Da Phu

6 hours ago, GT500 said:

This is why it's blocked:
https://www.virustotal.com/#/url/b8e2072a6304564aefd426a49f6726c7d940774cdae84a5dc6ab10e2e49284b9/detection

Was still there last night when I checked.

How come VT doesn't list Emsisoft blacklisted? 

1 hour ago, Thomas Ott said:

Dear Da Phu,

Thank you for contacting us.

Please, could you send me your old Emsisoft license key via a private message (PM) here in the forum?

 

Sent PM. 

☹️

I have an expire Emsisoft Internet Security license key, and I wish to renew it with a promotional deal going right now, but I can't renew because my expired Emsisoft Internet Security license key is not working with Emsisoft Anti-Malware. 

On 11/13/2018 at 7:13 PM, xeon said:

Running good. 👌

Replying late, because this web site now requires all ad blockers to be turned off. 🤬

Not really. UBlock Origin running fine on this site. 

22 hours ago, Raynor said:

Fair enough, but what's with fresh installations of v1803/v1809 ?

According to MS, the memory integrity feature is always switched on
on qualifying modern PCs (with virtualization support, UEFI and stuff)
when Windows is installed from scratch.

Wouldn't then "average" users be greeted by a big fat blue screen when they try to install EAM ?
Or am I missing something here / am I getting something wrong ?

https://www.auslogics.com/en/articles/core-isolation-and-memory-integrity/

Quote

Why is Memory Integrity Disabled by Default?

You shouldn’t encounter with the main Core Isolation feature. As long as the Windows 10 PC has the features needed to support it, it will be automatically enabled. Moreover, there is no interface for disabling it.

On the other hand, Memory Integrity protection can cause problems with other low-level Windows applications and some device drivers. This is also the reason why the feature is disabled by default on upgrades. Microsoft has been pushing device manufacturers and developers to make their software and drivers compatible. By default, the feature is enabled on new installations of Windows 10 and new PCs.

If one of the drivers essential in booting your computer is incompatible with Memory Protection, your system will disable the feature. This is why even after enabling it, you find it disabled when you reboot your PC.

Sometimes, when you enable Memory Protection, you might encounter malfunctioning software or problems with other devices. It is recommended that you check for updates with the specific driver or application. You should turn off Memory Protection if you discover that there are no updates available.

As previously mentioned, Memory Integrity might also be incompatible with certain applications that need exclusive access to the virtualization hardware of the system. It is also worth mentioning that tools like debuggers may need exclusive access to this hardware. Moreover, they won’t work when Memory Integrity is enabled.

On ‎7‎/‎30‎/‎2018 at 12:37 PM, GT500 said:

Scanning archives isn't used in a Malware Scan, so if it happens when running a Malware Scan then let me know what file is being scanned when it happens (or take a screenshot of EAM so that I can see what it's scanning).

Tested 2 days straight, and it seems like Windows Defender is no longer detect anything related to Emsisoft as a threat. In addition, Microsoft replied to my reported ticket that they already fixed this false positive detection.

On 7/27/2018 at 3:06 AM, GT500 said:

Do you know what file is being scanned when these TEMP files are detected?

I don't remember, but Windows Defender detect some temp files in the temp folder with a whole bunch of number as a threat. The file detected change each time I update the signatures. 

4 hours ago, GT500 said:

It was probably the contents of an archive (ZIP, RAR, 7z, etc) that was extracted to the TEMP folder for scanning. The BitDefender scan engine does that if the option to scan inside archives is selected.

Update: 7/26 1:11 AM EST 

I have that option enable on Custom Scan. Malware Scan also triggered it as well. 

Windows Defender latest signatures detect one of the Emsisoft's temp files in temp folder located Appdata Local as a Trojan during malware scan. The detection name is Trojan: Win32/Zpevdo.A. 

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Zpevdo.A&ThreatID=-2147240153

18 hours ago, JeremyNicoll said:

But   "Appdata > Local > temp"   is where all the temporary files created by many applications, and by the OS itself on your behalf, will be put.

And a file/folder inside that named "Tempxxxxxx"  could have been created by any application or by the OS.  

Is what you're saying just that you've got some files in %temp% which Windows Defender says are infected, but EEK did not think were infected?    If so, that could mean that WD was wrong - maybe the files are ok.  If you still have them you could upload them to VirusTotal, one at a time, to see what it thinks about them.  If it thinks they are ok then there's no issue.  If it thinks they are infected then for each of those it would be useful if you tell us the URL of the VT report that says that for each file.

