Offline Sword

Member
  • Content Count

    76
  • Joined

  • Last visited

Posts posted by Offline Sword


  1. Yes, we can do that.

    Peter let me know that he has still been helping you out via Private Message. If you want to wait and see if he can help you with this, then please feel free to do so, otherwise you can send me a Private Message with your license key and I can handle the conversion.

     

    Thank you for your help.

    I am extremely busy these days, such that I do not help enough time to discuss with Peter on this issue.

    I have decided to use EAM instead of EIS, but before that, I hope to do some more tests on EIS's FW such that I can provide more details to Peter. I hope these tests can be helpful for Emsi.

    I plan to do these tests in this weekend, if I am free at that time.

    I will PM you my license key after these tests are completed.smile.png


  2. Is the application running out of "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\" or "C:\Program Files\APP\"? Or, perhaps more specifically, does something such as Process Explorer show the path the executable is running out of as "C:\Program Files\APP\"? If the running process appears to be running out of "C:\Program Files\APP\" then the rule should be created for "C:\Program Files\APP\", however the rule being automatically created for "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\" may be due to the way Sandboxie is redirecting filesystem access.

     

    The application "APP_1.exe" is located in "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\", and is running in "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\".
     
    OK, just now (the time when I type the first version of this reply), the alert is generated again for the application (the one for which I have revised the file path of the corresponding rule) running in the sandbox...
    But this time, EIS itself crashes!!!!!!
     
    As you can see in the screenshot in the attachment, the alert window occupies the center of my screen
    I cannot click any button on it, cannot move it (it is always in front of any other window!), cannot close it, cannot disable EIS through the menu of the tray icon !!!
    Then, I find that I cannot access the Internet!
    Finally, I have to restart my computer, and retype this post.
     
    Why!?!?
     
    I have been tired of the boring firewall of EIS.
    Could you, or any other staffs, can help me to change me EIS license to an EAM license?

    post-34940-0-17557700-1434270064_thumb.png
    Download Image


  3. My Operation System: Win 7 Pro x64

    My Security Software: Emsisoft Internet Security 10.0.0.5409 & Sandboxie (Free version) 4.18

     

    For convenience, sandboxie will be called SBIE for short in the following.

     

    Consider the case that we INSTALL an application (called "APP_1.exe", for example) in SBIE.

    Please note that this application is located in the "sandbox" folder, not just launched in SBIE.

    Note also that, SBIE can support multiple sandboxes. Here we call the sandbox in which "APP_1.exe" is "TestBox".

    In particular, "APP_1.exe" is assumed to be located in "D:\Sandbox\User\TestBox\drive\C\Program Files\APP\". We call this path as the "actual" path.

     

    According to the mechanism of SBIE, when we launch "APP_1.exe" in SBIE, this application will "feel" that it is located in "C:\Program Files\APP\". This path will be called the "virtual" path.

     

    Consider the case that "APP_1.exe" tries to receive incoming data from a remote host. The user allows this behavior. Then an application rule will be created automatically according to the user's choice.

    The problem is that:

    The file path in the automatically created rule is the virtual path, not the actual path!

     

    At first, I thought that a rule based on the virtual path will still work properly.

    However, I found that, after such a rule is created, firewall alert will still be generated each time when APP_1.exe hopes to receive incoming data.

    By contrast, when I manually revise the file path in the application rule to the "actual path", no alert will be generated again.

    This implies that an application rule based on the virtual path cannot work properly.

     

    This problem is incurred by the firewall, but I am afraid that the behavior blocker may also have such problem.

     

    I think that this is not just an "incompatibility" issue.

    Such a problem may be utilized by malicious applications to pass the behavior blocker or the firewall.

    So, please pay attention to this problem.


  4. We can go ahead and try getting debug logs. In order to do this, you will first need to run a batch file to enable debug logging. This batch file is contained in the ZIP archive at the this link (this ZIP archive also contains a batch file to disable debug logging).

