Jump to content

ParhaM

Member
  • Posts

    204
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by ParhaM

  1. Well Emsisoft used to be much more responsive in it's forum support.
  2. Hi, So my question is about this case ( Remove site from blacklist - False positives - Emsisoft Support Forums ) which @Elise is handling right now, but there were differenet cases like this i ran into in the past. the Q is why Emsisoft just not block the Website itself in the first place if it's hosting malicious content? like the site is not blocked itself hxxp://scmpbd.org/ but as Elise mentioned there are multiple malicious content that it's hosting them and she gave us an example hxxp://scmpbd.org/archive/MICR0S0FT-Adm1nSupportCent3r/ the site is obviously not safe and can marked as harmful ( which is not the case here since Emsisoft is not offering a search advisor for example like Bitdefender or Norton one ) but that's how they work right? if a site host some malicous content, site is blocked. not just the exact malicious content, so in that way user at least find out that there are some malicious content in the website. but with the way Emsisoft working right now, well if i was a user browsing this website i had no idea that it is hosting some malicious content somewhere in it. i assumed it's a safe/trusted website. hope you get my point.
  3. I'd like to take this moment as opportunity to express my feedback to Emsisoft as well, hope that's ok even tho i am aware that this forum is not for feedbacks but if they really care well i'm sure they'll hear it from here as well. about the Emsisoft team is doing well thing.. well, I also hope that they are all doing well specialy my dear David B. but that aside, no. they are not doing that well in terms of the company/software itself at least as far as users can see. now that might be a bit aggressive but it is coming from a fan of company so.. the picture OP posted is well actually Bitdefender' job since Emsi using their engine + the in house engine which is mostly about PUA or at least it used to be this way. so thanks Emsi for keep paying for Bit engine that's a good extra to have, i just hope that our Emsi lab team which should be very few but yet all professional in what they are doing, also start hunting more stuff, i remember back in the 2017 2018 if i'm not wrong we used to play with malware packages in forums etc and like in almost every package we had 40-50% of the package picked up by the in-house engine which was A i believe? well that's not the case anymore. and about the tests, Emsi is not participating in some bigger names av test companies like av-test av-c, well the excuse for that was that Emsi have not that much budget to waste for such tests some like that? ok. where is Emsi investing that budget now? we have had not a single security related update on the software for months maybe years now. more and more people are noticing this even in forums like MalwareTips etc.. noticed this. Emsi is more about management than security itself lately. almost all updates changelogs are "minor tweaks and fixes", i don't like to even say it but it is becoming like Webroot nowadays.. no new feature for years no real improvements no nothing. you could open a feature request subforum with the money you didn't waste on tests, instead you preferred spent that all on management console and playing with notifications/alerts for the past 2 years as far as i have track of. yup that was all i'd like you guys to hear, hope it will get to the responsible person' ears.
  4. Hello, I was searching forum for this and ran into some posts by @Fabian Wosar in most clearest possible way admitting that Emsisoft won't protect users from Fileless infections, is that still the same? Check the posts: "We will see the actions taking place, but since they are performed by a trusted process we will allow them to go through without notice." said Fabian. So is the BB smarter now? or this still the case with Emsisoft? can we change that through settings? maybe uncheck this? I mean this is honestly disappointing to have a protection that just look how you get infected by this kind of malware and do nothing..
  5. Hello, sorry for the Quote, just wanted to get you your answer more quickly Yes once you install Emsisoft, after openning your browsers you'll get a notification from Emsisoft that you want to install their extenstion or not. But you can download the extenstion itself without having EAM installed as well.
