hjlbx

Tester
  • Content count

    268
  • Joined

  • Last visited

  • Days Won

    1

hjlbx last won the day on February 3 2015

hjlbx had the most liked content!

Community Reputation

2 Neutral

About hjlbx

  • Rank
    Forum Regular

Profile Information

  • Gender
    Male
  • Location
    USA

Recent Profile Visitors

5178 profile views
  1. I'd be surprised if the BB\new fortification does not monitor for disabling of WFW by unknown processes and via abuse of trusted processes. Monitoring of modifications of the WFW portions of the registry, netsh, Set-NetFirewallProfile, etc is monitored by the BB if I am not mistaken - but the monitoring might be limited to only suspicious actions - and turning off WFW in and of itself is not a suspicious action. The context within which it is turned OFF is what differentiates legitimate from suspicious actions, but I do not know if EAM makes that distinction when turning OFF WFW. Windows itself already provides a notification when WFW is disabled - either a toaster on W10 or a Security Center tray icon tooltip. So, even if malware manages to somehow bypass the BB and disables WFW, Windows itself notifies the user "Hey !! WFW is OFF !" It is possible that Emsisoft chose to rely upon the Windows notification that WFW is OFF. If that is the case, then the ease with which that notification can be disabled should be considered. If the user manually disables the WFW, well then, that is on the user. Isn't it ? Ask Arthur (GT500).
  2. Keep in-mind both powershell.exe and cmd.exe are whitelisted processes. You can modify their respective BB categories for demonstration purposes. It isn't going to demonstrate the same thing as an unknown process attempting to disable Windows Firewall. Open an administrative PowerShell. Type Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False (to turn back on change False to True) or Open an administrative command prompt. Type netsh advfirewall set allprofiles state off (to turn back on change off to on)
  3. pfsense is not suited to the typical Emsisoft user.
  4. Matousec is abandoned\defunct. The posted test results are obsolete.
  5. Did anyone try the typical default "forever" value of 0 ?
  6. Firewall discussion

    Using a 3rd-party firewall does not automatically block nor ensure blocking of Microsoft data collection. It doesn't work that way.
  7. Firewall discussion

    COMODO's firewall has rated highly in tests from years gone by. It has a HIPS and sandbox. If you intend to use the sandbox along with EAM's BB you can forget it as the sandbox interferes with the BB. I've seen misbehaviors. With a CFW EAM combo you are certain to get double alerts. You should ask Arthur (GT500) if EAM can even run alongside CFW nowadays.
  8. Firewall discussion

    No. I had used EIS since it was released. It offered no significant advantage over Windows Firewall - mostly because 99.99 % of the time the laptop was behind a home NAT router and 100 % of that entire time the system was never infected. For public wifi usage a VPN is more relevant to security than a 3rd party firewall. The behavior blocker monitors for suspicious firewall\port activity. In other words, suspicious firewall\port activity triggers a behavior blocker alert. A lot of people just see a BB alert, but do not understand that it is alerting to suspicious firewall actions. In malware testing the BB is picking-off suspicious networking stuff.
  9. Use Emsisoft along with Kaspersky?

    The absence of obvious conflicts on a day-to-day basis does not mean that conflicts between the two products cannot happen, especially when the system gets smacked with malware and both products simultaneously react to protect the system. One product's protection mechanisms can interfere with the other's. In the worst case scenario such a conflict can result in a protection failure in both products. Plus there can be double alerts - not to mention impact on system resources. While such combos are possible, they are not in a user's best interests. Perhaps it is counter-intuitive, but less is more.
  10. powershell ransomware

    Fabian mentioned somewhere in the past (I think on Wilders): 1. Powershell script parsing is an ongoing project due the many ways powershell can be used to attack 2. Attributing action to a script requires it to be unobfuscated (he made a brief distinction between unobfuscated and obfuscated) And Windows powershell is not powershell.exe; Windows powershell is System.Management.Automation. Disabling powershell.exe on a system is not 100 % absolute protection against powershell abuse. A custom .exe and .dll can be used to execute powershell even with powershell.exe is disabled. Is all of this something you should be paranoid about ? Statistically it is "fringe" stuff and should not be a day-to-day concern. The litmus test is this question: "How many dedicated Emsisoft users actually have their system(s) compromised under typical computing conditions ?" What do you think - is it a tiny, a small or a big number ? Anyway, potentially serious security issues seem to be pretty much always addressed by Emsisoft.
  11. I can confirm this behavior. If a VM is cloned or copied, then moved to another host, the HWID and MAC address of the VM changes. VM cloning and then moving it to a different system or sometimes even keeping it on the same system causes quite a bit of frustrating software deactivation and\or breakage.
  12. Just curious, how does the parser and behavior blocker handle obfuscated malicious scripts ? Same for in memory-only ? Or does File Guard simply treat obfuscated scripts as potentially malicious ?
  13. Thanks for the reply. Tests that use simulators or custom malware suggest that protection effectiveness under simulated conditions will translate to identical protection effectiveness under real-world conditions. What is your perspective on this ? I think it is important to ask because there is enough debate regarding simulators and the nature of the arguments lead to general confusion more than anything else.
  14. Just curious as to why Emsisoft did not agree to participate in the AVLab testing of drive-by download protections ? https://avlab.pl/test-antywirusowej-ochrony-przed-atakami-drive-download#comment-1811