Yilee

Member
  • Content Count

    37
  • Joined

  • Last visited

Community Reputation

1 Neutral

About Yilee

  • Rank
    Member

Recent Profile Visitors

1719 profile views
  1. 1. I tend to agree about the AMD cpu's but I'm not up to date. It does seem that Intel has more issues. 2.In my case, I do not use any remote desktop connections and the bulk of my security is in our closet using a zywall usg security gateway with AV, IDP AND CONTENT PROTECTION AT THE FIREWALL. Also I have many creative FW rules to only allow protocols that I am aware of and nothing else. I use country GEO blocks, Trusted and unstrusted host sites with wildcards etc...It's very customized. The only thing I keep wondering about is if Cyren-Commtouch can be trusted for content protection indefinitely into the future. None the less, I would feel naked if I didn't use EAM, Outdated Sandboxie(works well on win7) and Ublock Origin to make browsing pleasant. 3. Canadian Tech (I believe) at askwoody website has many customers on Win7 that have been fine without Win7 updates for over 1 to 2 years. I personally wait up to several months until there comes a month where all of the previous patch bugs finally have been fixed (it does happen). Edit: I also to this day have remained in Group B (using Security Only Patches) and I did not download any patches with Win7 Telemetry(I am stubborn). I still intend to use 0Patch in the near future once they show that they are reliable and can promptly fix conflicts as they arise. Stop Edit. 4. In the end, I believe the biggest exposure is to those who want to use any and every service,game etc especially when remote connections are involved. I also believe that if a user does not involve themselves in remote services, cloud services ect and uses good practices along with some of the security techniques I described, they would probably be able to use a unpatched Win 7 machine for several years as long as a 3rd party Browser was up to date. 5. 0Patch did have a recent Hooking conflict with Firefox 72 and 73 but it is to be fixed quickly per both parties. So, 0Patch can sometimes conflict with certain 3rd party programs like AV and Browsers. 6. I'm surprised that no one else came forward as having the same problem with the way my EAM scheduled custom scans were behaving. Please let me know if QA finds anything. Otherwise, I will just wait for the next delayed release. 7. Lastly, why can't Emsisoft (for a fee) just release a version for Win7 that keeps the EAM components in a static state and just provide definition updates and tweaks???
  2. Thank you for the Win7 EOL info. I'm just a little surprised that Win 8.1 is also ending March 31, 2021, but the OS doesn't have much market share. I do have an unused Win 8.1 Pro license. I will prepare accordingly but I am quite certain that I will not build a Win10 system, perhaps Linux Mint or other Linux Enterprise version(will cost money) along side my Win7 set-up. Google and Apple are both in the process of degrading their Full unlimited Extensions to abbreviated Extensions that use much less lines of Code with less kernel or API access. Over my head to explain. The bottom line is that Ad-Blocker Extensions such as Ublock Origin will no longer be developed for Chome and IOS13 users of Iphone and Ipad Pro. So far, only the desktop version of Firefox Quantum along with Pale Moon and other Firefox Forks will be able to use the full Blown extension types going forward(or very soon). I will do what I can to pursue using full blown ad-blockers with Sandboxie 5.26 to 5.30 on whatever OS that will continue to support Firefox Quantum and Pale Moon (alternate them) desktop browser versions in the future. Hopefully, Mozilla will not follow Google and Apple. Those of us that care about such matters will soon be facing hard decisions. I also use AV,IDP and Cyren Content Protection at a Zywall USG Firewall-Gateway with many Firewall Rules. Soon to add Open-VPN. 0Patch uses lightweight patch that only fixes the security bug and is done in memory at start-up. The process does not change any Windows system files, and this is how they purport to not cause potential issues with other 3rd party programs. Moving on. 1. What other Operating Systems does EAM support? 2. Concerning my original problem, I have some additional information. ***I never did try the current EAM release. However, I did play around with the setting's and narrowed down the issue and this is what I found. a. I found that ever though the scheduled custom scans when opened, and then clicking the "what" tab shows "quick scan" when it should show "custom". b. However, if I just click cancel without making any changes inside the "what-configure" screen, the Main scheduled screen will still show as "custom" and the scans still run as expected. c. But if the "what/configure" settings tab is accessed, then all of the original custom settings will be LOST and will have to be re-entered and saved and not bothered again once "OK" is checked to exit the settings dialog boxes. d. So in the end it is not a big problem as long as you understand not to bother the "what-configure" settings. Even though the "What" tab shows Quick Scan" the custom scheduled scans will still work as expected. e. In the end, all of the above may be expected behavior, as I can't remember for sure. So, let me know if the above is expected behavior or is a minor bug. Thanks
