Yilee

Member
  • Content Count

    33
  • Joined

  • Last visited

Community Reputation

1 Neutral

About Yilee

  • Rank
    Member

Recent Profile Visitors

1506 profile views
  1. I can't adjust to spending more time getting what I quickly want from the All-In-One-Forensics Log. I was doing fine until the Delayed Update Option also started using the All-In-One-Forensics Log. Now I get livid when I have to deal with it and now I can't get my spouse to interpret the combined log so now I have to always do it. If several days pass between observations the effort it takes to get a clear picture going several days back is not acceptable especially when I was previously using a better method of individual log columns. This is for me EAM's first big Strike One, regardless of the placating this post may get. I'm not a Millennial, I'm much older. I like explicit Tool Bars on my Browsers and Desktops, still use classic views on OS and Browsers so I don't forget what options I have as I get older. Why do you younger people never look out for your elders? This complaint can be assumed to apply to other upcoming and past reasons why half the population still uses Windows 7 and a Browser with a classic view. I like my 30" monitor that I am currently typing on along with my 70" TV. I don't and never will watch TV on a Smart phone or a tablet, not even on an airline flight. If, as GT-500 mentioned that the move was not to save on coding and that it wasn't any harder one way or the other then give your users a choice to use individual log columns or the all-in-on since it's not so hard to do since all of the coding is already in place anyway!!!!!As you previously mentioned in another post in which I previously complained about this same issue Anyway at a glance, just looking at uptick in EAM problems since the 1st release of the all-in-one log build release it seems that things are starting to slightly get away from your control. Don't get me wrong, I still thing EAM is one of the best choices for OS malware protection when used with other measures, but just remember; 50% of Windows users still use Windows 7 and for good reasons-too many reasons to mention here. If you follow Microsoft and begin to mimic their behaviour and dumb down and simplify the UGI at the expense of those who require to clearly see and have access to tools and options you will begin to lose your advantage over other AV Solutions. Many years ago ZoneAlarm did the same thing plus they eventually just became evil and their program became a spy program that could not be neutered or managed. They could have chosen the honorable way and just died away in a respectful manner. Going forward I will probably just stop observing the logs unless a specific problem arises, however this is not to my liking. So, if the information is already in place to produce separate log columns, why not give the customers the option????
  2. Both Jeremy and GT500 have confirmed what I was pointing out! 1. I don't want to type anything. I don't like Drop-Down options unless they improve the interaction. In this case they degrade the interaction! prefer to click and move on quickly in each of the older style columns and only see info that pertains to one of the previous 6 log sections, and then occasionally the Forensics column was useful for a all in one historical check with a slightly different perspective to see if certain actions were interfering with other processes etc... I want every log column ready to go without changing anything except grabbing the scrollbar. Typing is for other areas such as Protection where you are looking for a specific rule or etc... 2. I disagree that the Forensics Log by itself was more useful and made the other logs redundant. Sometimes the Forensics log would not catch changes that the other logs did catch for whatever reason did not. So, that makes all the logs helpful and much more organized. 3. I would rather mindlessly click 6 or 7 columns than to thoughtfully with effort use a drop down list to catch up on Log HX! 4. Please don't placate me with answers that are inherently false and at best trying to brush off the issue that this change is a backwards move. 5. I will stay on the DELAYED UPDATE until forced off. 6. Let's have a vote on this one. Everyone please chime in on this particular change because if you let this one go by without protest then in a short while EAM will be so dumbed down because of CODE-COST-CUTTING-MEASURES that you will not be able to recognize it in the near future.
