Jump to content

David Biggar

Emsisoft Employee
  • Posts

    195
  • Joined

  • Days Won

    10

Everything posted by David Biggar

  1. Hello Scott! When you enter filenames in the whitelist text file, are you adding just the filename, or the full path to the file? The latter is needed. Folder names should have a trailing backslash ( \ ), and it seems like you're probably already doing that if they're working. If that doesn't get it going for you, please show me a 3-4 line snippet, obfuscated, of the whitelist file you're trying to use so we can take a look.
  2. Handling this via email, will post back with results, here.
  3. Yes, that should be correct. I've only had feedback from a few people saying the issue is fixed, and we've ceased being able to recreate it ourselves. I haven't had feedback yet saying that it doesn't work, but I'd like more "it works" feedback, for sure.
  4. Hi neneduty, we actually appear to have fixed it in the latest update, 2018.5.0.8686. Libor got back to me that the beta worked - shortly after that we released it in the stable feed. Feel free to run them both, and please let us know if you run into trouble with it!
  5. There is a fix that is working in our testing. It has now been released into beta. For those who wish to try it, here are instructions: After booting, install or re-activate Emsisoft Anti-Malware as needed depending on your machine's current state. Do not reboot again until step 5 or it will almost certainly hang. Click Settings in the top row, Updates in the second row. Change the drop-down menu from Stable update feed to Beta update feed. Press the Update now button. The update must complete. Afterward, verify the version by opening Emsisoft Anti-Malware and clicking the "EMSISOFT" logo in the upper left. It should be 2018.5.0.8668. Reboot the computer when it's finished updating to test, only if the version number is verified to match the Beta version listed above. Please switch back to the stable version when the fix is released stable, even if the beta works. Beta releases are just that, beta, and may be unstable in some cases. You may learn more about when releases come out, here: https://blog.emsisoft.com/en/category/emsisoft-news/ (See the column on the right side of the page). Note that the stable release with Comodo fixes should be mentioned as usual in the updates blog, when it is ready. Here is the beta release note: https://blog.emsisoft.com/en/31323/emsisoft-anti-malware-2018-5-beta/ I would appreciate feedback about whether it works for you or not, either here or via email to [email protected] Thanks!
  6. Hello marko! Just to explain, by "closed and reopened" I was referring to "it just crashed and then restarted itself". That isn't apparent to me in the debug logs as to why, or that it even happened. The logs appear uninterrupted to me. However, as GT500 mentioned, I'm not one of the developers, but rather trying to determine what caused the issue before they get to it. Unfortunately all that just means that we'll need to wait on them.
  7. You're welcome. I'll be looking for your ticket myself, shortly.
  8. Yes, exactly so. Delayed should not be changed until after the Comodo issue is taken care of.
  9. Hello maniac2003, there isn't a known issue I can think of that would result in guards being turned off. I think I'd treat it as a possible intrusion and review RDP and other methods of ingress before anything else, just in case. It's common to disable antivirus/antimalware after 'hacking' into a server. On the off chance it is, I'd like to ask that you email [email protected] and mention this topic, so we can continue there. No sense publicly announcing things as we progress, again, just in case. The certificate in question is one that is generated by Emsisoft Enterprise Console and used to authenticate the client -> console connection. Are all clients that are still listed as disconnected displaying the same certificate error?
  10. Cavalary, it's just a matter of topic. In the Comodo topic, discussing Comodo makes sense. Spreading the discussion across multiple topics makes it harder for visitors to get information, as search results will come up with unrelated topics. Incidentally, I may be posting something there fairly soon. I'm going to lock this thread for now, since there's really nothing for me to add to the original question, and I've clarified that our focus wasn't on compatibility, but rather it was a nice side-effect of other changes.
  11. andone, good points, but that was and is not our main focus, being rather a side-benefit of the new infrastructure. It was a good moment to point out the improvement! Cavalary, as you know, the issue with Comodo is known and is being worked on. It of course isn't possible to test with everything, popular or not, and if our internal and beta testing don't show any issues, we move forward. Sometimes things (like this) get past testing. We don't like it either, and try to fix it. Changes that positively affect several things can also negatively affect a few others. That happened this time, unnoticed until the stable releases - referring both to the AV-C scores and Comodo incompatibility.
  12. Hello RodPaulo! Over the last three months, we gradually rolled out new infrastructure for our behavior blocker as part of the monthly feature updates. We decided to introduce this new tech gradually as to avoid headaches when switching everything at once. In addition, just the infrastructure on its own had major benefits like fixing several long-standing compatibility issues with products like Kaspersky, Avast, AVG and some other products, that rendered systems unusable as no process could be started on systems running both EAM and their product in real-time. The rollout itself was pretty smooth and we didn't see anything unusual in our telemetry or continuous daily testing either. However, it turned out that there was a rare race condition with certain malware obfuscators that caused some 32-bit processes to not be monitored correctly on Windows 10 64-bit systems. AV-C did report the issue to us as part of their normal report at the end of March and we fixed and released it as an update during the 2018.3 lifecycle very shortly after, but by then we already had racked up a couple of misses in the April test period as well. You may also be interested in the AV-C business test series factsheet they just published, available here: https://www.av-comparatives.org/wp-content/uploads/2018/05/avc_biz_2018_03_factsheet_en.pdf
  13. MalcolmSm1th: There aren't issues with third party firewalls in general; there's an issue specifically with Comodo Firewall. While I have a little information on what specifically is causing the hang, I don't have enough information to say anything yet. As far as I am aware, Comodo Firewall is the only third party firewall that has an issue running alongside Emsisoft Anti-Malware right now. Please email [email protected] about TheBetEngine though. I'd like to gather details about any conflict with TheBetEngine on your machine so we can get that cleared up. This is the first I've heard of it or any issue with it. For anyone else stumbling by, this thread is specific to the Comodo Firewall issue, which is serious enough to cause hangs on boot. Any other issues, incompatibilities, false detections etc. please contact support so we can look into them.