  3. I will change the update settings from stable to current version and will see if I can schedule a custom scan that keeps its settings and get back to you. As far as patching goes I am looking into 0Patch_com to obtain critical security patches. All of the reviews at askwoody_com have reported that they are reputable and offer lightweight patch protection only for the most serious security holes that occasionally do arise. Thanks
  4. Recently since delayed version update to 2019.11.1.9884 I noticed that when i went to run a scheduled custom scan of my external drive only that the scan was much too fast. Upon looking at the settings under "WHAT" TO SCAN THEN "CONFIGURE" that the scan was set up as a Quick Scan and not Custom which explained why the scan went so fast. Edit: I really don't know when this problem started because it was just coincidental that I went to run one of my existing custom scheduled scans just one day after the above update. Furthermore, after I reset all the custom "what to scan" settings I discovered that I could run the Custom Scan before exiting the settings but once I clicked OK to exit and went back into the settings it continues to revert back to "Quick Scan". So I have "3 different Custom Scans" set up on 3 different Win7 computers and they are all behaving the same way. Also, this problem remains even if I am logged into an ADMIN USER ACCOUNT. It's not a big deal as I can always run a MANUAL CUSTOM SCAN USING SAVED SETTINGS, but I would eventually prefer that the scheduled settings would remain in place and run correctly. I prefer not to provide a troubleshooting log as I do not like to share such data or any data for that matter. I am hoping that someone else might check to see if this is happening on other users computers or if it can be duplicated. All of my Windows 7 Pro and 2 Ultimate computers are updated through Dec2019 and have the Sept 2019 Service Stack Patch which is the minimum SSU required to get any lingering updates or to update Office 2010. I have been using EAM for several years without any problems for at least 2 years or more now. Any help about the above matter would be appreciated. Extra question: How much longer will EAM be supported on Windows 7 ???
  5. I can't adjust to spending more time getting what I quickly want from the All-In-One-Forensics Log. I was doing fine until the Delayed Update Option also started using the All-In-One-Forensics Log. Now I get livid when I have to deal with it and now I can't get my spouse to interpret the combined log so now I have to always do it. If several days pass between observations the effort it takes to get a clear picture going several days back is not acceptable especially when I was previously using a better method of individual log columns. This is for me EAM's first big Strike One, regardless of the placating this post may get. I'm not a Millennial, I'm much older. I like explicit Tool Bars on my Browsers and Desktops, still use classic views on OS and Browsers so I don't forget what options I have as I get older. Why do you younger people never look out for your elders? This complaint can be assumed to apply to other upcoming and past reasons why half the population still uses Windows 7 and a Browser with a classic view. I like my 30" monitor that I am currently typing on along with my 70" TV. I don't and never will watch TV on a Smart phone or a tablet, not even on an airline flight. If, as GT-500 mentioned that the move was not to save on coding and that it wasn't any harder one way or the other then give your users a choice to use individual log columns or the all-in-on since it's not so hard to do since all of the coding is already in place anyway!!!!!As you previously mentioned in another post in which I previously complained about this same issue Anyway at a glance, just looking at uptick in EAM problems since the 1st release of the all-in-one log build release it seems that things are starting to slightly get away from your control. Don't get me wrong, I still thing EAM is one of the best choices for OS malware protection when used with other measures, but just remember; 50% of Windows users still use Windows 7 and for good reasons-too many reasons to mention here. If you follow Microsoft and begin to mimic their behaviour and dumb down and simplify the UGI at the expense of those who require to clearly see and have access to tools and options you will begin to lose your advantage over other AV Solutions. Many years ago ZoneAlarm did the same thing plus they eventually just became evil and their program became a spy program that could not be neutered or managed. They could have chosen the honorable way and just died away in a respectful manner. Going forward I will probably just stop observing the logs unless a specific problem arises, however this is not to my liking. So, if the information is already in place to produce separate log columns, why not give the customers the option????