  3. Hello Once a day after manually updating I go to the Logs Tab, then starting from Right to Left with the Update tab then Quarantine etc.. to the Forensics tab, I very quickly check the top 2 or 3 entries in each section to see what happened since yesterday and it goes very fast and the results are concise. Lastly, I glance at the Forensics section to see if it confirms and very occasionally I will go through it's HX to check previous silent Browsing Blocks or other Historical events, but very seldom . This approach gives me great conformation and reassurance that all is in order and if not that I will definitely see any problems and I no longer have to think twice about the matter. Now with Build 8334 the only log remaining is a complicated Forensics Log with a Convoluted Management Drop-Down Box that takes up my time to deal with it plus I'm not certain that the upper section choice is much different from the lower section choices. Of course I did not give the Drop-Down List much of a chance because I knew right away that this was Cost-Cutting measure or a Code-Cutting measure not meant to serve it's users as well as the previous layout. Most all of the time these GUI changes are for the Best and the program is still one of my favorite modern contemporary program-app like installs. Also, in most cases the improvement is obvious and I go on my way without comment. However I have noticed that in the Main forum and in the Beta forum the advantages of the Majority of major GUI changes (good or bad) are not fully explained. This change has irritated me so much that I switched all 3 computers to delayed Update and will stay there until I am forced off or the Log situation is changed back or improved. I don't want to go back to using ONE Forensics Log that requires more time and attention to see what has taken place especially if I have not checked the log for a few days. Do you really thing people want to use optional drop-down filters to segregate only what they want to see at any time. The previous segregation worked wonderfully. I suppose it won't matter much if EAM starts to slowly go Downhill like many other things in this day and time. I plan on using Windows 7 well past 2020 (to keep using certain Non-Linux Programs when needed) along with Linux Mint or similar for Online activities. I am betting that Microsoft will offer the public extended security updates for Win7 for a monthly or yearly fee. I know that I as well as others would pay to continue using the best user friendly Windows OS ever build. They will never get the majority of users to use Windows 10 in it's current state. Based on Emsisoft's HX, I expect that EAM will no longer support Win7 past the year 2020, although I hope you can find the strength to push back at MS and support Win7 as long as the public continues to fervently use it and you had better start working on a Linux Version. There are a lot of Windows 7 users who have already tried and accepted certain Linux programs and will jump to them as soon as Windows 7 is truly unsafe to use online. That day is not far away. What will Emsisoft do? Continue to offer the best AV-Malware program on the market when used with other security measures or will you start to Dumb Down your customers with changes such as the new Log-Forensics Log Only which in some ways is similar to how Microsoft has dumbed down Windows 10 GUI meaningful user option-preference configuration access along with increased Telemetry. Please, no comments from newer users who have never used Windows 7. Thanks, Yilee
  4. Just to let you know, the lsass.exe registry handle leak warnings that I was getting at the same time that I was getting some a2service.exe leaks on the Builds prior to 7014 were not related. I'm sure you knew that. Many people on the internet have searched and failed for an answer concerning lsass.exe. I spoke too soon after updating to EAM 7035 and was getting them again after tweaking and rebooting both of my machines. I had to get serious about how to frame my search criteria on google and finally hit pay-dirt. In my case both computers were using SSD's and the laptop's USB 3.0 backup drive was also a SSD. The answer that I found on Expert's Exchange was to uncheck the "Enable Write Caching on this device" for any SSD drives, even the usb backup ssd. The solution worked immediately upon reboot. I don't perceive any reduction in performance and my acronis backups to the USB SSD are possibly faster. I have read other articles that disagree about whether there is actually any performance degradation concerning SSD drives. On mechanical drives it's best to leave the option checked. My opinion is that there is no noticeable difference on SSD drives. I am also quite sure that these separate lsass.exe leak alerts were caused by a windows update patch between july and nov 2016. I know this is off topic but I like to help when I can.
  5. Thanks GT and the Rest of the Team, my computers are doing well on the new Beta 7035. This ordeal was tough on me because I had just patched both of my computers with 5 months of Windows update patches just a few days before Build 7014 was released. So, between the previous registry leaks and then the problems with Build 7014 I have vowed never to wait so long in between Windows updates. In my case the issues has so many possibilities which caused me extra effort. I have learned my lesson. Thanks again for the feedback.