 The VirusTotal site is at: https://www.virustotal.com/en-gb/

Their service is public so if the files concerned contain confidential data of yours, you might not want to upload them there.

It was created by EEK. The temp folder appeared when I opened EEk, and disappear when I closed EEK. I wish I can restore the files that Windows Defender detected, but for some reasons Windows Defender automatically removed the files instead of quarantined it. 

4 hours ago, GT500 said:

Do you have a copy of the scan report with the full path? They're usually saved in the following folder:

• C:\EEK\Reports

I ran a malware scan in EEK and this is where Windows Defender detected some files in EEK temp folder in Appdata > Local as a threat. Windows Defender automatically removed the threat instead of quarantine the threat. I just did a malware scan today with EEK latest signatures, and it seems like Windows Defender no longer detect EEK files in EEK temp folder as a threat anymore.  

7 hours ago, JeremyNicoll said:

Why do you describe that folder as the "EEK temporary folder"?     Its name suggests it's the normal system temporary folder... and if there's an iffy file in there surely you'd want to know about it?

It is in the Appdata > Local > temp > Tempxxxxxx folder. This is where Windows Defender removed the threat and it didn't quarantined it during Emsisoft scan.  There is some files in Emsisoft temp folder in Appdata Local that Windows Defender detect when doing a scan. 

It detect some temp file in Appdata > Local > tempxxxxxxx folder as a threat during scanning. 

Threat detection name is Trojan:Win32/Zpevdo.A 

Too much scrolling. I love the old one. 

1 hour ago, Carl1223_Delta said:

Was this just a rename or was some new functionality added?

If it is still intended to be used for when gaming, I think the new name is not intuitive.

.

• Renamed Game Mode to Silent Mode.

Oh okay. Glad to hear Emsisoft Anti-Malware can scan and detect malicious Chrome extensions.

Bring back the previous settings! There's no need to replace the working fine settings with this new one. If it ain't broke, don't fix it.  

Do Emsisoft Anti Malware scan, detect, and block malicious extension from Chrome Store and 3rd party site? 
 

On 6/27/2018 at 7:24 PM, GT500 said:

It definitely seems to be easy to reproduce, so we won't have any trouble there.

Okay. Tell me when you guys fix this issue. 

On 6/20/2018 at 7:01 PM, GT500 said:

They didn't specifically say, however I got the impression that it will be a difficult issue to fix, and it might take a while for them to do so.

Oh okay. Any updates regarding to this issue? 

On 6/18/2018 at 10:17 PM, GT500 said:

I've been told that for now the recommended way to work around the issue is to exclude HWinfo64. It's easy to reproduce, so if we need any debug information we should be able to generate it internally.

Are they still working on fixing the issue with HWInfo64? 

On 6/15/2018 at 6:42 PM, GT500 said:

It's probably just not responding well to our hooking method (some programs have issue with other applications injecting code into them).

I just tested again, and the delay is only 2 seconds for me when minimizing or closing HWinfo without exclusions. Possibly because there's nothing else on the test system (just drivers and a few web browsers).

 

I recommend doing that for now. If it's the same issue that MPC-HC has, then it won't be easy to fix, however I will let QA know so that they can look into it.

Okay. Any update from the QA team? 

On 6/13/2018 at 8:15 PM, GT500 said:

It is slower to minimize when not excluded from EAM, however in my test setup the difference in time it takes to minimize is only a second or two. I don't think I noticed it being slow to close, but it's possible the difference between excluded and not excluded wasn't enough for me to notice it.

Do you launch it in "Sensors only" mode, or have you changed any of the default settings for HWinfo? Did you install it, or use the portable version?

Hey, I am back. Do I have to add HWInfo64 into exclusion permanently? 

The lag is real. 

I a problem with HWInfo64 V5.84-3450. The problem is Emsisoft Behavior Blocker have some issue with HWInfo64 that caused the software to lag when it is minimized and closed. Excluding HWInfo64 from monitoring fixed all the lag from minimizing and closing. 

Another similar thread created in 2016: 

29 minutes ago, GT500 said:

We removed the option and made it an "always on" feature.

All it did was set a2service to run as the System user and change the startup type of the service so that it would run on boot instead of after logon, which is now how EAM always operates.

12 hours ago, JeremyNicoll said:

I think that "Settings - General - Guard Settings - Start on Windows Startup"  covers that, as if it's on from as early in boot as possible, it's clearly on before anyone logs in.

Thank you very much for answering my question. As you can see, I am back to Emsisoft again. I ditch Bitdefender because Bitdefender support is nowhere as good as Emsisoft.