  6. Both Jeremy and GT500 have confirmed what I was pointing out! 1. I don't want to type anything. I don't like Drop-Down options unless they improve the interaction. In this case they degrade the interaction! prefer to click and move on quickly in each of the older style columns and only see info that pertains to one of the previous 6 log sections, and then occasionally the Forensics column was useful for a all in one historical check with a slightly different perspective to see if certain actions were interfering with other processes etc... I want every log column ready to go without changing anything except grabbing the scrollbar. Typing is for other areas such as Protection where you are looking for a specific rule or etc... 2. I disagree that the Forensics Log by itself was more useful and made the other logs redundant. Sometimes the Forensics log would not catch changes that the other logs did catch for whatever reason did not. So, that makes all the logs helpful and much more organized. 3. I would rather mindlessly click 6 or 7 columns than to thoughtfully with effort use a drop down list to catch up on Log HX! 4. Please don't placate me with answers that are inherently false and at best trying to brush off the issue that this change is a backwards move. 5. I will stay on the DELAYED UPDATE until forced off. 6. Let's have a vote on this one. Everyone please chime in on this particular change because if you let this one go by without protest then in a short while EAM will be so dumbed down because of CODE-COST-CUTTING-MEASURES that you will not be able to recognize it in the near future.
  7. Hello Once a day after manually updating I go to the Logs Tab, then starting from Right to Left with the Update tab then Quarantine etc.. to the Forensics tab, I very quickly check the top 2 or 3 entries in each section to see what happened since yesterday and it goes very fast and the results are concise. Lastly, I glance at the Forensics section to see if it confirms and very occasionally I will go through it's HX to check previous silent Browsing Blocks or other Historical events, but very seldom . This approach gives me great conformation and reassurance that all is in order and if not that I will definitely see any problems and I no longer have to think twice about the matter. Now with Build 8334 the only log remaining is a complicated Forensics Log with a Convoluted Management Drop-Down Box that takes up my time to deal with it plus I'm not certain that the upper section choice is much different from the lower section choices. Of course I did not give the Drop-Down List much of a chance because I knew right away that this was Cost-Cutting measure or a Code-Cutting measure not meant to serve it's users as well as the previous layout. Most all of the time these GUI changes are for the Best and the program is still one of my favorite modern contemporary program-app like installs. Also, in most cases the improvement is obvious and I go on my way without comment. However I have noticed that in the Main forum and in the Beta forum the advantages of the Majority of major GUI changes (good or bad) are not fully explained. This change has irritated me so much that I switched all 3 computers to delayed Update and will stay there until I am forced off or the Log situation is changed back or improved. I don't want to go back to using ONE Forensics Log that requires more time and attention to see what has taken place especially if I have not checked the log for a few days. Do you really thing people want to use optional drop-down filters to segregate only what they want to see at any time. The previous segregation worked wonderfully. I suppose it won't matter much if EAM starts to slowly go Downhill like many other things in this day and time. I plan on using Windows 7 well past 2020 (to keep using certain Non-Linux Programs when needed) along with Linux Mint or similar for Online activities. I am betting that Microsoft will offer the public extended security updates for Win7 for a monthly or yearly fee. I know that I as well as others would pay to continue using the best user friendly Windows OS ever build. They will never get the majority of users to use Windows 10 in it's current state. Based on Emsisoft's HX, I expect that EAM will no longer support Win7 past the year 2020, although I hope you can find the strength to push back at MS and support Win7 as long as the public continues to fervently use it and you had better start working on a Linux Version. There are a lot of Windows 7 users who have already tried and accepted certain Linux programs and will jump to them as soon as Windows 7 is truly unsafe to use online. That day is not far away. What will Emsisoft do? Continue to offer the best AV-Malware program on the market when used with other security measures or will you start to Dumb Down your customers with changes such as the new Log-Forensics Log Only which in some ways is similar to how Microsoft has dumbed down Windows 10 GUI meaningful user option-preference configuration access along with increased Telemetry. Please, no comments from newer users who have never used Windows 7. Thanks, Yilee
  8. Just to let you know, the lsass.exe registry handle leak warnings that I was getting at the same time that I was getting some a2service.exe leaks on the Builds prior to 7014 were not related. I'm sure you knew that. Many people on the internet have searched and failed for an answer concerning lsass.exe. I spoke too soon after updating to EAM 7035 and was getting them again after tweaking and rebooting both of my machines. I had to get serious about how to frame my search criteria on google and finally hit pay-dirt. In my case both computers were using SSD's and the laptop's USB 3.0 backup drive was also a SSD. The answer that I found on Expert's Exchange was to uncheck the "Enable Write Caching on this device" for any SSD drives, even the usb backup ssd. The solution worked immediately upon reboot. I don't perceive any reduction in performance and my acronis backups to the USB SSD are possibly faster. I have read other articles that disagree about whether there is actually any performance degradation concerning SSD drives. On mechanical drives it's best to leave the option checked. My opinion is that there is no noticeable difference on SSD drives. I am also quite sure that these separate lsass.exe leak alerts were caused by a windows update patch between july and nov 2016. I know this is off topic but I like to help when I can.