  6. I missed that Build 7035 was a Beta release. After looking at the list of issues that were addressed I did not see any evidence that addressed problems that can occur when trying to run other windows maintenance tasks at the same time a manual scan is initiated. Could you please consult with the team working on this matter if the fix is included in this beta or if the investigation is still ongoing. I noticed that another poster named Reerden recently sent in diagnostic logs concerning this very issue 12 hours ago about the same time the Beta release came out. I also read your reply to Reerden that the team believes that this issue has been fixed in the current 7035 beta release. I will wait for the stable release and for some feedback from Reerden. However, I still would like some input about these Registry Handle Leaks (Build 6859) when they occur on a locked down LAN system where users never use Remote connections ETC....??? Do they still present a risk when browsing the internet?? I ask because I do not know how long I will have to stay on build 6859. Thanks
  7. Thank You for the timely info. The problems are definitely related to .IO.IO input output errors as far as running Event Viewer/MMC Snap-In is concerned as there was an image that I included(several images) that I could not figure out how to attach or insert. I was tired and I don't blog much, I usually fix my own problems only with research. The problem is related to EAM not releasing the needed files to run various other tasks when it is running, especially during the starting phase of a manual scan. So, I have the following questions to GT500: 1. Dose EAM Build 7035 address this particular issue? From what I can tell it doesn't. If that's the case, then should I stay on delayed build 6859 for a while longer or are the a2service.exe registry leaks a concern for me even if I am protected by a secure LAN/UTM Gateway and I'm not involved with remote connections, VPN or other similar outgoing connections ? 2. Is there an easy way to insert images or upload jpeg's or gif's using Microsoft's built-in Snipping Tool if I first save the image using the "Snipping Tool" to a desktop file. The FILE choices are: PNG, GIF, JPG, AND MHT. What is the procedure? I couldn't find an FAQ section to address such question. I am not interested in creating an online dropbox link account or anything similar. Thanks again. Looks like I figured out how to add an image. I guess you have to do it where the curser is at the time you hit save edit. The following are the images that I wanted to insert in my primary post but didn't know how to get it done:
  8. ***If someone know an easy way to add the missing images I will get it done, Thanks The following article is about Misc. EAM Build 12.1.1.7014 Issues that can occur during a malware or full custom Scan at the beginning of the scan when EAM stall for a bit of time when the scan is just starting. I call it the "scan stall period". I have identified that if you open certain processes/tasks during this stall period these tasks will fail with error codes and all seem to be related to EAM not releasing (still in use) the processes for the user to use them. ***These errors are more easily duplicated when running a Full Custom Scan where on my laptop the scan usually allways stall for a bit at 50%. The stall is less noticable on the Malware Scan but the same errors can be produced if you are fast enough to open certain Tasks. On Builld 6859 this problem does not exist. I often start manual Scans and also begin certain maintanence checks during the beggining stages of most all manual scans that I trigger. The tasks that are affected during the starting stage of scans of Build 7014 to my knowledge are: ***Task Manager ***Event Viewer ***Run Maintanence Tasks in Action Center ***Saving WordPad rtf. files during scan problems(did not try Word). ****Also after enduring all of these problems (3 acronis system restores and duplicating the issues over and over in slightly different approaches) during a roll-back to delayed Build 6859, EAM would not start at reboot and showed brown in Taskbar and nothing would work for several minutes. After several minutes it would show green and Build 6859 would work but would keep failing at additional re-boots. I blame that problem on corruption caused by Build 7014 , because when I used a recent System Restore point to correct the problem, the Restore succeeded but hung with a blank blue screen for a miniute before explorer opened and the successful dialog box showed up. After that happened my system was corrupted. Instead of using Acronis to restore I reviewed the Event Viewer and saw a Service problem with the Windows Presentation Font Cache. I fixed that problem by deleting the font cache file in system32 and rebooted and the system was OK. Google the Procedure if affected. THE FOLLOWING IS MY STORY CONCERING BUILD 7014 WITH THE FOLLOWING MITIGATING FACTORS: *** I patched 2 