pallino

Member
  • Content count

    278
  • Joined

  • Last visited

  • Days Won

    1

pallino last won the day on February 5

pallino had the most liked content!

Community Reputation

3 Neutral

About pallino

  • Rank
    Forum Regular
  • Birthday

Profile Information

  • Gender

System Information

  • Operating System
    Windows 10
  • Anti-Virus Software
    Emsisoft IS 12
  • Other Security Software
    Zemana AM, Norton power eraser, hitmanpro
  1. I didn't, it was a fresh image, but it's not important now since time passed. Thank you anyway.
  2. Fabian, In the case above BB checked for the reputation since when I disconnected from internet and checked the protection tab BB showed the bad reputation. BB didn't block it as the malware was still in memory. Emsi firewall alerted and outbound connectios were blocked. Why did BB check but not block the file? It seems something went wrong, or? Thank you
  3. I'm happy you liked the idea. 😊 In general, why check for reputation if then nothing is done with it? In the case above, why did BB check in "background"for reputation and after getting the bad reputation didn't do anything with it, alert nor block the malware? I hope you also discuss internally to allow BB to block Malware whenever a bad reputation is found. 😉
  4. Fabian, Arthur, Thank you! Since in this case the sample was in memory, BB under protection tab showed it looked for its reputation and it was bad, why didn't it alert me and block it? Normally I see a window where Emsisoft tells me a suspicious activity was detected and Emsi is checking the cloud. This time nothing popped up...Did BB miss it? Last question...When Emsi firewall alerts the user about outbound connectios on unusual ports and the user chooses to block all connections, why doesn't the BB also ask the user if it wants to quarantine/kill the process? Can you add this rule to help user kill/quarantine bad processes? Btw, the file Emsi BB let in memory even with bad reputation is https://www.hybrid-analysis.com/sample/adcbe27a828b0e47b43153ac66252b15466afa75dd83208d63a60f6849c6ce90?environmentId=100
  5. Fabian, Arthur, -When does BB monitor a file? What triggers the BB monitoring? What happens when BB monitors a file vs when it doesn't? If it doesn't and the file does something bad BB won't detect it if it is not monitoring it? - when in the BB log we see that a rule was added for a program that is running in memory, what does this mean? Will BB still monitor it or alert if something suspicious happens because of the program? Today I saw a malware that was in memory, no CPU usage... I disconnected the PC from internet, then I checked BB protection tab..The file had a bad reputation, so BB checked already before I opened the tab. Apparently BB checks for reputation on the cloud not only when the user checks the BB protection tab, is this correct? Since it knew the file was bad, I really don't understand why you want to keep it in memory and on the HD. I really hope you will change this. Thank you
  6. Hello Arthur, Thank you
  7. Hello Arthur, Can you please check the question above? Thank you
  8. What does it mean when BB in protection tab classifies a program as with" bad reputation " but online, on isthisfilesafe the file is unknown? How is this possible? Just to be sure Emsi anti-malware network=isthisfilesafe = list of programs already scanned by Emsi with special algorithms to detect if malicious +user database of most used action after being alerted by BB? File reputation= determined according to Emsi anti-malware network=isthisfilesafe? Thank you
  9. Good new then...I think if the scan was triggered and a bad reputation was detected, the malware should be quarantined. I really think nobody would like to have a (active or not) malware in memory....no matter if just not doing any monitored bad stuff or not.
  10. Why do you need the screen open? Even if the screen needs to be open, since the user triggered a reputation scan by opening the bb protection tab: -the screen might still be open or you could keep it open till the reputation check is done (and informing the user about this) - the user got suspicious and wanted to check for the file and expects Emsisoft to take the best action, alert + quarantine the malware. Since the work was already done and a malware is in memory I think most of Emsi user would like an easy automated action from Emsisoft, alert window that informs file was quarantined because it is malware. Keeping something malicious in memory is kind of just playing with fire...
  11. Thank you, I learned something new. If users check BB protection tab, it triggers a reputation check (great feature, but few people know it). Now, if the reputation is bad, why don't you quarantine the malware? .. Because it is still not doing bad (enough) things?...Why wait?
  12. I didn't trigger any reputation check at all. I just saw BB didn't alert nor quarantine and saw under BB protection tab it was monitoring them and for 2 it was checking for reputation in that exact moment. Then I checked online to see what the cloud said. So again, since BB checked already and alone for reputation and it was bad, why keep a malware in memory? 2- it's confusing now: when should BB quarantine a malware? Only after a bad enough action or also after checking for reputation and getting a bad reputation for the file?
  13. I didn't ask to check for all files. This time I provided 5 link of files that triggered a BB reputation check. The reputation was bad and on isthisfilesafe.com it stated all 5 were not trusted and infected. All were active in memory for more than 1 hour, 40+ CPU usage. No alerts from BB; it monitored the files but didn't alert nor block them. Because of this I asked to check why BB didn't block them since bad and malicious. Again, it doesn't make any sense to keep known malware in memory, even less after you checked your cloud and know they are bad/infected.
  14. Fabian, Why does your BB check the reputation of a file with your cloud (so the hash is generated anyway), find out it has a bad reputation (is not trusted/is infected on your cloud) and doesn't do anything with it? It does not make any sense: - the work was already done (hash, CPU usage, upload of hash, reputation scan etc ) -Why keep a malware in memory??? In all these cases the BB checked for the reputation on its own!
  15. I completely agree. I also don't see "savings" in internet usage since BB/Emsi in all 5 cases above already connected to the cloud and verified the files...CPU, Emsi and Internet were already used I don't understand why after this check, when a file is marked as bad/infected on the cloud BB cannot immediately quarantine the files. Keeping something malicious that wants to do bad things in memory does not make any sense.