Jump to content

emwul64

Member
  • Posts

    80
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by emwul64

  1. An update of installed software is released. During setup I get these pop-ups "A notification message "Suspicious behavior has been found in the following program: C:\Windows\Installer\blah-blah.tmp". After 4-5 times I cancelled the setup. It involved an update of ExpressVPN software. Virustotal says it is clean., 0 detections. These pop-ups, they may be justified, but after a number of them I start to doubt, so I stopped. Two questions: - how to avoid those in case of virus free software? or, alternatively, - how to avoid those in case of the setup of virus free updates of existing/installed applications? Thanks.
  2. This problem exists already since November (ref thread "Bizarre interface?"). It still exists. As a temporary workaround, if needed, TRY settings, change appearance from bright to black and then back to bright again. At least it isn't partly transparent during that session. That's to say..., with me that works as a temporary solution. Changing the skin.ini: my experience is that this is not possible (no permissions). Something like: "C:\Program FilesNEmsisoft Anti-Malware\skin.ini "You do not have permission to open this file. See the owner "of the file or an administrator to obtain permission. Back in November I succeeded once by using a tool 'Take Ownership'. Later attempts didn't work anymore. So I let it rest. I believe that Emsisoft should offer a patch tool that takes care of this skin.ini thing.
  3. Thanks. I found out it was caused by the links to senders avatar and email on the Google Community. If they are not included then notifications are open quickly. It is as it is...
  4. When opening specific Google notification mails within Outlook my system freezes. It takes roughly 30-40 seconds to actually open the mail. Roughly at the end of this 30-40 seconds the Outlook title bar says '... not responding'. During this process only the borders of the outside box are being displayed, rest is transparent. This is with Google Help Community notifications only. Within the notifications there are some 5 URL's: the usual ones, like [Reply] [Unsubscribe] but also links to sender's avatar and email. All links are as follows 1. When hovering over the URLs, they start with: https-notifications.google.com/blah blah 2. However, when copied to clipboard, the URLs read: https-emea01.safelinks.protection.outlook.com/blah blah Am using Office 365 (subscription) on Windows 10 X64 with Outlook on Exchange basis (reason for this 'emea01.safelinks.protection) My guess is that the URL's are being checked, causing the delay. I did try Emsisoft > Disable all components, but still can't tell: some notifications (same subject) loaded fast, others were slow. Not sure whether Emsisoft is involved here. Any suggestions? Thanks!
  5. I do agree with this. I already spent time to elaborately report it, with screenshots and all. Most likely Emsisoft's words carry more weight, whereas my post will automatically end up in the Recycle bin.
  6. There is an earlier thread titled 'BUG in forum software', but that one is closed. There is no section to post non-Emsisoft software topics. Please allow me to post here. It's about forum notifications. (1) Clicking on the URL in the notification leads to me to a "Sorry - We could not find that topic"-error (2) (3) Assuming that it is because I am not logged in, I log in, but I am not redirected to the specific post. (4) Then I open the notifications panel of my profile and notice that the notification is not listed there. (5) Whilst being logged in I click on the URL again, same error. Am I the only one having this problem?
  7. Wait ...! Not sure whether Emsisoft support is to blame here. This matter has been solved in the a direct communication (PM/Mail). In my case it had something to do with hardware acceleration. Adding lines [General] and renderer=WARP to skin.ini solved it, see post above. Maybe it had something to do with Emsisoft having "Redesigned user interface"(??) Anyway, after the matter was solved, I guess both Emsisoft and I went on and more or less forgot about this thread. Probably, as TS, I should have posted the solution.
  8. Matter solved - thanks! disabled self protection then used "TakeOwnerShip" (see: https://www.tenforums.com/tutorials/3841-add-take-ownership-context-menu-windows-10-a.html) edit the skin.ini re-enabled self protection reboot Note that I do not know whether the 'takeownership' was essential in this case. It is a registry entry.
  9. Please allow me to step in here... (I think it makes no sense to create a separate thread about the same problem) Frankly, I am 'happy' to see that I am not the only one. Also see my post titled "Is there a way to remove uninstall left overs?" Uninstalled Emsisoft a few times. Even did the 'EmsiClean' (tagged the option to remove the Emsisoft folder entirely) Re-installed Emsisoft. It did not solve the problem. There is indeed an empty skini.ini-file in C:\Program Files\Emsisoft Anti-Malware. However, even as administrator I can neither edit/rename or delete it nor overwrite it. Permissions are the same as SYSTEM. Emsisoft-Interface-Video-06112021 061036.mp4
  10. Thanks. I could launch Emsisoft from taskbar-icon, even though it was 'uninstalled' and not showing in the programs list. Also this time update Emsisoft went fine, at least.. it looks that way. The GUI still looked like above. Funny, updating a non-installed program. Anyway, I'll do the emsiclean and see what happens. Thanks again.