windows 6 64Bit systems a laptop and a desktop with MS Udate patches from July through Nov. Only Net.framework,Security Only Monthly and a few misc. patches. No telemtry or new features. I immediately noticed that I was getting the same (5) lsass registry leaks from Local User SID's which I attributed to 2 MS patches that hardened SMB 445 Protocol for Homegroup and Remote connections. I plan on removing these patches. On both computers, I share common data folders on Drive C: and share them through homegroup. When I disable the sharing of these folders in Homegroup the lsass.exe registry leaks dissapear but are replaced with registry leaks from a2Service.exe with Build 6859. These leaks are not present with Build 7014, but the problems that it causes are the worst I have seen in a long time considering how cautious I am. ***Over the next few days I got hit with the stable EAM Build 7014 and immediately had the following problems. I have since successfully rolled back to EAM build 6859 and everything is just fine except for the Registry leaks that it causes when Re-booting. The following is what I encountered when initiating a manual Full Custom Scan and immediately trying to run the following tasks: 1. If you open Task Manager during the"Scan Stall Period" it will cause EAM to stop scanning and no Log File will be created and other issues become present once this occurs such as: ***See Event Viewer Admin Log BELOW produced when opening up Task Manager during the "Scan Stall Period", see error (red error, not warning) as follows: ******taskhost (4060) WebCacheLocal: An attempt to open the file "C:\Users\YEL\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).   2. *related to the above, once the scan fails and you close EAM Program Dialog UI Box and if you try to run the "Action Center\TroubleShooting\Run Maintanence Tasks" will fail to run with the following error (see error dialog boxes below or Event Log Entries:  *However, if you go directly to the Run Maintanence Task without first opening "Task Manager" during the "Scan Stall Period" the same error as above will also occur. *Also, if you wait for the "Scan Stall Period" to finish and resume it's normal scanning and do not immediately begin the mentioned maintanence tasks, the above problems do not occur. I usually like to perform certain maintanence checks as soon as I start manual scans. It's just a habit. I never had this problem with any of the older Builds of EAM . *Lastly. once you receive the below error dialog box, the only way to clear it up is to Re-Boot. Also, and most importantly if before rebooting if you try to update EAM 7014 you will get the other EAM "Unexpected Internal Processing Error Occured" which a re-boot will clear up also. I have duplicated this behaviour on 2 separate computers. Also other regular programs during the period before Re-boot become sluggish when trying to open them (don't open right away). ***The following is the error box that is received if you try to update EAM before Re-booting to clear up the Failed EAM Scan. OTHER NOTES: *The laptop has never produced significant issues since bought. *The problems above will occue on Admin or Standard User Profiles. *The problem continues to re-occur after Re-Boots when trying certain tasks during the initial "scan stall period. But, if you do not attempt to run any maintanence tasks , the EAM scan will complete successfully and produce a log if left alone and you don't try to run certain other Tasks as I will continue to describe, plus none of the problem effects describe so far will occur after a successful EAM Scan when left alone to complete. 3. Another Problem that can occur during the initial "Scan Stall Period" when trying to access the Event Log Viewer: Notes about the above error: * A reboot is not required for any reason after a few minutes once EAM finally offers a dialog box to confirm "Stop Scan. When the above error alerts happen, I always click pause then stop on the EAM Scan but it does not respond until several minutes later. Once it does respond with "do you really want to stop the scan" and click OK, then EAM will Update normally and the Event Viewer will work again and there are no problems with the Action Center. Everything seems OK, I believe because EAM has released it's use of the files needed to run the MMC snap-in/Event viewer and other items. I believe this is the case because in this case clicking OK to stop Scan causes EAM to release the needed files * Of course if you try to do anything before clicking OK to stop scan or if it's not offered then the Event viewer will continue to fail and an EAM update will produce the "internal processing error" dialog box. Plus, because the severity of the MMC Snap-in error seems more severe, if i continue to open other processes such as "Run Maintanence Task" in the Action Center and then Trying to update EAM and then producing the EAM "internal processing error" and then trying to Re-Boot, the