    Please save that ZIP archive on your desktop, extract its contents, and then follow these instructions:

    • Run the enable_debug_output batch file (if your computer has Windows Vista, Windows 7, or Windows 8 then please right-click on the batch file and select Run as administrator).
    • You will see a black window pop up, and then disappear very quickly. After that happens, please restart your computer.
    • Wait until you are able to reproduce the issue with your clock gadget.
    • Once you have reproduced the issue, hold down the Windows key on the keyboard (the one with the Windows logo on it, usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
    • Type the following into the Run dialog, and then click OK:

      %ALLUSERSPROFILE%\Emsisoft
    • A window should open and you should see a Logs folder. Right-click on that Logs folder, go to Send to, and select Compressed (zipped) folder.
    • Move the new ZIP archive you created with the logs folder in it to your desktop.
    • Attach the ZIP archive containing the logs to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
    Note: If you get an error message when trying to send the Logs folder to a Compressed (zipped) folder then you may need to try a utility such as 7-Zip or WinRar to compress the folder. Both 7-Zip and WinRar have options to create an archive and save it in another location (such as on your desktop), which should prevent the error message. Here are links to the download pages for 7-Zip and WinRar.

    After posting the debug logs, you can run the disable_debug_output batch file (be sure to run it as administrator as well) and restart your computer again to disable debug logging.

     

     

    So complicated...

    I will do this and post the log when this problem happens again.

    Thank you.smile.png


  5. This also happens with other areas of the logs, I shall mention it in the beta area in case it needs attention.

     

     Only way to totally clear the logs is to go to 'Settings' press the 'Factory Defaults' button and then put a tick in 'Clear all logs and reset counters'. Then press okay.

     

     

    Hi,

     

    The 'xx malware objects detected sofar' counter acts as a 'historical grand total' counter.

    When you clear f.e. the Fileguard log, the 'xx malware objects detected sofar' counter is not recalculated.

     

    We've added this counter cause it could be interesting to know how many malware objects were detected after a year or so.

    Removing your logs has no effect on this counter, factory reset does.

     

    cheers

     

    I am afraid that you all misunderstand what I refer to.

    See that screenshot in the attachment.

    You may refer to the counter in the yellow circle (XXX malware objects detected so far), which is corresponding to the log.

    BUT, what I mean is the counter in the RED circle (XXX malicious items in the quarantine), which is corresponding to the quarantine.

    post-34940-0-24356400-1433862032_thumb.png
    Download Image


  6. How reproducible is the issue for you? We can get debug logs for it, but if it's a rare issue then those logs may end up being rather large and contain a lot of information.

     

    As mentioned in #6,  this bug occurs with a small probability.

    I installed EIS in May 29th. Starting up the computer one or two times in each day. This problem occurs only 3 times until now.


  7. I tried adding the clock gadget to the desktop in Windows 7 x64, and installing EIS, then restarting a number of times. I was never able to reproduce the issue.

    Do you have any other security software (anti-virus, anti-spyware, firewall, etc) installed?

     

    I agree that this problem is difficult to reproduce.

    The only two security softwares installed on my computer are EIS and Sandboxie (Free version 4.18). Moreover, sandboxie will not be launched automiatically in the start-up period of windows.


  8. Suppose that there are 20 malware samples in the quarantine of EIS.

    Now we enter the quarantine interface, and delete all the samples in the quarantine.

    Certainly, there is zero samples in the quarantine.

    But when I exists the quarantine interface, the number of malicious items in the quarantine is still shown to be 20 in the main window.

     

    At first I thought that it was just a GUI issue,  since entering the quarantine interface again can refresh this number.

    I mean, at that time, I thought that the quarantine counter has actually been refreshed when I cleared the quarantine, but the GUI did not display the right value of the counter.

     

    But just now I find that it is not just a display issue.

    To see this, suppose that we still remove all the 20 samples in the quarantine.

    Now, we decompress a malware pack that contains another 10 samples (assume that all of them can be detected by EIS).

    Then the number of malicious items will shown to be 30!

    It means that the quarantine counter directly uses the wrong value (20) in the accumulation.

    So I guess, the quarantine counter itself has some bugs.

     


  9. I assume this is the default clock gadget that looks like an old-fashioned circular clock with two hands? Or is it one that you downloaded from Microsoft's website?

     

    Please let me know when this problem is solved.

    Because this bug occurs with a very small probability, (it has only occurred 3 times until now), I cannot confirm whether this bug is fixed by myself.


