iWarren

Member
  • Content Count

    138
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by iWarren

  1. Yeah thats what I eventually ended up doing, was set the "Ask to block", to "Block" automatically. it is a specific program though, its a game server, and when it goes to refresh the server listings, it gets flooded with port requests until it eventually has too many and blocks 0-65535 on its own. which because 0-65535 is over-riding everything, it then blocks that 1 port i wanted to use. so i have to delete that entry to get it to work again. also firefox has issues with it as well, trying to connect to a random local port on startup. right now its inconvenient, but i still think should be moved up on the priority list.
  2. Hello, I've posted this issue a few times already (Since August), and I hate to keep bugging you about it, but I really need this feature to work. putting a port block of 0-65535 underneath your allowed port, blocks the allowed port. it was working before August, then it stopped. Without this feature, certain applications will bombard you with port allowance requests. (because i have it set up to "ask" to allow a port) Thanks
  3. EIS v11.0.0.5847 Windows 7 Home 64-bit Firefox v41.0.2 (Safe-mode) I captured this in Firefox w/ safe-mode enabled (no plugins loaded), this capture is from the moment it was started to the moment firefox prompts to enter safe-mode, which brings the window open immediately. I believe the point of interest is possibly However judging by the time-stamp I'm not certain if that can account for all of the delay, unless perhaps some sort of multi-threaded delay? FirefoxDelay.txt
  4. First I'd like to clear up, in my initial post i was on a 32-bit OS, i then switched over to a 64-bit OS. I was under the idea that 64-bit keys were stored in the wow6432node key and 32-bit keys in the Software hierarchy, which I now see is backwards. I am however sticking to my original premise, backwards compatability makes a mess of things
  5. Almost all of those links listed link all of your "bad urls" to localhost, which would put your computer at risk for malware. If i understand it correctly, if used as-is, you're not blocking those urls, you're allowing them. i've only seen host lists like that from people who have had some major malware issues.
  6. in that HostsMan link there is a hosts file that refers here: http://hostsfile.org/Downloads/hosts.txt perhaps i'm completely reading it wrong, but it appears that it has linked all of those websites to localhost. it says its supposed to be used as a filter, but if thats the case why does it initially link 127.0.0.1 with localhost? can you fill me in on that one?
  7. yeah i'd definitely be careful about asking people to post their emsisoft logs, as the users license key is listed inside.
  8. yeah that works now. I forgot that even though it might be a 64-bit application that it still relies on 32-bit architecture. backwards compatability makes a real mess of things.
  9. I can also confirm Chrome does not have the delay like Firefox
  10. I tried resetting all firewall settings and it still wouldn't log. I uninstalled emsisoft v11 and then installed v10 again, updated to v11. then ran the debug_output batch file. there does appear to be a couple of log files, but I'm thinking they may be left behind by the firewall driver install, as they're not being appended to. any ideas?
  11. Windows 7 Home - 64-bit I'm having a bit of issues with the logging process. I enabled it in command prompt, admin access. I did this before I updated to v11, as i wanted to capture the 'transition process' as well. I confirmed that it was logging and then I was prompted to Restart to finish v11 installation. So i moved those log files to another location, and proceeded to restart. After returning from the restart, Programdata\Emsisoft\Logs had no log files, and now it refuses to provide any more logs. I verified in the registry that the logging option is set, and disabled/enabled it again. So I am curious if perhaps this logging option hasn't been disabled in v11? Also, before sharing any logs, is there any pieces of data shared within the log files that could be a security issue by sharing? ie certain hashes?
  12. I've only used the 'Surf Protection' a few times and i've used EIS for a few years. I use, Adblock Plus to block ads. RequestPolicy to block cross-site requests. "Cross-site requests are requests that your browser is told to make by a website you are visiting to a completely different website. Though usually legitimate requests, they often result in advertising companies and other websites knowing your browsing habits" and NoScript to block Javascript from running on pages by default. With the exception of Adblock running seemlessly behind the scenes, Generally you have to pick and choose what you want to allow, and I think a lot of people just can't be bothered to click a few extra buttons and discern between what looks suspicious. I think EIS's strength, is that although something has the potential to get past the browser, its generally good at preventing the malicious software from going any further, and if it does go further, will alert you to some unordinary activity. The first and fore-most defense against malicious websites/software will always be common sense. Personally I prefer not to visit any foreign country domains, as much as i'd like to trust all of our international neighbors. Another thing is to avoid using Flash if at all possible, as it has more security holes than a block of swiss cheese. I havn't had Flash installed in years, and i can get on without it quite easily with the advent of HTML5. I was going to say I don't think its EIS's job to really police your browser, but it is a part of "internet security" on the other hand, you have so many browsers out there: Firefox, Safari, Opera, IE, Chrome, Thunderbird etc. it would be hard for emsisoft to babysit each and every one of them, as they all handle things a little differently. bottom line is... you're going to have to police your own browser. who would have thought you needed so much security just to display some text/pictures/videos on the screen?