  11. Tried to update Emsisoft, update didn't work. Emsisoft showed up with funny colours. So I decided to uninstall it. It is not in the program list, but after reboot, taskbar-icon and desktop-icon are still there. Running EmsisoftAntiMalwareSetup64.msi didn't work out: Emsisoft detected an installed version. Any tool that may remove all leftovers, so I can perform a fresh install? Thanks.
  12. Up front, to be honest, I have not read all about Emsisoft Browser Security. The Emsisoft Browser Security is active and it is displayed in the browser toolbar, next to uBlock Origin. The combo works together nicely and I have never had any questions. I stumbled over a problem of site that is constantly showing a pop-up. It is good site, about Microsoft Excel, tips and tricks, a blog and a forum etc. I sent them a mail asking how to get rid of this pop-up and they answered it had something to do with cookies. OTOH the site has no way to 'accept' cookies, like most other sites. After checking (Edge in developer mode, F12 > Console) I noticed that a number of tracking cookies were blocked access to store data. "Tracking Prevention blocked access to storage for..." (etc) "Failed to load resource: net::ERR_BLOCKED_BY_CLIENT"... I then had VirusTotal check a few URLs and they were fine. Probably uBlock Origin is blocking a site named I.sharethis.com Above as background. Comes in Emsisoft Browser Security: if I were to disable uBlock Origin on that site, would then Emsisoft take over and to what extend are these tools overlapping? So far there was never need to compare both products: they worked together nicely. Maybe it has always been 'overdone', I don't know. Thank you.
  13. Thanks. I didn't know that, to be honest. ("name of a signature"... etc.) As for the plain text file, it is/was simple text, no scripts or something special. No doubt it was a false positive. It can be that some AV software are stumbling over such self extracting files with 'potentially unwanted behaviour'. As said, I'd expected this from Emsisoft rather than from WD. Then again, WD reports that actions are recommended, but leaves the user puzzled as to what exactly the user is required to do ... 🙂
  14. Windows Defender showed a "This program has potentially unwanted behaviour"-warning that refers to Win32/Wacapew.C!ml Vainly tried to find this file. The affected file was a self extracting .exe of a plain text file that I created myself. Defender has blocked the file and required me to scan the system. I did so. Probably everything is okay now. The thing I was wondering about is why Emsisoft didn't come in here. Maybe I am wrong, but I assumed that Emsisoft did the virus protection part and the firewall part was left to Windows Defender(?) I believe even searching the Emsisoft website did not show any hits on Wacapew. Thanks.
  15. Thanks for the explanation. Probably a one-off glitch or something. Windows does respond a peculiar way sometimes. Actually shutting down never goes wrong so far, so I don't wait: start the shut down - shut off the monitor and just walk away. Nowadays I wait...🙂 Best regards
  16. Yesterday I shut down my PC as usual, shut down the monitor and went away. This morning I discovered that my PC has been running whole night. So I checked out the event log and noticed that after I initiated the shutdown, Emsisoft started the update procedure Date Time Event Source Description . 07-05-2021 16:59:21 1074 User32 The process Explorer.EXE has initiated the shutdown of computer DESKTOP...etc. 07-05-2021 16:59:22 15 SecurityCenter Updated Emsisoft Anti-Malware status successfully to SECURITY_PRODUCT_STATE_ON. Followed by quite a number of 'Errors' : the usual eppcom64.dll that did not meet the XX signing level requirements and ended with: Date Time Event Source Description 07-05-2021 17:01:02 1073 User32 The attempt by user DESKTOP-K5IEMOI\<USER> to restart/shutdown computer DESKTOP-K5IEMOI failed I needed to log on (normally this is not the case, I have disabled having to enter my password. I am the only user, so, no password, I get the desktop straightaway. After entering my password I got a blank screen, remained blank for half an hour, so I rebooted. Then the logon screen showed two user names, left bottom corner. Managed to get in. I just wonder, could it be that updating -after- initiating the shutdown could have posed these problems? Thanks.
  17. Thank you very much indeed. I'll switch it on as well. It is a bit strange why it was Off in the 1st place. Anyway, thanks for the tip.
  18. Frankly, I am not sure about the Potential unwanted app thing. Will leave it as it is right now. OTOH I assumed(!) that EAM would take over all settings relating to security, except the firewall, leaving that one to Defender. Anyway, thanks again for getting back on this.