following occurs likely due to OS corruption: ***Re-boot hangs during the "windows is shutting down" and requires turning off the laptop. I have my Power Button set to turn the laptop off just for such occasions. Sometimes I remove the Batteries in order to make sure any corrupted CMOS settings are removed. *** Also during the 1st part of the Re-boot process the screen shows that "TaskHost" is having trouble shutting down processes that refuse to close (EAM I suppose) and thus causes the shutting down/reboot process to hang and lock up permanently. The only way to solve the issue is to power off the laptop. ***After Turning off the laptop and then back on with the power button and automatically brought to the "Safe Mode" screen I enter safe mode and run a CHKDSK which shows no problems. Also SFC /scannow shows no errors. ****The "Scan Stall Period" is much more pronounced on Full Drive C: Custom scans and gives a user more time to open other Maintanence Task such as Event Viewer, ETC... Once the EAM scan gets past the " Scan Stall Period" the "Event Viewer" will work again, However the following errors can still be produced after the Full Drive C: Custom scan has been running for quite a while: ***Problem saving WordPad rtf file: ****As you can see I was unable to save to WordPad concerning this very document. ****Also Run Maintanence Tasks in Action Center completed the 1st standard user part but failed with the above error under the "run elevated as Admin" portion of the task. ****The spinning scan Icon continues to be active in the Taskbar even after pausing and trying to stop the scan. Eventually, EAM after several minutes will respond to the Stop Scan button and then I am able to save changes to my WordDoc, also the Elevated Run Maintanence Tasks in Action Center will run properly again without rebooting. Conclusion: This is complicated and I only have 2 days to renew my license. I will at this point roll EAM back to Delayed Updates and will just have to put up with the Registry Handle Leaks as long as none of the above effects are still present. I usually get a 1 yr/3 computer license and I was trying to get this resolved before renewing. I like a lot of the features offered on EAM and do not believe there are any other lightweight/unintrusive/not privacy invasive AV's available. What to do???? NOTE: Well I decided to again go back to the delayed Updates EAM build 6859 and to renew for now but now I encountered new problems after rolling back to build 6859 as I mentioned at the beggining of this article: ***Delay with EAM,WiFI, and anything else at startup after reboot. EAM shows Brown color and cannot be accessed after trying several reboots. ***(7) Registry Handle Leaks when rebooting only from the standard user profile. (2) from A2Service.exe and (5) from lsass.exe ***Taskhost when shutting down on all profiles shows delay in closing a program. ***New Event Viewer Error(red error) as follows:   SO I TRIED THE FOLLOWING: ***I did a System Restore to the point just before allowed EAM to Update to Build 7014 but that did not help and the same above Font Cache Error at startup remained. I have used System Restore in the same manner in the past and it usually corrects such problems as the Delayed Build 6859 did not cause this problem just before updating to build 7014. ****SEEMS LIKE ALL OF THE TROUBLESHOOTING EARLIER ON WITH BUILD 7014 DAMAGED MY "FONT CACHE SERVICE" IN A MANNER THAT SYSTEM RESTORE CANNOT OVERCOME OR THE ROLLBACK REMAINED CORRUPTED. I eventually fixed the above Font Cache Error and Rolled back to delayed build 6859 and everything is ok. I am not worried about my Registry Handle Leaks from a2service.exe or from lsass.exe because I am on a well insulated LAN with an external UTM Gateway with external BlueCoat content protection, IDP and Anti-Virus. I also do not ever make any remote connections. So, I know that my leaks are being caused locally likely by the new SMB 445 Protocol patches from MS and because I share common folders on Drive C: and use Homegroup. The Leaks do not occur if I turn off Homegroup. I have also Renewed for 1 more year. I would like to suggest that Emsisoft stop trying to be everthing to everyone and stick to an unbloated version of EAM, but at least stay compatible with Sandboxie and whatever else works with it now. Improving current features is fine but adding a lot of new features over time will put you out of business. InvinciaX is a new malware program on the horizon that I am keeping an eye on. Made by the same group who bought Sandboxie, which has been the most excellent 3rd party progrem that I have ever had the pleasure to use. I'm sure someone will duplicate these problems and send you guys some logs. I'm done with this stuff for a while. This wore me out. PS: Re-booting does not permanently solve this issue. It will continue.  *** As I mentioned at the top, there are missing images and if there is an easy way to insert them , please advise.
