the file, and I'd think by now Emsisoft would have 1) identified a bug in its software that caused OA to stymie its own components, or 2) realized that there's a hack out there that specifically targets OA users. I'm assuming it's either a minor software bug or a hack, but Emsi doesn't seem to have addressed it.

    I agree.

    I was assuming that it was merely a bug, but now that you mention it, it is odd that this same bug would run through v4.5 and on into v5 without anybody (user, beta tester or developer) noticing it, and then having never occured in the previous few months that it was installed on this machine (I don't know how long on yours), that it would happen to occur on two completely unrelated machines within two days of each other.

    I don't use OASIS, but I've just followed your link. I notice it says that 11% blocked the file and 5% allowed it, but what about the other 84%? Also, when I searched for oawatch and oawatch.dll, your file didn't turn up, but there were two other files of the same name (but different file sizes) that were detected as malware.

  12. I can't make sense out of this one. Out of some quixtotic sense of honor, I'm moderating a bankrupt, spammer-infested web forum that hardly anyone goes to anymore. I have an unproven suspicion that this forum gave me a bug last year that forced me to reformat, so now I'm only visiting it using Chrome with plugins disabled. Still, when doing my spam check earlier today, I got a popup from OA urging me to block OAwatch.dll and identifying Chrome as the parent program or something to that effect (OA apparently doesn't log these details, so I can't check). Figuring that OA knows how to keep track of its own processes, I assumed it was an impostor and blocked it. Now, though, I look at the "Programs" section in OA and it claims to be blocking one of its own components. At least, the file is in the OA program folder and EAM's scanner doesn't think it's harmful. Am I crippling my firewall by stopping OAwatch, or am I rightfully subduing something dangerous?

    This is strange.

    After a few months of being installed, and never having done it before, on the 11th (2 days after you), I also had OA block OAwatch.dll.

    However, I understand this forum has a problem with "thread hijacking" and I don't want to muddy the waters. With that in mind, can I ask you to report back on a couple of things to confirm whether we are having exactly the same problem, or just similar? (If they're not identical I think it is forum policy that I start a new thread, but it might still be worth us keeping an eye on each other's threads.)

    If you look at your History section, does the entry say "OAwatch.dll" or "OAwatch.dl", also, is there anything in the lower, "information" pane (such as file location), or is it completely blank? Finally, if you find OAwatch.dll in the "Programs" section, is it's status "Allowed" or "Blocked"?

    Thank you and good luck in finding some answers.

  13. I don't know how you are reinstating the registry entry, but if you are using regedit to do this, you wouldn't get an alert because it's a trusted program.

    Im not really sure why you're telling me this. I never said that I was expecting an alert about Regedit or any other trusted progam. Maybe you misunderstood.

    As it happens, I simply reinstated the startup entry by exporting the registry key and then, once OA had deleted it, I merged the exported data back into the registry. However, I imagine it wouldn't make any difference how it was done, such as your idea of manually re-entering the data with Regedit (or another registry editor), or indeed, if the program itself re-created the startup entry (as is probably the case in trujwin's experience).

    In any case though, if you think you have found a general issue with autorun's not being blocked when they should be, please start a separate thread and detail the exact steps to reproduce it.

    Is this directed at me, or trujwin? Surely, that is the topic of this thread, why would I create a duplicate thread with the same topic? In any case, I'll add my method here and if you (or anyone else) are sure you want me to copy it into a new thread, I will do so.

    1) Right-click any Autorun and choose "Jump to" to find it's startup entry in the registry.

    2) Export the registry key containing the data for the particular Autorun (Right-click, Export).

    3) Right-click the same Autorun (within OA) and choose "Block" then "Yes".

    4) (Optional) Within Regedit, press F5 to Refresh the view and verify that the startup entry has been removed.

    5) Double-click the exported .reg file and choose "Yes" to merge the data back into the registry.

    6) Restart the computer.

    7) Observe that the program has been run at startup (as per the registry setting), meaning that OA has failed to block it's startup.

    8) (Optional) Open the OA GUI. Check "Autoruns" section to confirm that OA still believes the item to be "Blocked". Check the "History" section and see that there is no entry mentioning the Autorun (e.g. Autorun reinstated, etc.)

    This is with OA v4.5.1.431 and Windows XP SP3.