  14. Libor, It wasn't funny to begin with, and still isn't. I haven't had any updates other than it's being worked on currently, I don't have any working workarounds (as I tried to do earlier), and I don't have information on when it will be done. When we have something ready to test, I'll mention it here, and of course when the fix it out in stable I will as well.
  15. A fix for this issue is in beta right now, and a stable release fixing the problem should follow it shortly.
  16. Sorry for the slow reply, fabrix. We think we have the information we need to find and hopefully fix this Comodo conflict. I don't have any more information than that, other than it is being worked on right now. When we have something, I'll post it here first.
  17. Door Knob, This is a simplification, but delayed is the most stable of the last month's releases. While 2018.3.x is current, 2018.2.x's most stable version will be delayed. Again, this is a simplification and it's not guaranteed to follow that scheme at all. Yes, delayed uses current signatures, but may be missing features, even those that protect the computer better in some cases. Yes, it is current signatures in a slightly older program version. Back to the Comodo Firewall issue: On my test computer, I'm using stable, currently 2018.3.1.8572 on Windows 7 x64. I just put in a few Windows updates. I also updated Comodo Firewall. As of this moment, the problem isn't happening to me with no exclusions set up anywhere, and both programs running with everything enabled that would be by default with the Comodo installation options I chose, mentioned earlier. I have full logging enabled though, even beyond just turning on debug logging in-program. Hopefully I'll catch something. Note though that several changes were made in the latest stable, and one of those may have had an affect.
  18. Libor, endevite, Of course it is! I don't have new information at this time, which is why I haven't posted about it. When I do, I will!
  19. BishBashBosh, Have you yet contacted [email protected]? I thought you had, but your post seems to indicate it does not. As I've mentioned before, I will not be posting these fixes on the forums, so people don't end up trying to fix something as sensitive as the affected location, when there's potentially nothing wrong. That could have seriously bad repercussions. If there is something wrong, contact us and we'll help directly. If you are in a no-boot situation, please contact [email protected] and I'll be quite happy to help. The fix, especially if you're savvy, should take less than ten minutes per machine, give or take.
  20. Leks: If you have a Windows 7 or Windows Server 2008 R2 machine (which uses Windows 7 codebase), and it's an HP, and it's running or has installed HP's drive protection (accelerometer, free fall protection) software, please email [email protected] and let us know. If that particular HP software does not exist on your machine, or it isn't an HP, or it isn't Windows 7 codebase, the problem should not exist. There have so far been no reports of any version of Windows, other than those, having the issue. Two of the affecting HP programs are named "HP 3D Drive Guard" and "HP ProtectSmart Hard Drive Protection". That is not to say that with those installed on a Windows 7 codebase machine the issue WILL happen. I will not give further details or help about that in this forum topic since it will derail the original topic (that I'm still working on), plus we need to handle these individually in some cases. Depending on how the machine was treated after affected, IF affected, what we need to do for that particular machine might change a bit. To keep this topic on-task for those having trouble with Emsisoft Anti-Malware and Comodo Firewall, please understand that I'll clean up further posts not related to that issue. I'm still very willing to communicate and have more details - just send in an email. This is only for housekeeping and staying on-task for this forum topic.
  21. 'Delayed' is not an automatic promotion of older versions. We only pick those that have exhibited better stability. For a real firewall management system, you might think about evaluating one of the Windows Firewall front-ends. Windows Firewall is actually pretty good, albeit 'interesting' to manage. A lot more products use it as their back-end than I ever thought, until I looked into it. And yes, I hope this gets worked out soon too. Now that we've figured out and dealt with the issue specific to HP accelerometer (hard drive freefall protection) software, there might be more resources available.
  22. bmunoz: Please email [email protected] That issue is not related to this thread at all, which is specific to a Comodo Firewall conflict. The issue you're having might be a known one that is not related in function or symptoms to this particular one. When you email, please let me know the brand of the machines they're using. If this is what I think it is, it's actually pretty easy to fix for an experienced tech, not so much for others. endevite/Libor: I wish it was as simple as reviewing changes. That's a great idea in theory, but given how complex the systems are, and I'm not just talking about our program here, but our program and all of the things it could possibly interact with, it's not quite that easy. We do know roughly where to start of course, but that doesn't mean that's where the issue will be found. I'm not giving up on testing/trying.
  23. BishBashBosh: Please email [email protected] right away. That is a completely different problem, and we have a fix as of yesterday. If you've already emailed, I will get to your ticket as soon as possible. You can feel free to private message me (in the forums here) with your email address and I will look for it if you already have. Libor: I understood - it would seem much more likely to me that it is conflict related than timing related, but we'll see. Jeremy's issue is also (seemingly at least, we'll see) unrelated to the Comodo issue. I had thought context scan hangs were a thing of the past, and very short-lived, but apparently not. JeremyNicoll: Frank is actively working with you, correct? I don't want your issue to fall between the cracks! Ken1943: That is the basis of what I think is going on, in essence. Games often have anti-hacking protection, and sometimes think antivirus-capable monitoring software needs to be blocked, causing conflicts. I think that Comodo is not honoring whitelist entries fully and is still hanging when it touches our process, possibly due to how they or we perform monitoring. Just how to fix it, I don't know yet. Conjecture of course, based on how it's acting and past experiences. I wasn't able to do any testing yesterday due to another problem (that BishBashBosh ran into), but should be doing more today or tomorrow. When I have usable tests to perform, I'll mention them here first!
×
×
  • Create New...