  9. Thanks GT and the Rest of the Team, my computers are doing well on the new Beta 7035. This ordeal was tough on me because I had just patched both of my computers with 5 months of Windows update patches just a few days before Build 7014 was released. So, between the previous registry leaks and then the problems with Build 7014 I have vowed never to wait so long in between Windows updates. In my case the issues has so many possibilities which caused me extra effort. I have learned my lesson. Thanks again for the feedback.
  10. I missed that Build 7035 was a Beta release. After looking at the list of issues that were addressed I did not see any evidence that addressed problems that can occur when trying to run other windows maintenance tasks at the same time a manual scan is initiated. Could you please consult with the team working on this matter if the fix is included in this beta or if the investigation is still ongoing. I noticed that another poster named Reerden recently sent in diagnostic logs concerning this very issue 12 hours ago about the same time the Beta release came out. I also read your reply to Reerden that the team believes that this issue has been fixed in the current 7035 beta release. I will wait for the stable release and for some feedback from Reerden. However, I still would like some input about these Registry Handle Leaks (Build 6859) when they occur on a locked down LAN system where users never use Remote connections ETC....??? Do they still present a risk when browsing the internet?? I ask because I do not know how long I will have to stay on build 6859. Thanks
  11. Thank You for the timely info. The problems are definitely related to .IO.IO input output errors as far as running Event Viewer/MMC Snap-In is concerned as there was an image that I included(several images) that I could not figure out how to attach or insert. I was tired and I don't blog much, I usually fix my own problems only with research. The problem is related to EAM not releasing the needed files to run various other tasks when it is running, especially during the starting phase of a manual scan. So, I have the following questions to GT500: 1. Dose EAM Build 7035 address this particular issue? From what I can tell it doesn't. If that's the case, then should I stay on delayed build 6859 for a while longer or are the a2service.exe registry leaks a concern for me even if I am protected by a secure LAN/UTM Gateway and I'm not involved with remote connections, VPN or other similar outgoing connections ? 2. Is there an easy way to insert images or upload jpeg's or gif's using Microsoft's built-in Snipping Tool if I first save the image using the "Snipping Tool" to a desktop file. The FILE choices are: PNG, GIF, JPG, AND MHT. What is the procedure? I couldn't find an FAQ section to address such question. I am not interested in creating an online dropbox link account or anything similar. Thanks again. Looks like I figured out how to add an image. I guess you have to do it where the curser is at the time you hit save edit. The following are the images that I wanted to insert in my primary post but didn't know how to get it done:
  12. ***If someone know an easy way to add the missing images I will get it done, Thanks The following article is about Misc. EAM Build 12.1.1.7014 Issues that can occur during a malware or full custom Scan at the beginning of the scan when EAM stall for a bit of time when the scan is just starting. I call it the "scan stall period". I have identified that if you open certain processes/tasks during this stall period these tasks will fail with error codes and all seem to be related to EAM not releasing (still in use) the processes for the user to use them. ***These errors are more easily duplicated when running a Full Custom Scan where on my laptop the scan usually allways stall for a bit at 50%. The stall is less noticable on the Malware Scan but the same errors can be produced if you are fast enough to open certain Tasks. On Builld 6859 this problem does not exist. I often start manual Scans and also begin certain maintanence checks during the beggining stages of most all manual scans that I trigger. The tasks that are affected during the starting stage of scans of Build 7014 to my knowledge are: ***Task Manager ***Event Viewer ***Run Maintanence Tasks in Action Center ***Saving WordPad rtf. files during scan problems(did not try Word). ****Also after enduring all of these problems (3 acronis system restores and duplicating the issues over and over in slightly different approaches) during a roll-back to delayed Build 6859, EAM would not start at reboot and showed brown in Taskbar and nothing would work for several minutes. After several minutes it would show green and Build 6859 would work but would keep failing at additional re-boots. I blame that problem on corruption caused by Build 7014 , because when I used a recent System Restore point to correct the problem, the Restore succeeded but hung with a blank blue screen for a miniute before explorer opened and the successful dialog box showed up. After that happened my system was corrupted. Instead of using