emwul64

Thanks. I didn't know that, to be honest. ("name of a signature"... etc.) As for the plain text file, it is/was simple text, no scripts or something special. No doubt it was a false positive. It can be that some AV software are stumbling over such self extracting files with 'potentially unwanted behaviour'. As said, I'd expected this from Emsisoft rather than from WD. Then again, WD reports that actions are recommended, but leaves the user puzzled as to what exactly the user is required to do ... 🙂

Windows Defender showed a "This program has potentially unwanted behaviour"-warning that refers to Win32/Wacapew.C!ml Vainly tried to find this file. The affected file was a self extracting .exe of a plain text file that I created myself. Defender has blocked the file and required me to scan the system. I did so. Probably everything is okay now. The thing I was wondering about is why Emsisoft didn't come in here. Maybe I am wrong, but I assumed that Emsisoft did the virus protection part and the firewall part was left to Windows Defender(?) I believe even searching the Emsisoft website did not show any hits on Wacapew. Thanks.

Thanks for the explanation. Probably a one-off glitch or something. Windows does respond a peculiar way sometimes. Actually shutting down never goes wrong so far, so I don't wait: start the shut down - shut off the monitor and just walk away. Nowadays I wait...🙂 Best regards

Yesterday I shut down my PC as usual, shut down the monitor and went away. This morning I discovered that my PC has been running whole night. So I checked out the event log and noticed that after I initiated the shutdown, Emsisoft started the update procedure Date Time Event Source Description . 07-05-2021 16:59:21 1074 User32 The process Explorer.EXE has initiated the shutdown of computer DESKTOP...etc. 07-05-2021 16:59:22 15 SecurityCenter Updated Emsisoft Anti-Malware status successfully to SECURITY_PRODUCT_STATE_ON. Followed by quite a number of 'Errors' : the usual eppcom64.dll that did not meet the XX signing level requirements and ended with: Date Time Event Source Description 07-05-2021 17:01:02 1073 User32 The attempt by user DESKTOP-K5IEMOI\<USER> to restart/shutdown computer DESKTOP-K5IEMOI failed I needed to log on (normally this is not the case, I have disabled having to enter my password. I am the only user, so, no password, I get the desktop straightaway. After entering my password I got a blank screen, remained blank for half an hour, so I rebooted. Then the logon screen showed two user names, left bottom corner. Managed to get in. I just wonder, could it be that updating -after- initiating the shutdown could have posed these problems? Thanks.

Thank you very much indeed. I'll switch it on as well. It is a bit strange why it was Off in the 1st place. Anyway, thanks for the tip.

Frankly, I am not sure about the Potential unwanted app thing. Will leave it as it is right now. OTOH I assumed(!) that EAM would take over all settings relating to security, except the firewall, leaving that one to Defender. Anyway, thanks again for getting back on this.