  6. Hello, so the main Q is the title. and it gets back to the John McAfee keeps telling that AV is useless and dead nowadays and etc.. well maybe he's right. or not? I've recently ran into a phishing URL reported on twitter. and at the time the URL reported on Twitter ( by malwrhunterteam Twitter account ) they were claiming that it is so new that it's almost an hour old, so i just checked the url with VirusTotal and at the time( this is for yesterday when malwarehunterteam claimed the url is phishing and a very new one ) only 4 vendors were detecting the URl and blocking it, they were "Emsisoft-Fortinet-Sophos-Netcraft". so i submit the URL to F-Secure and Kaspersky. what so disappointed me so much was that the Kaspersky market the URL as "good" in their Opentip portal you know their submission portal.. after like 2hours. so that's Kaspersky the largest private cybersecurity company. and then F-Secure which emailed me back in about like 6hours (these are not just words i got the emails from F-Secure, but Kaspersky well updated their mistake today.) and F-Secure response: Greetings, Thank you for your submission. Our analysis has found that the URL submitted is not harmful. Our security products have been updated to rate the URL as safe through F-Secure's Security Cloud. so one call itself largest single provided cybersecurity services in EU and one largest private .. and imagine a criminal gave me that URL and actually made me to use that link which is "hxxps://my-skyaccount.com/secure/" I am very careful user and i didn't trust that link in first place. so i went to my AV provider and ask them to check the link for me and they got back to me and say that the URL is not even harmless but it's actually "Safe" and "good". it's right that Kaspersky changed his mine in 16 hours and F-Secure well. 24 hours later still no response to my second email that asked them to check the link again. but user lost his account already and he was a very careful one.. I don't know if Emsisoft Team which is not that big i don't think if the threat hunters of Emsisoft be like even 10 people since the company is at max maybe 40? analyzed the mentioned url themselves or someone reported it to them sooner( how soon i mean the url was an hour old ) or they just check the urls with Netcraft database with their extension? but yea this i'd like to share with you guys maybe i can see other opinions on it as well 🤔
  7. it's not like BB just block any application without digital signature it just going to monitor their behavior if there is no digital signature
  8. Why not change the way Emsisoft work with the game files? i mean it's not like every user of Emsisoft who is a gamer like to do all this so be able to play his game.. that basically makes people want to switch just sayin. i mean i'm a gamer myself never had such problem with AVs like Kaspersky Bitdefender Norton F-Secure even Comodo i do play games tho and i have Emsisoft installed on my system i have no problem playing Dota2 and CSGO. maybe they have signed digitally but as i said maybe change the way Emsi works for gamers at least then you can release something like gamers antivirus 🤔but you probably already discussed this matter with developers
  9. Hello, Well title is the question. And i'd like to know if Emsisoft protect the system from being used for mining without user knowing? like there used to be some programs that used to do that when they were open in system Thanks!
  10. every product has to fail at some point, we don't have a 100% protection with any Anti-Virus out there but good thing is that you've reported it, and that Emsisoft Behavior Blocker can get new rules added to so they'll probably deal with it 💬
  11. Hello, i had the same problem many times, as you've mentioned you had ESET installed on your system before installing Emsisoft. and as far as i've understand Emsisoft detect the Firewalls because there some of the Antivirus' files you had installed before Emsisoft left in the registry. so it will detect it as Firewall. it's not a big deal ant it does not really effect your protection But if you just like me, like to have that part clean you can send an email to the Emsisoft support and they'll fix it for you ( they might do it here in forum too )
  12. the problem sounds fixed now i didn't reproduce since last week and i just checked it again, i can see the result of verifying with AM Network now not sure what was the problem however
  13. i could see that too, my problem is that i did not see the "result" of that verifying status with Anti-Malware Network. i just saw that it's checking. but in the screenshot that Arthur provided, we can actually see the result of that verifying thats the point of the whole thing right? user see that if file is SAFE or not by Anti-Malware Network so he/she can like decide that if BB blocking the file is false positive or something..
  14. i'm sure my Internet connection is not faster than yours considering you was able to see the result of the action and again considering i'm from Iran and the Average of Internet connection speed is about 2Mbit/s here so it is definitely not because my connection speed is fast enough, cause if mine is fast enough then yours is faster for sure and yet you was able to see the thing you know.. hope you get my point. why we should not consider the reason might be that my system could not connect to Emsisoft Anti-Malware Network( it's not this cause i've had malwares blocked by AM Network )? or something went wrong i don't know
  15. i'm really confused about this then. would you please check this video i've recorded about the problem i'm facing? it just skip the verification or what? https://gofile.io/d/pYM1Pn does this text shows up only when a file recognized as SAFE by Anti-Malware Network or i'm missing something?
