• Announcements

    • Fabian Wosar

      Opportunity to make your hobby a job: Hiring a Tech Evangelist / Community Manager   08/03/17

      Emsisoft is on the hunt for a passionate tech evangelist specializing in the antivirus industry. If you love malware protection software and have a proven ability to generate acquisition traffic through industry influencers, this could be the job for you! You will be responsible for increasing our brand and product visibility on an international level, with a particular focus on English and German speaking regions. Whenever someone asks or searches for good protection software, we want our name to appear. More details at https://www.emsisoft.com/en/company/jobs/


  • Content count

  • Joined

  • Last visited

  • Days Won


hjlbx last won the day on February 3 2015

hjlbx had the most liked content!

Community Reputation

1 Neutral

About hjlbx

  • Rank
    Forum Regular

Profile Information

  • Gender
  • Location

Recent Profile Visitors

4356 profile views
  1. Firewall discussion

    Using a 3rd-party firewall does not automatically block nor ensure blocking of Microsoft data collection. It doesn't work that way.
  2. Firewall discussion

    COMODO's firewall has rated highly in tests from years gone by. It has a HIPS and sandbox. If you intend to use the sandbox along with EAM's BB you can forget it as the sandbox interferes with the BB. I've seen misbehaviors. With a CFW EAM combo you are certain to get double alerts. You should ask Arthur (GT500) if EAM can even run alongside CFW nowadays.
  3. Firewall discussion

    No. I had used EIS since it was released. It offered no significant advantage over Windows Firewall - mostly because 99.99 % of the time the laptop was behind a home NAT router and 100 % of that entire time the system was never infected. For public wifi usage a VPN is more relevant to security than a 3rd party firewall. The behavior blocker monitors for suspicious firewall\port activity. In other words, suspicious firewall\port activity triggers a behavior blocker alert. A lot of people just see a BB alert, but do not understand that it is alerting to suspicious firewall actions. In malware testing the BB is picking-off suspicious networking stuff.
  4. Use Emsisoft along with Kaspersky?

    The absence of obvious conflicts on a day-to-day basis does not mean that conflicts between the two products cannot happen, especially when the system gets smacked with malware and both products simultaneously react to protect the system. One product's protection mechanisms can interfere with the other's. In the worst case scenario such a conflict can result in a protection failure in both products. Plus there can be double alerts - not to mention impact on system resources. While such combos are possible, they are not in a user's best interests. Perhaps it is counter-intuitive, but less is more.
  5. EAM *.7838 Windows 10 Pro 1703 OS Build 15063.540 x64 1. Execute malicious file (Locky variant) 2. Behavior blocker eventually detects suspicious activity, AMN query is performed, Bad reputation is returned, and the behavior blocker auto-resolves the file by terminating and sending to quarantine 3. The malicious process still appears in the behavior blocker list of actively running processes, but the process is not in active memory on the system 4. In the behavior blocker list, right-click on the process and select any of the context menu options and nothing happens (as expected) 5. Reboot system removes process from the behavior blocker active list 6. This same quirk happens when an active Bad reputation process, that just sits there and does nothing to trigger the behavior blocker, self-terminates Locky_Variant__diablo6.zip termsrv.zip
  6. EAM *.7838 Windows 10 Pro 1703 OS Build 15063.540 x64 1. Extract malware pack 2. Files are detected by File Guard real-time protection 3. Detected files are auto-quarantined and added to the Quarantine folder with .EIQF extension 4. Not all detected and auto-quarantine files appear in the GUI Quarantine list 5. Also some event logging quirks appeared in the Forensic Log during the process of detection and auto-quarantine There are occasional duplicate entries. The Component\Action sequences are OK. In the image below, take note of duplicate, identical line items for: xls.xls (there is a duplicate "infection quarantined") JbhbUsFs.exe (there is a double behavior blocker detection and Core notification) Minor GUI stuff; the applicable protections themselves are working. 11-8-17_6.7z
  7. I had a similar issue with Dell Command Update that I did not post here. Instead I supplied the utility by sending to [email protected] The issue was fixed. If that DetectDockW.vbs persists in that directory, then you'll want to send it along with the HP Recovery agent.
  8. Arief has everything and states it will be fixed over the next few updates. Please close-out this thread if you wish Frank.
  9. Office365 installer submitted to [email protected] along with a link to this thread. The Office365 installer was not auto-quarantined. Also, a file manually added to quarantine by the user cannot be submitted as a false positive; the false positive button is disabled when a user manually adds a file to quarantine.
  10. EIS 2017.7.0.7797 Office365 (all versions) The Office365 installer launches Powershell. Powershell code triggers Emsi's anti-exploit protection.
  11. I can't resist on this one. I sure as hell wouldn't want you sitting in my trial jury box. It would be all over for me. "Awhfff wit 'is head !!" LOL...
  12. Yeah, well, unless they get more users reporting similar slowdowns it isn't going to be prioritized for a fix. I mean I am the only one who is reporting it. And I searched for prior similar reports as far back as I could go and basically found nothing.
  13. Tested as follows: 1. Surf Protection enabled 2. Surf Protection disabled 3. All protections disabled. 4. Power Plan set to Maximum (for laptops) Same results as originally reported. The test systems have high-end hardware specs. So instead of taking only about 1 to 2 seconds to connect and load a webpage when launching Edge, it is taking 5 to 10 seconds. That's 2.5 X to 5 X longer for a browser load with EIS installed versus without it installed. It takes less than 10 seconds for me to boot into Windows on some of these systems. Hopefully you will get feedback from additional users.
  14. EIS 2017.6.0.7681 Windows 10 Pro Version 1703 OS Build 15063.483 64-bit Microsoft Edge 40.15063.0.0 With either EAM or EIS installed, I notice a distinct slowdown in the connection of Edge to IP addresses. This happens every single time I launch Edge or click on a link within a webpage. I have tested multiple high-end machines (i7 7700K, 64 GB RAM, 15+ Mbps networking speed) as well as different networks with speeds in excess of 80 Mbps. Edge connection to URLs\IPs is notably faster after EAM or EIS is uninstalled.