Thanks for the above. I have 3 Windows 10 x64 VM's. #1) clean, x64 19041.662 #2) clean, x64 19042.662 #3) 19042.662 with applications and Emsisoft. I installed Emsisoft on #1 and #2 Below find the powershell results: VM1: Name VMP Windows 10 20H2 19041.662 (19041...) Clean system Installed latest Emsisoft Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Try the new cross-platform PowerShell https://aka.ms/pscore6 PS C:\WINDOWS\system32> Get-CimInstance -NameSpace root/SecurityCenter2 -ClassName AntiVirusProduct displayName : Emsisoft Anti-Malware instanceGuid : {5FD8BF8F-F242-6153-61B5-8FF333E8736B} pathToSignedProductExe : C:\Program Files\Emsisoft Anti-Malware\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe productState : 266240 timestamp : Fri, 04 Dec 2020 05:09:10 GMT PSComputerName : displayName : Windows Defender instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} pathToSignedProductExe : windowsdefender:// pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe productState : 393472 timestamp : Fri, 04 Dec 2020 05:09:12 GMT PSComputerName : ====================== VM2: Name: UserX - Windows 10 x64 19042.662 Clean system - no Emsisoft. Installed Emsisoft. Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Try the new cross-platform PowerShell https://aka.ms/pscore6 PS C:\WINDOWS\system32> Get-CimInstance -NameSpace root/SecurityCenter2 -ClassName AntiVirusProduct displayName : Emsisoft Anti-Malware instanceGuid : {5FD8BF8F-F242-6153-61B5-8FF333E8736B} pathToSignedProductExe : C:\Program Files\Emsisoft Anti-Malware\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe productState : 266240 timestamp : Fri, 04 Dec 2020 05:02:18 GMT PSComputerName : displayName : Windows Defender instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} pathToSignedProductExe : windowsdefender:// pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe productState : 393472 timestamp : Fri, 04 Dec 2020 05:02:20 GMT PSComputerName : PS C:\WINDOWS\system32> ===== VM3: Name: Windows 10 x64 - 19042.662 with a number of applications installed. Emsisoft installed PS C:\WINDOWS\system32> Get-CimInstance -NameSpace root/SecurityCenter2 -ClassName AntiVirusProduct displayName : Emsisoft Anti-Malware instanceGuid : {67773CDD-EA83-AD98-A2ED-386463EB3B0D} pathToSignedProductExe : C:\Program Files\Emsisoft Internet Security\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Internet Security\a2service.exe.old productState : 266240 timestamp : Sun, 18 Aug 2019 14:16:56 GMT PSComputerName : displayName : Emsisoft Anti-Malware instanceGuid : {5FD8BF8F-F242-6153-61B5-8FF333E8736B} pathToSignedProductExe : C:\Program Files\Emsisoft Internet Security\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Internet Security\eppwsc.exe productState : 266240 timestamp : Fri, 04 Dec 2020 04:19:35 GMT PSComputerName : displayName : Windows Defender instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} pathToSignedProductExe : windowsdefender:// pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe productState : 393472 timestamp : Wed, 02 Dec 2020 07:43:00 GMT PSComputerName : PS C:\WINDOWS\system32> === Note: Windows Settings > Update & Security > Windows Security > App & Browser Control > Reputation-based protection > Potentially unwanted app blocking is 'Off' Hope above will serve its purposes. If you need any further details, let me know. If not, I am going to clear / release the used licenses. Best regards.

Selecting 'Dismiss' - the exclamation mark will disappear. Tried to find information in the Help file on "potentially unwanted app blocking" I suppose they should be enabled? Both on my VM and host pc they are disabled. Even after re-installing Emsisoft.

It is probably in the 20H2 version build 19042.66x There are some changes there, specifically the item "Potentially unwanted app blocking" I have Windows 10 x64 19041.662 (2004) running as VM, there was no exclamation mark in Defender in the toolbar. Screenshots 1909 build18383.1198 to 2004 build 19041.662 to 20H2 build 19042.662 Maybe because 19042.662 is an insider thing this still needs some update/development.. Thanks.

It is 64-bit.

Yesterday, after updating to Windows 10 v20H2 (19042.660) I noticed that 'App & browser control' was turned off. Tried to turn it on from within Windows settings > Emsisoft (see attachment) but turning on would not stick, i.e. it remained 'Turned off'. Later I updated to build 19042.662 rebooted a few times, but it remained turned off, also this morning. Any suggestions? Thanks.

As always, many thanks! Likely the 'crash' was just a one-off case. Never had this before. Again, thanks. Best regards.

The Windows 10 x64 (18363.1082) event log is showing the following entries (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the 8 signing level requirements. (\Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppwsc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the 7 signing level requirements. Emsisoft v2020.11. At one point the protection was 'Off', but the 'Fix Now' didn't work. Had to shut down and restart. Any suggestions? BTW it almost always involves harddiskvolume4 which is in fact a Samsung 850 Pro SSD C:-drive with Windows. Thanks. = =

Thank you! It's no problem. I'll get back on this if it happens again, but, as said, I guess it is just a one-off thing. Best regards.

At boot I always get the below Windows notification " Check virus protection Windows Defender Antivirus and Emsisoft Anti-Malware are both turned off. Tap or click to see installed antivirus apps. " Normally I don't pay attention to it, as one or two minutes later both are turned on anyway. Today, however, they both remained turned off and even the Emsisoft 'Fix now' would not work. I needed to reboot my PC to get both running again. (Of course first with the above warning) Log file shows: Shutdown at 18:21 PC Boot at 06:12 Reboot at 09:44 (see below) Emsisoft Anti-Malware v2020.9.0.10390 Windows 10 x64 1909 (18363.836) Probably this is just a one-off thing, but I report it anyway.