  9. Received the same error box as above and much more in the form of several problems. It's hard this time to know where to begin but I'm certain of my findings as I have been following this one particular issue about a Registry Handle Leak from EAM and also about 5 specific Registry Handle Leaks from lsass.exe after every re-boot for 2 months now. However, there were no side effects and the alerts were warning alerts not errors. My license is soon to expire and I wanted to get the handle leak from EAM Build 6970 fixed so I intended to perform a clean un-install then re-install (this has worked in the past for other issues). But at the last moment I decided to manually update EAM for no specific reason and I got hit with the new EAM build 7014 which immediately gave me problems when I performed Full Scan: *Severe corruption of programs ***service/mmc/snap-in functions **** corrupted my admins app data roaming folder ***also when I tried to update I got the "internal processing error dialog box". ***also any scans that I performed did not create any log files to view ***also the scans would hang for a bit at the beginning ***also if I tried to stop the scans that were hanging EAM would lock up and only a reboot would unhang it ***also noticed that I caused my Software Protection Service to terminate unexpectedly ***The same would happen on admin or user profiles *** also noticed a System .IO.IO Exception error. This is stuff I have never seen before. On the good side I discovered the following: ****When a scan did complete in a normal fashion (but without log) the scan was not slow as has been the case for a while. Yes I realize that the scan speed did improve a week or so ago but not as fast as in the past. Also the scan was using between 20 to 100 % CPU instead 0 to 10% like it had been doing recently. *********After many re-boots I noticed that the Registry Handle Leaks from EAM and from Lsass.exe were no longer present at all-never!! So, the above prompted me to perform some diagnostics and this is what I Discovered: 1. I found that if I removed(uninstall) EAM or if I completely turned off it's Start-up Protection as well as all other Protections so that it would not start-up at re-boot that I could re-boot as many times as possible and not have any Registry Handle Leaks from EAM or from Lsass.exe. 2. When I re-enabled all EAM functions and set it to delayed update to EAM Build 6859 I again received the Registry Handle Leaks from Lsass.exe and occasionally from EAM. 3. All Summer into early Fall I did not have any Reg Handle Leak warnings from lsass.exe or EAM or any other unusual warning or errors until I Performed Windows updates during the month of Nov 2016 and only Security Only Monthly for Windows and Net.framework 4.2 and 3.5 and a few other misc. I avoid telemetry and quality roll-ups. However because I was busy I had not updated since June 2016 because I wanted to see how Microsoft's update changes would play out. I do not worry about not patching because I use an external gateway with Bluecoat Content Protection with Active x and java blocked except for various Microsoft Active x is whitelisted for update purposes. The gateway has Anti-virus and IDP(intrusion detection signatures) also. I can blacklist any unwanted MS ActiveX updates, host url's or IP's. Using external protection is how I intend to use windows 7 for many years past 2020. *In conclusion my Wind 7 OS works fine with the Nov. 2016 Windows Patches without EAM Installed. *It was OK with EAM build 6970 and the older EAM build 6859 even with Registry Handle Leak Warnings because the leak warning did not cause problems. *I know that there was a MS patch in May 2016 that was released to fix lsass.exe Leaks but it caused issues with Emet 5.5 on 32 bit Win 7 OS, so I avoided it. However, I looked it up again and used Microsoft Update Catalog to see if it was superceded and it was several times and was included in the Oct. 2016 Security Only Release. So I have been patched for the Lsass.exe leak. Anyway, I use Emet 5.2 on a 64Bit OS. Never gives me trouble. Spent a lot of time getting it right and it's been perfect ever since. *So my final conclusion is because EAM worked perfectly up until Nov 2016 with Builds 6859 through 6970 without any Windows update patches since June 2016 I can only conclude that there is a problem with EAM and a certain Windows update patch that was released since July 2016. *I am also saying that there are a lot of bloggers complaining about the same identicle (5) lsass.exe Registry Handle Leaks during the last several months and no one has resolved the issue. MS states that since it's only a warning that it's probably a timing issue at start-up after re-boot. Sounds reasonable as long as the alerts do not produce problems. I now suspect that MS may have released a patch that is making it difficult for 3rd party Anti-virus programs to work flawlessly. Since, they finally gave up on the Win 10 auto installs, it's likely that they will find other ways to get users to give up on Windows 7. * I suspect that by tomorrow Emsisoft will have many other users complaining about EAM build 7014. I however intend to just monitor the situation for a while and use the delayed release version. I'm busy with other stuff. I hope you guys can get to the bottom of this. I know for a fact that while not widely published, your team has been working on the EAM A2service.exe Registry Handle Leak for a long while and this Build 7014 Hotfix is the worse fix that I have had happen to my OS in a long while. Please look over the timeline that I described. The problem is definitely related to a windows update Patch. *I am worried that I will have to stop patching windows 7 well before 2020 because all of the 3rd party programs such as yours will