    Thanks for the report.

    I'll check this.

    Best regards,


    Thank you Andrew/Andrey(?).

    If you need any more information, don't hesitate to ask.

  14. i use them; to be simple:

    EAM = Antivirus + Behavior Blocker (Mamutu)

    OA = Firewall + HIPS

    OA++ = Antivirus + Firewall + HIPS

    EAM + OA = Antivirus + Behavior Blocker + Firewall + HIPS

    That's useful information. It should probably be in the banner across the top of every page.

    as a result, it is better to buy EAM and OA rather than OA++

    That is only true if both "Antivirus" in the above quote are identical (or EAM is superior).

    Bascially OA premium + EAM = more protection for $10 less ;)

    If that's true, then why is there an OA++?

  15. REcently installed PC Suite 7.1.51 from Nokia. Though I allowed auto run of PC Suite at the time of installation , I tried to disable it from the Auto runs screen of Online Armor. But PC SUite is cocking a snook .It always appears at every restart , and online armor sincerely reports as blocked. Is it that PC Suite is getting on thru some other surrogates?

    Possibly PC Suite has registry entries in more than one location that allow it to autorun. OA could then be blocking the one that shows up in Autoruns, but the program still starts due to another registry entry (which could be in a location such as the startup folder, that OA doesn't monitor due to it not being a malware target).

    I agree with trujwin. Surely, if Oa doesn't monitor it because it's not "a malware target", then that will make it a malware target. If I was a "malware creator" (is there a word for it?), then I would look at the places that are monitored by security software, and put my startup entry somewhere else.

    I have untrusted it.Still PCSuite manages to autorun. Even if PCSuite attempts to autostart , I think either OA should stop that or give a alert that PCSuite will run despite it being blocked in the OA list.

    This could be an example of some malware too. I am not bothered about PCSuite. What I am trying to say is some program is able to OVERRIDE OA's preferences. :o

    This does seem to be a problem. I've just done some quick testing and found that OA actually deletes the registry entry (it must back it up, so that you can "Allow" it again in future). However, it is possible to reinstate the registry entry without OA realising.

    Now I'll admit, I haven't tried restarting, or anything like that (this machine is ridiculously slow) and maybe OA only checks once per hour, or on shutdown, but at least for several minutes, OA has displayed to me that an Autorun is "Blocked" (i.e. deleted), when in fact, the registry entry has been re-created.

    I might try again tomorrow with some restarts, if I remember, but I wouldn't be surprised if catprincess beat me to it. ;)

  16. I have just had an "Unknown BITS job" popup, which I blocked. When I went to have another look at it in the History, it isn't there. It makes no difference whether I show all or hide kernel events.

    I also had some Autorun popups earlier (I believe I allowed them all, but I may have blocked one), none of which have shown up in the history section.

    The history is still updating, but these entries aren't appearing.

    OA, Win XP SP3.

    Thank you.

  17. Well, there are no updates (security or non security related) for versions prior to the latest release version. I guess you could say there is "limited support", in that basic questions about usage of the program can be answered.

    I understand that there will be no updates (v5 is the update), but is this a usage question, or do you think it's a bug?

    Keys will work with any version.

    Thank you.

  18. I'm not sure that it matters now, but I can also confirm that for the action of getting a list of files, the link within the History section to the program in the Programs list does not work. Although the mouse cursor does change to indicate a clickable link, when the link is clicked, nothing at all happens.

  19. Microsoft sites may possibly be hardcoded to be overridden to avoid users accidently blocking Windows updates. However, even if something isn't working as intended, since old versions don't receive bug fixes or updates and development of the version you are are using has ceased with the release of v5, there is really nothing that could be done about it unfortunately.

    So, there is no support for any version prior to the absolute latest version?

    If I buy a key, will it work with v4.5 or will I need to upgrade to v5?

  20. If it's centrally trusted, probably. If I recall, there's a setting to "Ignore OA Websites list" on the Websites - > Options tab in 4.5 which makes OA ignore the centrally trusted list.

    Right, now with "Ignore OA web sites list" selected (so every site should be treated as Unknown), ie.microsoft.com and microsoft.com set as "Not trusted", temp files deleted and machine restarted, the webpage still loads the same.

  • Create New...