hjlbx

Tester
  • Content count

    242
  • Joined

  • Last visited

  • Days Won

    1

hjlbx last won the day on February 3 2015

hjlbx had the most liked content!

Community Reputation

1 Neutral

About hjlbx

  • Rank
    Forum Regular

Profile Information

  • Gender
    Male
  • Location
    USA

Recent Profile Visitors

4074 profile views
  1. Thanks for the reply. Tests that use simulators or custom malware suggest that protection effectiveness under simulated conditions will translate to identical protection effectiveness under real-world conditions. What is your perspective on this ? I think it is important to ask because there is enough debate regarding simulators and the nature of the arguments lead to general confusion more than anything else.
  2. Just curious as to why Emsisoft did not agree to participate in the AVLab testing of drive-by download protections ? https://avlab.pl/test-antywirusowej-ochrony-przed-atakami-drive-download#comment-1811
  3. Excluding WinWord.exe in HMP.A fixes the behavior blocker; excluding WinWord.exe in Emsisoft does not fix HMP.A (stable or beta) I am not saying there is a problem with Emsisoft; from what I see, HMP.A is the problem I could care less about HMP.A - I don't use it - so I am only submitting this issue to give you a heads-up Users will have to test programs in a way to verify that HMP.A is not breaking Emsisoft's behavior blocker - and how many people are going to do that ? Personally, I don't think people should combo anti-exploits with Emsisoft - but a lot of people do
  4. Unfortunately, I made all the exclusions possible during that test and re-tests. Co-excluding each product's folders in the other's results in the same behavior shown in the video. Personally, I could care less about HMP.A as I don't use it, but I know many others here that do and like to combo it with Emsi.
  5. EIS stable 7567 Windows 10 Pro Version 1703 OS Build 15063.413 64-bit Frank, I have sent you a PM with the download link for the malware along with the password Please take-down the video once you have grabbed it if you wish Use the current stable or beta versions of HMP.A to replicate; all will give the same result = break the behavior blocker in this particular test scenario The system after the second test after HMP.A has been installed alongside EIS is fully infected I cut the video short before the launch of powershell and both it and wscript connecting out to the network What the malware actually does is not important; HMP.A causing the behavior blocker not to react in this particular test is what is important A demonstration of how piling other security softs on top of Emsisoft can negatively affect the behavior blocker; Emsisoft protected the system until another security soft - that was not needed - was added to the system You have the sample and can fully replicate Video removed by OP
  6. What I am suggesting to the OP is that crashes might be due to something else; he is attributing the crashes to EIS without knowing what is actually causing the crash. Until someone looks at a dump, the cause of any crash is speculation. Anyway, my intent is not to get in the middle of your support so I will end it here.
  7. I know you are upset, and I feel your frustration. However, switching to a different security solution will probably make you happy only for a short time. That is until you experience other problems with a different solution and find yourself in similar or worse circumstances. And then you will find that other vendors do not provide support of the same caliber as Emsisoft. You said "EIS makes the PCs crash ?" Do you mean BSOD on all 5 systems ? If there is a BSOD, then you can send the memory dump to support. They will analyze the dump to identify what is actually causing the BSOD. I suggest that you ask GT500 about it.
  8. I used this method as a workaround in the past: Immediately after installing Windows 7 install KB2958399, instead of installing it after running Windows Update and applying all the updates. If installation of KB2958399 succeeds, then update Windows. Afterwards, install Emsisoft. I always double-checked to make sure that I grabbed the version with the correct bitness. The Microsoft download page for the KB will detect a user's browser bitness and should show the correct version. There are three: x86, x64 and ia64. However, just because the download link shows x64, doesn't necessarily mean what is downloaded is actually x64. I have seen SillySoft get their wires crossed.
  9. hi hjlbx, thanks, yes i'd be interested, please provide me with link + password

     

    thanks

     

     

    1. hjlbx

      hjlbx

      I gotta tell ya Frank... Emsi products just keep getting better and better.  I don't mean that sarcastically.

      You know I am a "fanboy."

      * * * * *

      I don't think you need it, but here is the command line:

      Cmd /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

      * * * * *

      It's a command line snippet from WannaCry

      The "wbadmin delete catalog" portion is specifically for Servers

      The problem is "wmin shadowcopy delete" - but you guys already knew that

       

      As always, Best Regards

       

       

       

       

  10. Frank, please PM me and I will provide you a download link for the *.bat and password. Video is .mp4 format. Delete Shadow Copies.mp4
  11. I gotcha. I find that I rarely go to the Applications Rules list since I can just double-click on a process in the Behavior Blocker list and check its rule. EAN pretty much takes care of the actual rules. I find the infos in the BB list more immediately and practically useful - at least to me. Plus, I am one of those users that much prefers the tray icon context menu - out of habit more than anything else.
  12. In practice, I find that I usually go to the Behavior Blocker list first to verify what is running, it's reputation, etc and then, if need be, go to the Application Rules list I find that I spend more time looking at the Behavior Blocker list than I do at the Application Rules - since the EAN pretty much takes care of the rules in 99.9 % of the cases The current logic is that a user must open the GUI first and then navigate to Protection > Behavior Blocker It would be more convenient to be able to open the Behavior Blocker list directly from the tray icon context menu - instead of always having to open the GUI and navigate to it It would be a practical feature to add EAM or EIS tray icon > right-click > Behavior Blocker (list) I am not suggesting that the Application Rules link should be removed from the tray icon context menu; I am requesting only that a link to the Behavior Blocker list be added to it
  13. Never mind. When Process Hacker 2 finally does a check for updates a rule is created in the Application Rules list. I mistakenly thought that it checked for updates every time it was launched. Not a bug.
  14. Logs requested Timestamped logs from 1:50 and 1:59 AM = launched Process Hacker 2 repeatedly Active processhacker.exe was in the Behavior Blocker active process list, but once again a rule is not created for processhacker.exe in the Applications Rules list a2guard_20170606015103(8220).zip