Offline Sword

  • Content Count

  • Joined

  • Last visited

Everything posted by Offline Sword

  1. Thank you for your help. I am extremely busy these days, such that I do not help enough time to discuss with Peter on this issue. I have decided to use EAM instead of EIS, but before that, I hope to do some more tests on EIS's FW such that I can provide more details to Peter. I hope these tests can be helpful for Emsi. I plan to do these tests in this weekend, if I am free at that time. I will PM you my license key after these tests are completed.
  2. The application "APP_1.exe" is located in "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\", and is running in "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\". OK, just now (the time when I type the first version of this reply), the alert is generated again for the application (the one for which I have revised the file path of the corresponding rule) running in the sandbox... But this time, EIS itself crashes!!!!!! As you can see in the screenshot in the attachment, the alert window occupies the center of my screen I cannot click any button on it, cannot move it (it is always in front of any other window!), cannot close it, cannot disable EIS through the menu of the tray icon !!! Then, I find that I cannot access the Internet! Finally, I have to restart my computer, and retype this post. Why!?!? I have been tired of the boring firewall of EIS. Could you, or any other staffs, can help me to change me EIS license to an EAM license?
  3. My Operation System: Win 7 Pro x64 My Security Software: Emsisoft Internet Security & Sandboxie (Free version) 4.18 For convenience, sandboxie will be called SBIE for short in the following. Consider the case that we INSTALL an application (called "APP_1.exe", for example) in SBIE. Please note that this application is located in the "sandbox" folder, not just launched in SBIE. Note also that, SBIE can support multiple sandboxes. Here we call the sandbox in which "APP_1.exe" is "TestBox". In particular, "APP_1.exe" is assumed to be located in "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\". We call this path as the "actual" path. According to the mechanism of SBIE, when we launch "APP_1.exe" in SBIE, this application will "feel" that it is located in "C:\Program Files\APP\". This path will be called the "virtual" path. Consider the case that "APP_1.exe" tries to receive incoming data from a remote host. The user allows this behavior. Then an application rule will be created automatically according to the user's choice. The problem is that: The file path in the automatically created rule is the virtual path, not the actual path! At first, I thought that a rule based on the virtual path will still work properly. However, I found that, after such a rule is created, firewall alert will still be generated each time when APP_1.exe hopes to receive incoming data. By contrast, when I manually revise the file path in the application rule to the "actual path", no alert will be generated again. This implies that an application rule based on the virtual path cannot work properly. This problem is incurred by the firewall, but I am afraid that the behavior blocker may also have such problem. I think that this is not just an "incompatibility" issue. Such a problem may be utilized by malicious applications to pass the behavior blocker or the firewall. So, please pay attention to this problem.
  4. So complicated... I will do this and post the log when this problem happens again. Thank you.
  5. Please see #2. Do you click the logo or the overview tab to go to the main window immediately after clearing the quarantine?
  6. I am afraid that you all misunderstand what I refer to. See that screenshot in the attachment. You may refer to the counter in the yellow circle (XXX malware objects detected so far), which is corresponding to the log. BUT, what I mean is the counter in the RED circle (XXX malicious items in the quarantine), which is corresponding to the quarantine.
  7. As mentioned in #6, this bug occurs with a small probability. I installed EIS in May 29th. Starting up the computer one or two times in each day. This problem occurs only 3 times until now.
  8. I agree that this problem is difficult to reproduce. The only two security softwares installed on my computer are EIS and Sandboxie (Free version 4.18). Moreover, sandboxie will not be launched automiatically in the start-up period of windows.
  9. Please note that, closing and reopening the window can also refresh the number of malicious items. This problem only happens when you directly go from the quarantine interface to the main interface by clicking the logo in the left-up corner or clicking the "overview" tab.
  10. Suppose that there are 20 malware samples in the quarantine of EIS. Now we enter the quarantine interface, and delete all the samples in the quarantine. Certainly, there is zero samples in the quarantine. But when I exists the quarantine interface, the number of malicious items in the quarantine is still shown to be 20 in the main window. At first I thought that it was just a GUI issue, since entering the quarantine interface again can refresh this number. I mean, at that time, I thought that the quarantine counter has actually been refreshed when I cleared the quarantine, but the GUI did not display the right value of the counter. But just now I find that it is not just a display issue. To see this, suppose that we still remove all the 20 samples in the quarantine. Now, we decompress a malware pack that contains another 10 samples (assume that all of them can be detected by EIS). Then the number of malicious items will shown to be 30! It means that the quarantine counter directly uses the wrong value (20) in the accumulation. So I guess, the quarantine counter itself has some bugs.
  11. Sorry, I forget to mention that, when the clock does not appear, the "gadget" item in the context menu has no response, either.
  12. Please let me know when this problem is solved. Because this bug occurs with a very small probability, (it has only occurred 3 times until now), I cannot confirm whether this bug is fixed by myself.
  13. Thank you for your suggestion. But I get used to it.
  14. I mean the default clock gadget. Attached please find a screenshot of it.
  15. I am using a clock gadget provided by windows 7 Pro (x64). I find that, after I install EIS (10), sometimes (not always) the clock gadget does not appear when I start up the computer. I cannot find anything related to this issue in the log of EIS. I have ever used this clock gadget with Mcafee Internet Security, Avira Pro and Bitdefender Internet Security, but none of them causes such a problem. So I guess this is a bug of EIS.
  16. I find the context menu item has been repaired when I woke up in the morning
  17. I have sent you my email address through "Private Message". Yes, when I turned off the "Explorer integration", the corresponding entry actually disappeared. Then, when I turned it on, it appeared again, but was still "Scanning with Emsisoft Anti-malware"...
  18. Here is the screen shot of the information of the setup file. Its version number is also, just like yours.
  19. Sorry but I have not received any response letter from Emsisoft's Support. In fact, until now, I have sent 3 mails to the support, two on the language option bug, one on the two bugs mentioned above. But I could not find the response letter, even after checking the "spam" folder carefully...... Attached please find a screenshot of the information of EIS that I installed. The product version is Please note that the product name shows to be "Emsisoft Anti-malware", not "Emsisoft Internet Security". I think it is very strange. I also put a screenshot of the main window of EIS in the attachment. You can find that the firewall is active. This can prove that what I am using is actually EIS. I have tried to turn off "Explorer integration", and then to turn it on. But this bug still exists.
  20. 1. Exclusion. When I add a file to the white list, it still appears in the behavior blocker panel as a "not fully trusted application". 2. Context menu. The scanning option in the context menu is "Scanning with Emsisoft Anti-malware". Since what I installed is not EAM but EIS, here should be revised. I have submitted these two bugs via Email, but get no response after more than 24 hours. So I post them here. By the way, I find that the activation key is displayed in plaintext in the license panel. Maybe it is not a bug. But I think that such a design may not be safe. Please consider to encrypt it. Best regards.