Acronis to restore I reviewed the Event Viewer and saw a Service problem with the Windows Presentation Font Cache. I fixed that problem by deleting the font cache file in system32 and rebooted and the system was OK. Google the Procedure if affected. THE FOLLOWING IS MY STORY CONCERING BUILD 7014 WITH THE FOLLOWING MITIGATING FACTORS: *** I patched 2 windows 6 64Bit systems a laptop and a desktop with MS Udate patches from July through Nov. Only Net.framework,Security Only Monthly and a few misc. patches. No telemtry or new features. I immediately noticed that I was getting the same (5) lsass registry leaks from Local User SID's which I attributed to 2 MS patches that hardened SMB 445 Protocol for Homegroup and Remote connections. I plan on removing these patches. On both computers, I share common data folders on Drive C: and share them through homegroup. When I disable the sharing of these folders in Homegroup the lsass.exe registry leaks dissapear but are replaced with registry leaks from a2Service.exe with Build 6859. These leaks are not present with Build 7014, but the problems that it causes are the worst I have seen in a long time considering how cautious I am. ***Over the next few days I got hit with the stable EAM Build 7014 and immediately had the following problems. I have since successfully rolled back to EAM build 6859 and everything is just fine except for the Registry leaks that it causes when Re-booting. The following is what I encountered when initiating a manual Full Custom Scan and immediately trying to run the following tasks: 1. If you open Task Manager during the"Scan Stall Period" it will cause EAM to stop scanning and no Log File will be created and other issues become present once this occurs such as: ***See Event Viewer Admin Log BELOW produced when opening up Task Manager during the "Scan Stall Period", see error (red error, not warning) as follows: ******taskhost (4060) WebCacheLocal: An attempt to open the file "C:\Users\YEL\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).   2. *related to the above, once the scan fails and you close EAM Program Dialog UI Box and if you try to run the "Action Center\TroubleShooting\Run Maintanence Tasks" will fail to run with the following error (see error dialog boxes below or Event Log Entries:  *However, if you go directly to the Run Maintanence Task without first opening "Task Manager" during the "Scan Stall Period" the same error as above will also occur. *Also, if you wait for the "Scan Stall Period" to finish and resume it's normal scanning and do not immediately begin the mentioned maintanence tasks, the above problems do not occur. I usually like to perform certain maintanence checks as soon as I start manual scans. It's just a habit. I never had this problem with any of the older Builds of EAM . *Lastly. once you receive the below error dialog box, the only way to clear it up is to Re-Boot. Also, and most importantly if before rebooting if you try to update EAM 7014 you will get the other EAM "Unexpected Internal Processing Error Occured" which a re-boot will clear up also. I have duplicated this behaviour on 2 separate computers. Also other regular programs during the period before Re-boot become sluggish when trying to open them (don't open right away). ***The following is the error box that is received if you try to update EAM before Re-booting to clear up the Failed EAM Scan. OTHER NOTES: *The laptop has never produced significant issues since bought. *The problems above will occue on Admin or Standard User Profiles. *The problem continues to re-occur after Re-Boots when trying certain tasks during the initial "scan stall period. But, if you do not attempt to run any maintanence tasks , the EAM scan will complete successfully and produce a log if left alone and you don't try to run certain other Tasks as I will continue to describe, plus none of the problem effects describe so far will occur after a successful EAM Scan when left alone to complete. 3. Another Problem that can occur during the initial "Scan Stall Period" when trying to access the Event Log Viewer: Notes about the above error: * A reboot is not required for any reason after a few minutes once EAM finally offers a dialog box to confirm "Stop Scan. When the above error alerts happen, I always click pause then stop on the EAM Scan but it does not respond until several minutes later. Once it does respond with "do you really want to stop the scan" and click OK, then EAM will Update normally and the Event Viewer will work again and there are no problems with the Action Center. Everything seems OK, I believe because EAM has released it's use of the files needed to run the MMC snap-in/Event viewer and other items. I believe this is the case because in this case clicking OK to stop Scan causes EAM to release the needed files * Of course if you try to do anything before clicking OK to stop scan or if it's not offered then the Event viewer will continue to fail and an EAM update will produce the "internal processing error" dialog box. Plus, because the severity of the MMC Snap-in error seems more severe, if i continue to open other