  10. I am using a clock gadget provided by windows 7 Pro (x64).

    I find that, after I install EIS (10), sometimes (not always) the clock gadget does not appear when I start up the computer.

    I cannot find anything related to this issue in the log of EIS.

    I have ever used this clock gadget with Mcafee Internet Security, Avira Pro and Bitdefender Internet Security, but none of them causes such a problem.

    So I guess this is a bug of EIS.


  11. It's possible that Windows Explorer needed to reload before the change in name would happen.

    As for the e-mail issue, Microsoft was blocking messages from our helpdesk. Our system admin has gone through the steps to get it unblocked, but Microsoft moves our mail server from a list of blocked mail servers to a list of mail server marked for "conditional mitigation", which is a fancy way of saying that they may still refuse to deliver some e-mails from our mail server based most likely on some sort of automated analysis. This "conditional mitigation" is also sort of like a "probation", where if any of our messages are marked as spam by an Outlook.com user our mail server will most likely be blocked again.

    I guess what I'm saying is, if you use Outlook.com/Hotmail.com/Live.com for e-mail, then our forums may be a more reliable way to contact us. wink.png

     

    Thank you for your effort in solving this problem.smile.png


  12. Interesting. It looks like you sent your message to our support e-mail address from an Outlook.com mail address. Can you send me a Private Message on these forums to confirm that e-mail address, and I'll go ahead and contact our server admin to see if he can find any issues.

    There is a very good reason for this. Both products share the same files, with the major exception being the firewall drivers that get installed by the Emsisoft Internet Security installer. This is done to make product updates easier and faster, since our developers don't have to maintain the two programs separately.

    When you turned off the "Explorer integration", did the context menu entry disappear?

     

    I have sent you my email address through "Private Message".

     

    Yes, when I turned off the "Explorer integration", the corresponding entry actually disappeared.

    Then, when I turned it on, it appeared again, but was still "Scanning with Emsisoft Anti-malware"...


  13. I already answered this via e-mail, so I'll copy and paste my reply below:

    The reputation listed in the Behavior Blocker list is from our Anti-Malware Network, and not from rules/exclusions that you create yourself. Those rules do influence the reputation on our Anti-Malware Network, unless you've turned off "Submit application and host rules" in the Privacy settings.

    The context menu entry on my Windows 7 x64 system (a recent install of version 10.0.0.5366) says "Scan with Emsisoft Internet Security". May I ask what version you installed from? Have you tried turning off the "Explorer integration" in the settings to see if the context menu entry was removed, and then turning it back on to see if it had the correct product name?

    As for the license key being in plain text, that is done on purpose so that people can read their license key. You can restrict which user accounts have access to that information, however Administrator accounts will always have access to it since it isn't safe to restrict Administrator accounts from functions or features of the software.

     

     

    Sorry but I have not received any response letter from Emsisoft's Support.

    In fact, until now, I have sent 3 mails to the support, two on the language option bug, one on the two bugs mentioned above. But I could not find the response letter, even after checking the "spam" folder carefully......sad.png

     

    Attached please find a screenshot of the information of EIS that I installed.

    The product version is 10.0.0.5409.

    Please note that the product name shows to be "Emsisoft Anti-malware", not "Emsisoft Internet Security". I think it is very strange.

    I also put a screenshot of the main window of EIS in the attachment. You can find that the firewall is active. This can prove that what I am using is actually EIS.

     

    I have tried to turn off "Explorer integration", and then to turn it on. But this bug still exists.

    post-34940-0-29244400-1433250111_thumb.png
    Download Image

    post-34940-0-45628800-1433250418_thumb.png
    Download Image


  14. 1. Exclusion. When I add a file to the white list, it still appears in the behavior blocker panel as a "not fully trusted application".

    2. Context menu. The scanning option in the context menu is "Scanning with Emsisoft Anti-malware". Since what I installed is not EAM but EIS, here should be revised.

     

    I have submitted these two bugs via Email, but get no response after more than 24 hours. So I post them here.smile.png 

     

    By the way, I find that the activation key is displayed in plaintext in the license panel. Maybe it is not a bug. But I think that such a design may not be safe. Please consider to encrypt it.

     

    Best regards.