have to work with the changes that are mostly aimed at windows 10 which will make it harder for you to make your program work well in windows 7(eventually). Your EAM program presents with an unusual problem that I don't have with other 3rd party Programs in that you mandate that program Updates be included with AV definitions. Well I have 2 suggestions: a. Maybe make separate EAM Programs for Windows 7 and Windows 10(I realize that from your point of view that this is a laughable suggestion, but MS is not going to make it easy for you to make your programs backwards compatible with Windows 7 like they did with Win XP. You guy's will be forced to abandon Windows 7 out of pure frustration over the coming months. Just as our political system is turning to crap and using nasty hardball tactics so will the software arena. b. Maybe have the EAM program create a restore point before changing to the next Build. This idea is not laughable. I was lucky that I had very recent Restore points. I also have Acronis backups but it takes extra effort to do a restoration. Not everyone is prepared as I am. I don't know how others that have very limited computer knowledge deal with these times. If they are young enough I guess they don't know the difference. Can't help but rant a little. I don't suspect your team has any answers yet, so I will just monitor the situation while I use the delayed update. Thanks
  10. Hello This could be helpful information. After updating to build EAM 6513 I checked various logs (routinely) and noticed 3 of the above titled log entries(under CodeIntegrity Logs) starting 2 minutes after the new build update finished. I have seen these entries sporadically (3 or 4 times a month) since 12-08-15. Also, per older complete memory dumps(1 month or older) the epp.sys driver was blamed by WhoCrashed Program. So about 4 weeks ago I did a clean uninstall of EAM and epp.sys driver and the Emet 5.2 program and then did a Net Framework Repair Tool repair with success. I ran it on all 3 user profiles to be sure all user profiles were successful. I re-installed EAM (the prior build to current one) plus emet 5.2 and have had no problems for around 10 days (no need to reboot) concerning any Net Framework garbage collection issues or crash dumps or apps stopped working issues. I also noticed in the Code Integrity Log (after re-installing EAM after clean uninstall using Emsiclean Removal) that the Code Integrity log entries no longer appeared and I was very satisfied plus my system was running for many days at a time without any problems such as app stopped working or BSOS's or Framework garbage collection timing issues. Per crashdumps and MS Reliability App compatibility Reports, I believe most of my occasional app stopped working were either due to Framework Garbage Collection or a2hooks64.dll hanging up under heavy video browsing sometimes leading to a epp.sys bsod. I also noticed that all of these problems stopped happening after I made the above mentioned repairs and re-installs. (Basically programs that rely heavily on Net Framework 4.5.2. But, now since my update to build 6513 the log entry: Code Integrity is unable to verify the image integrity of the file a2hooks64.dll because the set of per-page image hashes could not be found on the system has reappeared since the EAM build 6513 update. It has only been 1 whole day since I updated to build 6513 (done on 070316) and everything went smoothly but : I am concerned that I may start encountering problems again related to A2hooks64.dll or epp.sys and I will let you know promply. Question: Why does A2hooks64.dll specifically have problems with Code Integrity Checks? I am sure that the file is properly signed as I have checked. Is it a timing issue when the system is under heavy use? Does it have something to do with alternating betweem 3 user profiles or : Does it have something to do with the latest Build 6513 installing a new Epp.sys driver or a new A2hooks64.dll? I have noticed that from the Code Integrity Logs that the A2hooks64.dll problem comes and goes and could very well be linked to when a2hooks64.dll is updated, as it is not always updated in all new build releases. I have not analyzed the dates and times at this point. An attempt at an explanation concerning these Code Integrity Logs will go a long way towards my moving on from these questions unless problems arise over the next few days. I will appreciate any insightful input very much. Thanks
  11. Since my system crashed I have not seen the same previous aggressive move upward in a2service memory values so there could be an unknown mitigating factor that is no longer present. Therefore I am doing the following: *will update to latest stable build *getting rid of AMD's catalyst and switching to their new Radeon Crimson Control(does not use ccc.exe or mom.exe,never haved liked those processes). The switch went over without any snags. I used AMD's clean uninstall utility after regular uninstall. *If the problem with a2service's elevated memory values returns I will open a new thread or join back on this one if it is still open and applicable. For now on I will just actively monitor the values and hope that the mitigating factor is removed either by AMD driver updates or MS's monthly Patches. Going forward, many of us who want to remain on Windows 7 will be facing a struggle to combat many of the important and recommended patches that will in the end make Win 7 have more compatibility problems. Best to choose your patches wisely and read the fine print and take notes. I just saying that most unknown mitigating factors will mostly be a result of Monthly MS patches and in many cases Graphics Drivers with full software packages. *To Jeremy: As you may recall, I did not have that "memory optimization" enabled in EAM settings. Also, if it happens again I will use Process Explorer and Task Manager just to be sure. *I wish everyone luck and will be following this thread. *Also my laptop with 8GB of physical memory has stabilized at 34% physical memory usage and has not gained any further. Win7 Pro with same EAM settings. It never did reach catastrophic values. Thanks