processes such as "Run Maintanence Task" in the Action Center and then Trying to update EAM and then producing the EAM "internal processing error" and then trying to Re-Boot, the following occurs likely due to OS corruption: ***Re-boot hangs during the "windows is shutting down" and requires turning off the laptop. I have my Power Button set to turn the laptop off just for such occasions. Sometimes I remove the Batteries in order to make sure any corrupted CMOS settings are removed. *** Also during the 1st part of the Re-boot process the screen shows that "TaskHost" is having trouble shutting down processes that refuse to close (EAM I suppose) and thus causes the shutting down/reboot process to hang and lock up permanently. The only way to solve the issue is to power off the laptop. ***After Turning off the laptop and then back on with the power button and automatically brought to the "Safe Mode" screen I enter safe mode and run a CHKDSK which shows no problems. Also SFC /scannow shows no errors. ****The "Scan Stall Period" is much more pronounced on Full Drive C: Custom scans and gives a user more time to open other Maintanence Task such as Event Viewer, ETC... Once the EAM scan gets past the " Scan Stall Period" the "Event Viewer" will work again, However the following errors can still be produced after the Full Drive C: Custom scan has been running for quite a while: ***Problem saving WordPad rtf file: ****As you can see I was unable to save to WordPad concerning this very document. ****Also Run Maintanence Tasks in Action Center completed the 1st standard user part but failed with the above error under the "run elevated as Admin" portion of the task. ****The spinning scan Icon continues to be active in the Taskbar even after pausing and trying to stop the scan. Eventually, EAM after several minutes will respond to the Stop Scan button and then I am able to save changes to my WordDoc, also the Elevated Run Maintanence Tasks in Action Center will run properly again without rebooting. Conclusion: This is complicated and I only have 2 days to renew my license. I will at this point roll EAM back to Delayed Updates and will just have to put up with the Registry Handle Leaks as long as none of the above effects are still present. I usually get a 1 yr/3 computer license and I was trying to get this resolved before renewing. I like a lot of the features offered on EAM and do not believe there are any other lightweight/unintrusive/not privacy invasive AV's available. What to do???? NOTE: Well I decided to again go back to the delayed Updates EAM build 6859 and to renew for now but now I encountered new problems after rolling back to build 6859 as I mentioned at the beggining of this article: ***Delay with EAM,WiFI, and anything else at startup after reboot. EAM shows Brown color and cannot be accessed after trying several reboots. ***(7) Registry Handle Leaks when rebooting only from the standard user profile. (2) from A2Service.exe and (5) from lsass.exe ***Taskhost when shutting down on all profiles shows delay in closing a program. ***New Event Viewer Error(red error) as follows:   SO I TRIED THE FOLLOWING: ***I did a System Restore to the point just before allowed EAM to Update to Build 7014 but that did not help and the same above Font Cache Error at startup remained. I have used System Restore in the same manner in the past and it usually corrects such problems as the Delayed Build 6859 did not cause this problem just before updating to build 7014. ****SEEMS LIKE ALL OF THE TROUBLESHOOTING EARLIER ON WITH BUILD 7014 DAMAGED MY "FONT CACHE SERVICE" IN A MANNER THAT SYSTEM RESTORE CANNOT OVERCOME OR THE ROLLBACK REMAINED CORRUPTED. I eventually fixed the above Font Cache Error and Rolled back to delayed build 6859 and everything is ok. I am not worried about my Registry Handle Leaks from a2service.exe or from lsass.exe because I am on a well insulated LAN with an external UTM Gateway with external BlueCoat content protection, IDP and Anti-Virus. I also do not ever make any remote connections. So, I know that my leaks are being caused locally likely by the new SMB 445 Protocol patches from MS and because I share common folders on Drive C: and use Homegroup. The Leaks do not occur if I turn off Homegroup. I have also Renewed for 1 more year. I would like to suggest that Emsisoft stop trying to be everthing to everyone and stick to an unbloated version of EAM, but at least stay compatible with Sandboxie and whatever else works with it now. Improving current features is fine but adding a lot of new features over time will put you out of business. InvinciaX is a new malware program on the horizon that I am keeping an eye on. Made by the same group who bought Sandboxie, which has been the most excellent 3rd party progrem that I have ever had the pleasure to use. I'm sure someone will duplicate these problems and send you guys some logs. I'm done with this stuff for a while. This wore me out. PS: Re-booting does not permanently solve this issue. It will continue.  *** As I mentioned at the top, there are missing images and if there is an easy way to insert them , please advise.