  19. Thanks for the above. I have 3 Windows 10 x64 VM's. #1) clean, x64 19041.662 #2) clean, x64 19042.662 #3) 19042.662 with applications and Emsisoft. I installed Emsisoft on #1 and #2 Below find the powershell results: VM1: Name VMP Windows 10 20H2 19041.662 (19041...) Clean system Installed latest Emsisoft Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Try the new cross-platform PowerShell https://aka.ms/pscore6 PS C:\WINDOWS\system32> Get-CimInstance -NameSpace root/SecurityCenter2 -ClassName AntiVirusProduct displayName : Emsisoft Anti-Malware instanceGuid : {5FD8BF8F-F242-6153-61B5-8FF333E8736B} pathToSignedProductExe : C:\Program Files\Emsisoft Anti-Malware\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe productState : 266240 timestamp : Fri, 04 Dec 2020 05:09:10 GMT PSComputerName : displayName : Windows Defender instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} pathToSignedProductExe : windowsdefender:// pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe productState : 393472 timestamp : Fri, 04 Dec 2020 05:09:12 GMT PSComputerName : ====================== VM2: Name: UserX - Windows 10 x64 19042.662 Clean system - no Emsisoft. Installed Emsisoft. Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Try the new cross-platform PowerShell https://aka.ms/pscore6 PS C:\WINDOWS\system32> Get-CimInstance -NameSpace root/SecurityCenter2 -ClassName AntiVirusProduct displayName : Emsisoft Anti-Malware instanceGuid : {5FD8BF8F-F242-6153-61B5-8FF333E8736B} pathToSignedProductExe : C:\Program Files\Emsisoft Anti-Malware\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe productState : 266240 timestamp : Fri, 04 Dec 2020 05:02:18 GMT PSComputerName : displayName : Windows Defender instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} pathToSignedProductExe : windowsdefender:// pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe productState : 393472 timestamp : Fri, 04 Dec 2020 05:02:20 GMT PSComputerName : PS C:\WINDOWS\system32> ===== VM3: Name: Windows 10 x64 - 19042.662 with a number of applications installed. Emsisoft installed PS C:\WINDOWS\system32> Get-CimInstance -NameSpace root/SecurityCenter2 -ClassName AntiVirusProduct displayName : Emsisoft Anti-Malware instanceGuid : {67773CDD-EA83-AD98-A2ED-386463EB3B0D} pathToSignedProductExe : C:\Program Files\Emsisoft Internet Security\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Internet Security\a2service.exe.old productState : 266240 timestamp : Sun, 18 Aug 2019 14:16:56 GMT PSComputerName : displayName : Emsisoft Anti-Malware instanceGuid : {5FD8BF8F-F242-6153-61B5-8FF333E8736B} pathToSignedProductExe : C:\Program Files\Emsisoft Internet Security\a2start.exe pathToSignedReportingExe : C:\Program Files\Emsisoft Internet Security\eppwsc.exe productState : 266240 timestamp : Fri, 04 Dec 2020 04:19:35 GMT PSComputerName : displayName : Windows Defender instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} pathToSignedProductExe : windowsdefender:// pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe productState : 393472 timestamp : Wed, 02 Dec 2020 07:43:00 GMT PSComputerName : PS C:\WINDOWS\system32> === Note: Windows Settings > Update & Security > Windows Security > App & Browser Control > Reputation-based protection > Potentially unwanted app blocking is 'Off' Hope above will serve its purposes. If you need any further details, let me know. If not, I am going to clear / release the used licenses. Best regards.
  20. Selecting 'Dismiss' - the exclamation mark will disappear. Tried to find information in the Help file on "potentially unwanted app blocking" I suppose they should be enabled? Both on my VM and host pc they are disabled. Even after re-installing Emsisoft.
  21. It is probably in the 20H2 version build 19042.66x There are some changes there, specifically the item "Potentially unwanted app blocking" I have Windows 10 x64 19041.662 (2004) running as VM, there was no exclamation mark in Defender in the toolbar. Screenshots 1909 build18383.1198 to 2004 build 19041.662 to 20H2 build 19042.662 Maybe because 19042.662 is an insider thing this still needs some update/development.. Thanks.
  22. Yesterday, after updating to Windows 10 v20H2 (19042.660) I noticed that 'App & browser control' was turned off. Tried to turn it on from within Windows settings > Emsisoft (see attachment) but turning on would not stick, i.e. it remained 'Turned off'. Later I updated to build 19042.662 rebooted a few times, but it remained turned off, also this morning. Any suggestions? Thanks.
  23. As always, many thanks! Likely the 'crash' was just a one-off case. Never had this before. Again, thanks. Best regards.
  24. The Windows 10 x64 (18363.1082) event log is showing the following entries (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the 8 signing level requirements. (\Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppwsc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the 7 signing level requirements. Emsisoft v2020.11. At one point the protection was 'Off', but the 'Fix Now' didn't work. Had to shut down and restart. Any suggestions? BTW it almost always involves harddiskvolume4 which is in fact a Samsung 850 Pro SSD C:-drive with Windows. Thanks. = =
×
×
  • Create New...