Raynor

Member
  • Content Count

    96
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Raynor


  1. Do you connect and disconnect hard drives to your computer frequently, or perhaps use some sort of virtual hard drives?

     

    I have also just been shown another prompt saying that "my licencse would expire in 30 days".

    I thus had to enter my license details again. This is the second time that this happened to me in the last few days.

     

    Incidentally, I have indeed been changing my backups HDDs quite a bit during the last few days as

    I am in the process of restructuring my backup HDDs (formatting new ones, erasing old ones).

    They get connected via SATA, so they might be seen as "normal" HDDs (HDD config details see below).

     

    But I have always used several extra HDDs for backups and have never been shown such a prompt in the last year.

     

    Something is fishy here :unsure::wacko: .

     

    Has Emsisoft's "sensitivity" towards HDD changes been increased in one of the recent updates ?

    Could this be the reason for receiving those erroneous messages that the license would expire in 30 days ?

     

    My HDD configuration:

     

    SATA Port (1): Intel SSD ("system disk"), never changes

    SATA Port (2): Western Digital HDD ("data disk"),  never changes

    SATA Port (3): Western Digital HDD (another "data disk"), never changes

    SATA Port (4): Backup drives, only those disks have frequently changed in the last few days.

     

    --> Various HDDs have been connected and disconnected to the fourth SATA port as I am in the process of

    getting rid of old backup HDDs (erasing them) and formatting new ones for future use...

     

    It seems to me that the algorithm used to calculate the machine ID seems to be too strict AND dumb

    as I have not changed my first three HDDs (System & Data), only the fourth connected HDD has been changed several times,

    which seems to be repeatedly causing the program to revert to a "30 days" license :blush::angry:

     

     

    Thanks,

    Raynor

     

    (PS: please let me know If you need my email address to take a look at my licenses (if this helps with your investigations),

    I use different email addresses in the forum and in the license center.)


  2. First of all, thank you for you reply.

     

    In the case of Firefox, the firewall wouldn't be able to help, since Firefox needs to be able to get out to the Internet to load webpages, and any exploit it would attempt to load and run it would do so as if it were a normal webpage (it's all loaded over HTTP/HTTPS).

     

    Yes, I'm aware of that - I'm only talking about setting the Behaviour Blocker to "Custom".

     

     

    As for the exploit itself, EIS isn't going to detect it, beyond perhaps the File Guard detecting a malicious HTML/JavaScript/etc. being saved in a browser/Flash/Java cache somewhere. What EIS will do is block whatever the exploit saves on your computer and executes, thus stopping the infection. The point of an exploit is to get a malicious executable (usually called a "dropper") to run on your computer, and then this "dropper" will install the infection, so we focus on stopping the dropper since it's what's actually dangerous.

    Setting Firefox to be monitored won't change any of this, and could potentially lead to strange problems with Firefox.

     

     

    What I've been thinking is that "Is it not theoretically possible to cause a legitimate process/app, e.g. Firefox, to misbehave by exploiting well, an exploit.

    In other words, is it not (at least theoretically) feasible that an exploit could be used to make a normal program misbehave by making it execute arbitrary code.,

     

    But thinking about it further ... yes, after all, for an infection to happen, at some point some executable needs to be dropped somewhere ...

     

    But couldn't perhaps Firefox itself be "abused" to act as the dropper. This would then be tolerated without any alerts being shown, wouldn't it (because Firefox is trusted and set to "Allow all" in the

    Behaviour blocker")?

     

    I'm talking about protecting against that specific vector.

     

    ... I'm still a bit confused :unsure::wacko: ... but maybe I'm overthinking the whole issue. :D


  3. Now here's a thing which I've been wondering about for quite some time now :wacko::

     

    Usually, the behaviour blocker automatically creates "All allowed" application rules

    when encountering digitally signed and thus trusted apps.

     

    I've been wondering if it might be safer to manually set the behaviour blocker to "custom montoring",

    at least for internet-facing, potentially exploitable apps.

     

     

    My reasoning:

     

    Let's say there is a critical vulnerability in a trusted program (e.g. Firefox) that can lead to

    arbitrary code execution / injection. If this vulnerability were executed, the program would

    be able to do some nasty stuff to the system.

     

    Wouldn't this unexpected and malicious behavior then be automatically tolerated by the behaviour blocker
    because the program itself is trusted and thus has been set to "All Allowed" ?

     

     

    Thanks for any insights,

    Raynor
     


  4. When Beta Updates are turned on, stable updates will still be installed if they are newer than the latest beta version. Once the fix is included in a stable version you can simply disable Beta Updates if you don't want to continue to receive them, and no further action should be required.

     

    Thank you for clarifying that.

     

    This could be your Internet Service Provider's IP address. You may want to check this list and see if you can find some information about the specific IP address you saw.

     

    Thanks for your reply. After doing a bit of more research, I have come to the conclusion hat this is indeed an auto-assigned link-local IP address

    (for those interested: https://en.wikipedia.org/wiki/Link-local_address).It is not assigned at every Windows startup (i.e. it often is not

    listed in the firewall's private network IP settings), so I figure that it only gets assigned whenever something goes wrong with the DHCP :P


  5. If using the beta, will it require uninstall, when, it out of beta, or will the update correct from beta to non beta?

     

    I have the same question :)

    Right now, I have the beta installed, and everything seems to be running very smoothly. Good job Emsisoft developers!

     

    On a side note: while browsing through all the firewall submenus to ensure that everything looks and behaves as it should

    I noted that a 169.245.X.X IP address gets added to my private network (in addition to the expected 192.168.X.X address).

    Is this safe ? A quick google search seems to indicate that this is a "link local" IP-adress that can somehow be assigned

    during (or before) the DHCP autoconfiguration process.

     

    So is my assumption correct that this is no bug or reason for concern and that this IP is indeed a "harmless" part of my local network ?

     

    Thanks in advance!

    post-37542-0-59401000-1438987169_thumb.png
    Download Image