  12. In my case it goes without saying that I always check all logs available with or without having a complete memory crash dump report (i use WhoCrashed to analyze and keep running records). When I say all logs I am referring to all Windows event logs and all Application and Sevices Logs/Microsoft/Windows logs looking for clues that I can put together around the time of the crash event. I even Review the Reliability Report inside the Action Center GUI. Everything points to the fact that after the resource intensive Full Acronis Backup Successfully completed(validated) the system entered the idle state(per event log) and began the partial stopping of services(didn't finish) in order to enter the sleep phase. However it must have ran out of memory resources and became paralyzed because its memory resources became depleted during midstream. My guess is that if I had been there to observe, it is likely that i would have seen some memory depletion warnings during the acronis backup. But the backups are performed while I am sleeping. As far as a2service's memory values are concerned, in my previous post I stated that I enabled all of the memory value column options in Task Manager(working set,peak working,private working,commit size, paged pool, NP Pool) and also kept tabs on my physical memory % usage. Just before the improper shutdown/sleep/resume lockup/crash occured all of the a2service memory values were each elevated in the 6 to 7 GB range and my physical memory usage the night before the system freeze/crash was at 81 %. So, you can always assume that I have always looked at all of my logs. So the question remains, do you want me to perform the debugging process on build 6315 or would you prefer I use the next stable build?
  13. Yes. this issue would only apply to those users who for whatever reason prefer to leave their machine running for up to 2 to 4 weeks at a time and avoid reboots except for when monthly MS update patches are installed. Reboots will reset a2service memory values back to normal. I am not sure about EAM or EIS program restarts at this time. I plan to test that later when I update to the next build. I'm currently giving my machine a few days to elevate the a2service memory values before I update to the newest stable build so that I can see if a2service memory values return to normal ranges. The issue is also affected by how much the machine is used and the type of tasks performed. Task such as streaming video, acronis backups and heavy surfing real-time charting with many windows and tabs open will cause all of the a2service memory values to rise quickly. In my case it takes about 6 to 14 days to crash the machine without causing a BSOD and no obvious driver errors depending on how much heavy use I put the machine through. See my previous post above for details.
  14. Thank You for your support offer. Over the weekend the following Happened: 1.With my Physical memory at around 85% and with a2service with even higher memory values than what I previously posted the system finally did crash but not with a BSOD. I woke up to find the computer unresponsive to the keyboard and mouse and a black monitor. The system fans were still running which indicates that the OS did not enter it's usual sleep mode. 2. After hitting the reset button I performed a chkdsk in safe mode and then a SFC /scannow, both were ok. Since the OS did not formally crash I don't have a full memory crash dump to analyze, which I would have if it had BSOD'ed. 3. The only significant info that made any sense to me was the following: a. The improper shutdown happened within a minute of my OS completely finishing an Acronis Full Backup instead of a Differential which takes up much more memory resources than does Differential and only happens around every 12 days per schedule. b. Just based on my experience and my speculation the way in which the system was unable to immediately go back to sleep after the Acronis backup as per schedule indicates that it most likely ran out of memory resources while initiating the idle/sleep routine. If it just ran out of system memory in the middle of this routine, the way that I found it make sense that it was unresponsive with no BSOD. I have my OS setup to stay on any BSOD and not to auto reboot. 4. So, the system was manully rebooted and now all of the memory values are back to normal and have only slighty grown but I have not been using the computer much. My other computer(laptop) is now at 40 % physical memory use and the only Process that continues to grow larger and larger is a2service. After reboot this computer started out at 13% physical memory but in 2 days is up to 18% due to a2service memory values continuing to grow. So, what would you have me do for now? I'm still running build .6315 which is OK with me as I employ other external anti-malware at the gateway. Would you prefer that I update 1st and get back to you if a2service's memory values get up to 4GB's usage range and then turn on the Debugger or just stay with build .6315 and wait the same way. I prefer to debug it once its' close crashing again or maybe the problem might disappear. What approach would you like to take?
  15. I understand. Please don't worry about this issue until you are caught up and ready. I'm in no hurry for now, at least until my computer crashes. I will continue to post updates and after it crashes I may have to open up my own thread. Thanks