Jump to content

Yilee

Member
  • Posts

    41
  • Joined

  • Last visited

Everything posted by Yilee

  1. In the Forums Profile Settings I did not see an option to set up 2-factor authentication. If it is there please feel free to direct me otherwise I will just deal with the email password reset as a variation of 2-factor auth by just re-entering my original password using auto-fill. I will check for a reply only in case there is an easy fix. Thanks
  2. Well the above in the title occurs every time I try to log in even after setting a new password. The second time I just reused my existing password so it's not because my password manager is entering it wrong. I use session cookies only and wipe clean most all HX in both Firefox and Pale Moon using settings and Sandboxie but that has never caused issues for any login accounts that use passwords. I use KeePass password manager to login so it's very consistent. It would seem that the new password reset link that Emsisoft sends is really just a form of 2 factor authentication. If that's the case then it seems there is no issue, otherwise it seems a little strict for a forum login. Just let me know if it's expected behavior for Forum Login. Thanks
  3. Thanks for the extension of support. I would like to encourage Emsisoft to consider a longer extension of support based on a few other Malware-AV vendors that reach out to early 2022 or have not yet set an EOL date. Just a thought.
  4. Well the title sums up my question. I am hoping to get a heads up before March 31 2021 about the EOL status concerning Windows 7. I plan on using my three Win7 computers for as long as possible and as long as they continue to perform without any types of issues. I keep all of my other programs up to date as much as possible plus I use many other security measures. I am willing to renew with Emsisoft for as long as possible, as I am quite satisfied. I do have new iPAD with a KeePass password app as a backup OS to pay bills, access important accounts ETC... in case my large Win7 desktops have to be abandoned in the future. I'm too old to keep building desktops or dealing with learning new OS systems so I will probably steer myself towards the OS system that is most straight-forward and uses a simple update approach. Windows 10 does not meet my wants and needs concerning their updates and various new Builds and update bugs that are hard to stomach. I never thought I would embrace the Apple IOS (14) but their iPAD with IOS is smooth, fast, straight-forward updates and seemingly very secure. IOS doesn't even require 3rd party malware protection except for add-blocking. Of course I cant use my 15 year old Fijitsu Commercial scanner with Linux, IOS or a Mac. I am very spoiled with Windows 7 as I am heavily invested with Win7 hardware and software. So the bottom-line for me is that Linux-mint or similar (have used) would be feasible if I were younger. So that leaves my migrating to a Windows 10 laptop or Mac Laptop linked to my new 32" monitors. I got the iPad for my spouse. I hate small devices for medical reasons. However, I will continue to use my other Windows 7 computers for as long as possible and will need to find a Malware-AV vender that is planning to continue supporting Windows 7 for a good while longer. There are some that I have located, but I would rather not switch away from EAM. I'm sure that there are others (25% of Windows users) that feel the same way. I am hoping that it is really not that difficult for Emsisoft to continue coding to support Windows 7 perhaps with a disclaimer. Otherwise, I will look your way again in the future if I end up using a supported OS system. Thanks
  5. 1. I tend to agree about the AMD cpu's but I'm not up to date. It does seem that Intel has more issues. 2.In my case, I do not use any remote desktop connections and the bulk of my security is in our closet using a zywall usg security gateway with AV, IDP AND CONTENT PROTECTION AT THE FIREWALL. Also I have many creative FW rules to only allow protocols that I am aware of and nothing else. I use country GEO blocks, Trusted and unstrusted host sites with wildcards etc...It's very customized. The only thing I keep wondering about is if Cyren-Commtouch can be trusted for content protection indefinitely into the future. None the less, I would feel naked if I didn't use EAM, Outdated Sandboxie(works well on win7) and Ublock Origin to make browsing pleasant. 