  13. Received the same error box as above and much more in the form of several problems. It's hard this time to know where to begin but I'm certain of my findings as I have been following this one particular issue about a Registry Handle Leak from EAM and also about 5 specific Registry Handle Leaks from lsass.exe after every re-boot for 2 months now. However, there were no side effects and the alerts were warning alerts not errors. My license is soon to expire and I wanted to get the handle leak from EAM Build 6970 fixed so I intended to perform a clean un-install then re-install (this has worked in the past for other issues). But at the last moment I decided to manually update EAM for no specific reason and I got hit with the new EAM build 7014 which immediately gave me problems when I performed Full Scan: *Severe corruption of programs ***service/mmc/snap-in functions **** corrupted my admins app data roaming folder ***also when I tried to update I got the "internal processing error dialog box". ***also any scans that I performed did not create any log files to view ***also the scans would hang for a bit at the beginning ***also if I tried to stop the scans that were hanging EAM would lock up and only a reboot would unhang it ***also noticed that I caused my Software Protection Service to terminate unexpectedly ***The same would happen on admin or user profiles *** also noticed a System .IO.IO Exception error. This is stuff I have never seen before. On the good side I discovered the following: ****When a scan did complete in a normal fashion (but without log) the scan was not slow as has been the case for a while. Yes I realize that the scan speed did improve a week or so ago but not as fast as in the past. Also the scan was using between 20 to 100 % CPU instead 0 to 10% like it had been doing recently. *********After many re-boots I noticed that the Registry Handle Leaks from EAM and from Lsass.exe were no longer present at all-never!! So, the above prompted me to perform some diagnostics and this is what I Discovered: 1. I found that if I removed(uninstall) EAM or if I completely turned off it's Start-up Protection as well as all other Protections so that it would not start-up at re-boot that I could re-boot as many times as possible and not have any Registry Handle Leaks from EAM or from Lsass.exe. 2. When I re-enabled all EAM functions and set it to delayed update to EAM Build 6859 I again received the Registry Handle Leaks from Lsass.exe and occasionally from EAM. 3. All Summer into early Fall I did not have any Reg Handle Leak warnings from lsass.exe or EAM or any other unusual warning or errors until I Performed Windows updates during the month of Nov 2016 and only Security Only Monthly for Windows and Net.framework 4.2 and 3.5 and a few other misc. I avoid telemetry and quality roll-ups. However because I was busy I had not updated since June 2016 because I wanted to see how Microsoft's update changes would play out. I do not worry about not patching because I use an external gateway with Bluecoat Content Protection with Active x and java blocked except for various Microsoft Active x is whitelisted for update purposes. The gateway has Anti-virus and IDP(intrusion detection signatures) also. I can blacklist any unwanted MS ActiveX updates, host url's or IP's. Using external protection is how I intend to use windows 7 for many years past 2020. *In conclusion my Wind 7 OS works fine with the Nov. 2016 Windows Patches without EAM Installed. *It was OK with EAM build 6970 and the older EAM build 6859 even with Registry Handle Leak Warnings because the leak warning did not cause problems. *I know that there was a MS patch in May 2016 that was released to fix lsass.exe Leaks but it caused issues with Emet 5.5 on 32 bit Win 7 OS, so I avoided it. However, I looked it up again and used Microsoft Update Catalog to see if it was superceded and it was several times and was included in the Oct. 2016 Security Only Release. So I have been patched for the Lsass.exe leak. Anyway, I use Emet 5.2 on a 64Bit OS. Never gives me trouble. Spent a lot of time getting it right and it's been perfect ever since. *So my final conclusion is because EAM worked perfectly up until Nov 2016 with Builds 6859 through 6970 without any Windows update patches since June 2016 I can only conclude that there is a problem with EAM and a certain Windows update patch that was released since July 2016. *I am also saying that there are a lot of bloggers complaining about the same identicle (5) lsass.exe Registry Handle Leaks during the last several months and no one has resolved the issue. MS states that since it's only a warning that it's probably a timing issue at start-up after re-boot. Sounds reasonable as long as the alerts do not produce problems. I now suspect that MS may have released a patch that is making it difficult for 3rd party Anti-virus programs to work flawlessly. Since, they finally gave up on the Win 10 auto installs, it's likely that they will find other ways to get users to give up on Windows 7. * I suspect that by tomorrow Emsisoft will have many other users complaining about EAM build 7014. I however intend to just monitor the situation for a while and use the delayed release version. I'm busy with other stuff. I hope you guys can get to the bottom of this. I know for a fact that while not widely published, your team has been working on the EAM A2service.exe Registry Handle Leak for a long while and this Build 7014 Hotfix is the worse fix that I have had happen to my OS in a long while. Please look over the timeline that I described. The problem is definitely related to a windows update Patch. *I am worried that I will have to stop patching windows 7 well before 2020 because all of the 3rd party programs such as yours will have to work with the changes that are mostly aimed at windows 10 which will make it harder for you to make your program work well in windows 7(eventually). Your EAM program presents