  13. (Using v11) I am running the latest Firefox v41.0.2 in safemode (disables all addons) and it still hangs for 22 seconds before opening the window. the firefox program is running, but after loading about 8 typical threads it pauses. it seems about the right time that it would probably be loading an emsi driver. i suspected it was the 'surf protection' but it still doesn't work with 'surf protection' disabled. i turned off the firewall, and firefox instantly comes up. so its something to do with the firewall module. i think we can safely rule out firefox as an issue as it works fine with v10
  14. yeah i'm up for it. I actually already tried to collect some debug info regarding the firefox delay. using sysinternals DebugView, i tried to capture the win32/kernel calls upon firefox startup, but it didn't seem to display anything relevant or useful. I expected to see possibly some duplicate calls to something, but i didnt see many calls at all. makes me think maybe DebugView isnt the right program for windows pipe viewing. on the bright side, i did see some websites that firefox was accessing on startup, so if anyone is curious about what websites firefox is connecting to (ie for addons and such), or even other programs, then i recommend using DebugView for this.
  15. yes, v11.0.0.5847 (beta) with fresh install windows 7 32-bit i was thinking i should have sent this to [email protected] but I wasn't sure who would receive it. I've switched back to v10 now for stability.
  16. * Always block this application (impossible to run) is not blocking applications, even after restart.
  17. Firewall Enabled Causes Delay in Application Startup -------------------------------------------------------------------- using v11, starting Firefox with Firewall Disabled, Firefox starts in 1 second. with firewall enabled... average startup time is 22 seconds, although creating new instances once its open causes no delay. For the record, this computer has a fresh 32-bit Windows 7 pro install, fully updated.
  18. Upgrade from EIS 10.0.0.5735 to EIS 11.0.0.5847 (Beta) I currently have for the 'Advanced Firewall Settings' to "Ask" to allow incoming/outgoing firewall rules. (all 4 options are set to Ask) Application Rules did not Update after Upgrade ----------------------------------------------------------- After the upgrade/restart i deleted the custom rules to allow ports 80/443 and yet it still allowed the connection even after restarting firefox and did not prompt me to allow it again either. So I went to Settings -> "Factory Defaults" this seemed to do the trick, and this time asked me to allow the port connections 80 / 443. Real-Time Firewall Blocking ------------------------------------ At first I allowed port 80 / 443, and then tried adding a BLOCK TCP/UDP 0-65535 (below to the first rule) i could still browse successfully (where before in v10, 0-65535 was over-riding everything) However then i removed the rules, then tried this time to "block" the connections, except it was still allowing the connection, even though 80 / 443 were blocked. It wasn't until I restarted firefox that the blocking rule took effect. so it appears real-time firewall blocking of the application is not quite working. Real-time Application Blocking (or Suggestion) ------------------------------------------------------------------- Another issue ,prevalent in v10 also, is when you block an application in Application Rules or Behaviour Blocker, it does not close the application once blocked, it just prevents it from running the next time. Where in v9 i remember it used to close the application immediately once blocked. Automatic Custom Montioring (Suggestion) ------------------------------------------------------------------- Even though I have automatic firewall settings set to "Ask" about trustworthy applications, the behaviour blocker still sets everything to "All Allowed", so each time I do say.. a Factory Reset or new install, I have to reset each application to "Custom Monitoring" if I want to be confronted with potential behavioural threats. The behavioural blocking is the pride and joy of EIS, so I think it should be an option in "Advanced Firewall Settings" to set "All Allowed" to "Custom Monitoring" by default. Which will warn you about code injection and such. Automatic Behavior Blocking Template(Suggestion) ----------------------------------------------------- Also think you should be able to create something like a Template that applies to all applications by default, for example.. "Block Backdoor Related Activity" "Block Spyware Related Activity" could be set by default, based on your template you created. More Detailed Information About Intrusions (Suggestion) ---------------------------------------------------------------------------------- I mentioned in the previous suggestion about behavioural blocking, and how it warns you about code injection and potential intrusions. These errors can come from system applications, for example... when changing personalize settings, a message appears saying Explorer.exe wants to change something, or when Firefox tries to run a program from the downloads menu, it will say something along the lines that Firefox is acting like a trojan or something to that nature. These are scenarios where it was likely a false detection, but was warning of a potential problem, which is great! However, there are also scenarios where Explorer.exe or Firefox.exe may be doing something it shouldn't, and yet the options are to Allow something potentially bad, or Block, which closes the application, not really knowing what you just blocked. So what i'd really love to see.... is the offending