pallino

Member
  • Content Count

    309
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by pallino

  1. Last question. .:-) Isn't it possible to add a scan for all the content of the memory, indipendent if it's used by loaded files or not? if not, why? Thank you
  2. Thank you!...does surf ptotection use blacklist or also heuristic/BB?
  3. Thank you. Does it mean e.g a Bedep can stay undetected in memory or when will you detect it? Also a custom memory scan won't detect it?
  4. Of course, I m sure all this is all easily and quicly available on the internet. I lost a lot of time to find this out, e.g on Wilders where there is a long discussion about if filess infectiond are detected or not by some products...I saw many many people confused or with wrong ideas. I doubt many people knew and know that Emsi as other programs cannot, as you said, as of now detect in realtime filess infections. Anyway I know more now, I'm happy and safer and happy to think I could help other people to find many clear answers only on one page.. thanks
  5. I don t want to start a discussion about this but I don't agree if I didn't ask, I and others wouldn't know that Emai does not detect filess infections at all in realtime, that an anti-exploit is a must, that Emsi is used by many to add security to ather AV...etc...only with curiosity and questions/good answers you learn and improve. :-) Now I rest and relax. :-)
  6. Ok, so you mean you can detect it only if and when they try to infect the system (registry, files, i ject code ), coorect?
  7. Why should someone need/want to use Emsi with other AV? The day Emsi will have a anti-exploit users will have no reason to install other solutions....and if this will not allow to run Emsi alongside other AV, probably, even better...or? :-)
  8. Fabian, what do you mean? Can you please clarify? Thank you!
  9. Fabian, what did you mean before with filess infections " won't be detected properly "? When does Emsi detect them and when not? E.g, if a "new"/ unknown Bedep variant is dropped, will BB be able to detect it or can it only be detected through generic signature/ heuristic? Thank you for your help and clarification !
  10. Thank you Pete!I m still reading on Wilders, I have sooo many pages open it will take me some days to read them all! :-) I still didn't get to the part where I see your setup, on what page is it? Thank you! I ll keep the anti-exploit with Emsi to cover more entry points and "sleep well". :-) It s good to hear I m in good hands! :-)
  11. I just read angler exploit kit and about domain shadowing. Does the heuristic used by Emsi and Bitdefender protect from domain shadowing? https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396 Thank you
  12. ...similar since it was specific about file-less infections. I hoped BB would protect somehow from exploits. Are you thinking at adding some anti-exploit features in the future (alone or, maybe through acquisition/merge with others? :-) )?
  13. Hello Emsi Team, does Emsi offer a anti exploit protection? For e.g, did/does Emsi protect from APT3’s hp.swf CVE -2015-3113 exploit code? https://www.virustotal.com/en/file/ff3163c628649a13c765d7abfa933223bf45374830e3052fbf52c0bf4bcaf5a1/analysis/1435248343/ thank you!
  14. Fabian thank you for the clear answer! Peter, thank you for the input...I saw your point/ the discussion on wilders, that s why I checked here if Emsi Am/ Is protected from this threat or if addition tools were needed/ suggested. I hope Emsi will find a way to protect from file-less infections one day!
  15. ..not sure I understood your repky correctly.. EMET is a good program to add protection against file-less infections or it doesn't cover this kind of infections ? Thank you
  16. Fabian, thank you. What additional software would you recommend to properly detect file-less infections? 2. On http://support.emsisoft.com/topic/15469-oas-physical-memory-access-hips-component-question/ you said OA in general does prevent applications from writing into other processes. Just to be sure, does Emsi AM and/OR Emsi IS offer this feature? Thank you
  17. ...so is Emsi detecting now file-less infections properly or only when they try to establish persistence on a user's system? thank you
  18. GT500, thank you! With heuristic do you mean Emsi capability of scanning software for suspect code/instructions? Do you use,Emsi or BD heuristic?
  19. Thank you. Does this mean point 2 was not improved and you are still working on it?
  20. Hello Fabian, will file-less infections be detected properly now with Emsi 10? Java, Win and mostly Flash bugs and exploits are being discovered and implemented in kits always faster and more often..Tempus was not too wrong, in my opinion. We hope Emsi will keep doing the great job they did till now and keep us safe also from unknown malwares. thank you and good work!
  21. Hello Emsi Team, How does Emsi protect against Phising sites, bad URL and malicious scripts? Do you use Emsi engine or /and Bitdefender' s one? Do you use signature only detection or also heuristic and maybe a BB specific for these areas? Thank you