with an unusual problem that I don't have with other 3rd party Programs in that you mandate that program Updates be included with AV definitions. Well I have 2 suggestions: a. Maybe make separate EAM Programs for Windows 7 and Windows 10(I realize that from your point of view that this is a laughable suggestion, but MS is not going to make it easy for you to make your programs backwards compatible with Windows 7 like they did with Win XP. You guy's will be forced to abandon Windows 7 out of pure frustration over the coming months. Just as our political system is turning to crap and using nasty hardball tactics so will the software arena. b. Maybe have the EAM program create a restore point before changing to the next Build. This idea is not laughable. I was lucky that I had very recent Restore points. I also have Acronis backups but it takes extra effort to do a restoration. Not everyone is prepared as I am. I don't know how others that have very limited computer knowledge deal with these times. If they are young enough I guess they don't know the difference. Can't help but rant a little. I don't suspect your team has any answers yet, so I will just monitor the situation while I use the delayed update. Thanks
  14. Hello This could be helpful information. After updating to build EAM 6513 I checked various logs (routinely) and noticed 3 of the above titled log entries(under CodeIntegrity Logs) starting 2 minutes after the new build update finished. I have seen these entries sporadically (3 or 4 times a month) since 12-08-15. Also, per older complete memory dumps(1 month or older) the epp.sys driver was blamed by WhoCrashed Program. So about 4 weeks ago I did a clean uninstall of EAM and epp.sys driver and the Emet 5.2 program and then did a Net Framework Repair Tool repair with success. I ran it on all 3 user profiles to be sure all user profiles were successful. I re-installed EAM (the prior build to current one) plus emet 5.2 and have had no problems for around 10 days (no need to reboot) concerning any Net Framework garbage collection issues or crash dumps or apps stopped working issues. I also noticed in the Code Integrity Log (after re-installing EAM after clean uninstall using Emsiclean Removal) that the Code Integrity log entries no longer appeared and I was very satisfied plus my system was running for many days at a time without any problems such as app stopped working or BSOS's or Framework garbage collection timing issues. Per crashdumps and MS Reliability App compatibility Reports, I believe most of my occasional app stopped working were either due to Framework Garbage Collection or a2hooks64.dll hanging up under heavy video browsing sometimes leading to a epp.sys bsod. I also noticed that all of these problems stopped happening after I made the above mentioned repairs and re-installs. (Basically programs that rely heavily on Net Framework 4.5.2. But, now since my update to build 6513 the log entry: Code Integrity is unable to verify the image integrity of the file a2hooks64.dll because the set of per-page image hashes could not be found on the system has reappeared since the EAM build 6513 update. It has only been 1 whole day since I updated to build 6513 (done on 070316) and everything went smoothly but : I am concerned that I may start encountering problems again related to A2hooks64.dll or epp.sys and I will let you know promply. Question: Why does A2hooks64.dll specifically have problems with Code Integrity Checks? I am sure that the file is properly signed as I have checked. Is it a timing issue when the system is under heavy use? Does it have something to do with alternating betweem 3 user profiles or : Does it have something to do with the latest Build 6513 installing a new Epp.sys driver or a new A2hooks64.dll? I have noticed that from the Code Integrity Logs that the A2hooks64.dll problem comes and goes and could very well be linked to when a2hooks64.dll is updated, as it is not always updated in all new build releases. I have not analyzed the dates and times at this point. An attempt at an explanation concerning these Code Integrity Logs will go a long way towards my moving on from these questions unless problems arise over the next few days. I will appreciate any insightful input very much. Thanks
  15. Since my system crashed I have not seen the same previous aggressive move upward in a2service memory values so there could be an unknown mitigating factor that is no longer present. Therefore I am doing the following: *will update to latest stable build *getting rid of AMD's catalyst and switching to their new Radeon Crimson Control(does not use ccc.exe or mom.exe,never haved liked those processes). The switch went over without any snags. I used AMD's clean uninstall utility after regular uninstall. *If the problem with a2service's elevated memory values returns I will open a new thread or join back on this one if it is still open and applicable. For now on I will just actively monitor the values and hope that the mitigating factor is removed either by AMD driver updates or MS's monthly Patches. Going forward, many of us who want to remain on Windows 7 will be facing a struggle to combat many of the important and recommended patches that will in the end make Win 7 have more compatibility problems. Best to choose your patches wisely and read the fine print and take notes. I just saying that most unknown mitigating factors will mostly be a result of Monthly MS patches and in many cases Graphics Drivers with full software packages. *To Jeremy: As you may recall, I did not have that "memory optimization" enabled in EAM settings. Also, if it happens again I will use Process Explorer and Task Manager just to be sure. *I wish everyone luck and will be following this thread. *Also my laptop with 8GB of physical memory has stabilized at 34% physical memory usage and has not gained any further. Win7 Pro with same EAM settings. It never did reach catastrophic values. Thanks