command, i believe v9 had it right... when it popped up the behaviour, it gave you much more verbose input, like Explorer.exe -> Shell32.dll -> hotdog.dll -> somethingweird.exe then i could tell the difference between, a simple desktop entry being modified, or of an actual threat that needs to be dealt with. So would really really love to see an option in "Advanced rule settings" for [ X ] verbose behaviour messages Application Rules & Behavior Rules Merging (Suggestion) ---------------------------------------------------------------------- I think v9 also had it right in this case.... all of the application rules were all in one neat tidy window, maybe i'm a little daft, but i don't quite understand why these two are seperated, and why some applications will show up in Behavior Blocker and not in Application Rules, and if i want one in the other, i have to create the rule myself. Then tediously set everything to Custom Monitored, to get it to monitor its behavior. Theming (Suggestion) ---------------------------- I know i've said this before, but i'll say it again... i'd love to have an option to theme/skin the EIS application, maybe to something with more neutral colors. Insights ---------- If everything gets automatically allowed, then its only passively protecting the system for the sake of letting Windows run smoothly, The goal here is easy to use security, i think its important not to let security take a back seat for the sake of making it easy to use. In the Blog you make mention that everything should be kind of behind the scenes without much intervention and fiddling around with settings, however I think a lot of people don't really mind the extra popups as long as they know their system is actually being protected. Special Thanks -------------------- I'd like to thank the emsisoft team for their dedication and hard work on this amazing application. I hope everything i've said has not been discouraging but has inspired you to keep working to make this program even better. Keep up the good work, and please tell Santa about everything on my wish list.
  19. any word on when the next update will be to fix the blocking issue of 0-65535?
  20. hey that's great you were able to reproduce the issue, After the install, i searched again for 'EfwTdiFlt' and could not locate the service or the file itself. checked the "emsisoft internet security" folder as well as windows/drivers and Registry. are you positive that is a necessary file? at any rate, you identified the firewall issue, so that's something.
  21. i did as you asked, uninstalled, restarted twice, installed from provided link. If you could tell me what driver i should be looking for, maybe i can see if its present now. I am noticing though, I can no longer block ports 0-65535 without it overriding the rule above and blocking everything. for example allowing ports 80, 443 on firefox and then blocking ports 0-65535 below that rule... is also blocking 80, 443. is this something new from the update? or is there still a problem somewhere?
  22. thanks for taking the time to identify the issue, could you tell me which firewall driver is missing, also.. do you have an idea how this could have happened? it only happened after i updated.
  23. After updating to 10.0.0.5641 i have had lots of firewall issues To start out, all of my previously applied application firewall rules did not work. I had to delete my application entries manually and re-apply firewall settings. Eventually I just reset everything to factory defaults. Then i set the firewall settings to prompt me to allow firewall settings. When it would prompt me to allow a port, sometimes i'd go to create a "custom rule" (bottom button) and when I tried to apply it, the prompt window would not close and caused an application hang. I've had to restart dozens of times because of these application hangs. After that, a2start.exe failed to accept any more custom rule changes, and would require a restart to work again. another problem... i would allow a port, and then block 0-65535 underneath it. for some reason, this somehow blocked the port i was allowing, and would only work if i removed the 0-65535 (which leads me to believe it might not be completely blocking everything now) keep in mind, i had absolutely no issues with any of these settings prior to these updates. am i the only one having these sort of problems? I find it frustrating because, i'm spending a great deal of time troubleshooting and reapplying my rules due to these past 2 months of updates.
  24. Here is my current setup, EIS v. 10.0.0.5561 Windows Services (TCP) - Block - IN/OUT - TCP - 9,13,17,19,113,135-139,389,445,1002,1024-1030,1720,1723,2869,1433-1434 Public Networks Windows Services (UDP) - Block - IN/OUT - UDP - 9,13,17,19,123,137-138,389,445,500,520,1701,4500 Public Networks Traffic handled by application rules (TCP/UDP) - According to app rule - IN/OUT - TCP/UDP 0-65535 (ie blank entry) All Networks then I have an added rule: "Rule 3389" - Block - IN/OUT - TCP - 3389 All Networks When I need to use port 3389, i move the port below "Traffic handled by app" When I don't need to use port 3389, i move the port above "Traffic handled by app" The issue is, if I set it as "All Networks", it keeps blocking the "Traffic handled by app" regardless whether its above or below. However if I change it to "Public Networks", it blocks the way it should. I say its an intermittent issue, because yesterday I had this issue, and while trying to troubleshoot it, it seemed to start working properly, and i couldn't duplicate the results. I tried it again today, and the issue was present again. Could you verify these results?