  16. i'm pretty sure that there is no custom rule for any applications in my EAM but i did that and still i just get the message that the program is being blocked by behavior blocker or Anti-Malware Network and that's about it. can you provide an screen shot of the actual message that should have pop up with that settings being on? lookup notification i mean
  17. the thing is i did not see the action you're talking about. i've executed so many samples so far with BB set to show lookup notifications 🤔
  18. yes i have Look up rep set and yes i tested files with suspicious behavior that BB blocked them, i did not see any difference in the alret or anything from EAM when i've unchecked that auto allow programs with good rep well this is the easy part, i'd like to know what happens if i did not have that auto allow checked 🤔 like it won't allow the program to run? or something? i think it might be something that works when we set the BB to "Alert" not auto resolve actually, then it will also ask for programs that have good rep also? not sure tho and i also did not notice any difference between when BB set on "auto resolve with lookup notification" and "auto resolve and notification for threats only" like i have ran some samples that i had and checked both options there were no difference like at all.
  19. Hi the option i'm asking about is this in Advanced section: and what happens if we check or uncheck it, this was checked by default i think i've unchecked it to see if there be any difference or not and i did not see any difference 🤔
  20. Hello. is there any plan to add these kind of protection to EAM in the near future? like adding a privacy tab in software or an option for BB to alert if a program tries to access to webcam or microphone?🤔 Thanks!
  21. well i just had a response from someone in Quality Assurance: first response from Emsisoft support for me, in most of the cases took almost 16-18 hours. not sure why i'm not between those many cases maybe they response faster if you email the problem to them and not through my.emsisoft.com not sure but at least the Head of Support is going to hear this
  22. i've just sent them a feedback to this address: [email protected] it might answer your case as well, i might share their response to the feedback if there be any. but Emsisoft have started offering Chat Support as well recently, and it's available most of the times during weekends in my experience. for the email support i had a response always within 24hours ( i'll send the email from my.emsisoft.com tho, if chat is not available ) i've sent a feedback anyway we'll probably have an answer. at the end don't forget Emsisoft Behavior Blocker is there for us 24/7 and it's so d**n strong
  23. the explaination that i've found in the other topics of the same forum answered the Q completely, i'll copy/paste it for those who might have the same question in the future: as for the extension problems in Firefox it seems that Emsisoft developers are already aware of that and it is not that much of a deal that they feel it is needed to be fixed yet ( after 3 years if i'm not wrong? )
  24. this response did not really answered the question here but thanks for the response yet the problem is not solved i even did a fresh reinstall of my windows cause i was playing with so much AVs during last months so i wanted to be sure that there is something wrong here Update: it solved, it seems it was not detected by Emsisoft and VT was wrong about the URL getting blocked by Emsisoft. Question, you've mentioned that extension catches results. that we already know, but where it does catch the results and how it getting updates? is it with software getting update every hour? or it's like checking real-time Emsisoft cloud database or somewhat like that? that's 1 Q, another Q, i have submitted a phishing URL to Emsisoft today and it seems you added it to the database but it getting detect and blocked by Emsisoft web protection(as malicious host) not the extension, so it seems there is a difference here that i'd like to know about if possible? Thanks! Update: more things i've noticed with the Emsisoft extension, in chrome i've tested when you visit a website for example and you want to report that website to Emsisoft, well you click on the extension icon and click the blue text that telling you to report the website, when you click on it the text changes to "Site reported. Thank you!". so everything is how supposed to be but the problem is that the text and the link will not refresh to what it was and by that i mean the text that telling you to report the website. it just remains as "Site reported. Thank you!" no matter how much you wait an hour or 2 ( i went to 2 hours so far. ), the text only refresh when you restart chrome. so this is chrome problem. now there is some kind of the same problem in Mozilla Firefox, but the difference is that when you click to report the website you're visiting, in Firefox actually nothing happens and the text will not even change to "Site reported. Thank you!" and it's like it just doesn't work no matter how many times you click on it, it just does not work.🤔
×
×
  • Create New...