3. Canadian Tech (I believe) at askwoody website has many customers on Win7 that have been fine without Win7 updates for over 1 to 2 years. I personally wait up to several months until there comes a month where all of the previous patch bugs finally have been fixed (it does happen). Edit: I also to this day have remained in Group B (using Security Only Patches) and I did not download any patches with Win7 Telemetry(I am stubborn). I still intend to use 0Patch in the near future once they show that they are reliable and can promptly fix conflicts as they arise. Stop Edit. 4. In the end, I believe the biggest exposure is to those who want to use any and every service,game etc especially when remote connections are involved. I also believe that if a user does not involve themselves in remote services, cloud services ect and uses good practices along with some of the security techniques I described, they would probably be able to use a unpatched Win 7 machine for several years as long as a 3rd party Browser was up to date. 5. 0Patch did have a recent Hooking conflict with Firefox 72 and 73 but it is to be fixed quickly per both parties. So, 0Patch can sometimes conflict with certain 3rd party programs like AV and Browsers. 6. I'm surprised that no one else came forward as having the same problem with the way my EAM scheduled custom scans were behaving. Please let me know if QA finds anything. Otherwise, I will just wait for the next delayed release. 7. Lastly, why can't Emsisoft (for a fee) just release a version for Win7 that keeps the EAM components in a static state and just provide definition updates and tweaks???
  6. Thank you for the Win7 EOL info. I'm just a little surprised that Win 8.1 is also ending March 31, 2021, but the OS doesn't have much market share. I do have an unused Win 8.1 Pro license. I will prepare accordingly but I am quite certain that I will not build a Win10 system, perhaps Linux Mint or other Linux Enterprise version(will cost money) along side my Win7 set-up. Google and Apple are both in the process of degrading their Full unlimited Extensions to abbreviated Extensions that use much less lines of Code with less kernel or API access. Over my head to explain. The bottom line is that Ad-Blocker Extensions such as Ublock Origin will no longer be developed for Chome and IOS13 users of Iphone and Ipad Pro. So far, only the desktop version of Firefox Quantum along with Pale Moon and other Firefox Forks will be able to use the full Blown extension types going forward(or very soon). I will do what I can to pursue using full blown ad-blockers with Sandboxie 5.26 to 5.30 on whatever OS that will continue to support Firefox Quantum and Pale Moon (alternate them) desktop browser versions in the future. Hopefully, Mozilla will not follow Google and Apple. Those of us that care about such matters will soon be facing hard decisions. I also use AV,IDP and Cyren Content Protection at a Zywall USG Firewall-Gateway with many Firewall Rules. Soon to add Open-VPN. 0Patch uses lightweight patch that only fixes the security bug and is done in memory at start-up. The process does not change any Windows system files, and this is how they purport to not cause potential issues with other 3rd party programs. Moving on. 1. What other Operating Systems does EAM support? 2. Concerning my original problem, I have some additional information. ***I never did try the current EAM release. However, I did play around with the setting's and narrowed down the issue and this is what I found. a. I found that ever though the scheduled custom scans when opened, and then clicking the "what" tab shows "quick scan" when it should show "custom". b. However, if I just click cancel without making any changes inside the "what-configure" screen, the Main scheduled screen will still show as "custom" and the scans still run as expected. c. But if the "what/configure" settings tab is accessed, then all of the original custom settings will be LOST and will have to be re-entered and saved and not bothered again once "OK" is checked to exit the settings dialog boxes. d. So in the end it is not a big problem as long as you understand not to bother the "what-configure" settings. Even though the "What" tab shows Quick Scan" the custom scheduled scans will still work as expected. e. In the end, all of the above may be expected behavior, as I can't remember for sure. So, let me know if the above is expected behavior or is a minor bug. Thanks
  7. I will change the update settings from stable to current version and will see if I can schedule a custom scan that keeps its settings and get back to you. As far as patching goes I am looking into 0Patch_com to obtain critical security patches. All of the reviews at askwoody_com have reported that they are reputable and offer lightweight patch protection only for the most serious security holes that occasionally do arise. Thanks
  8. Recently since delayed version update to 2019.11.1.9884 I noticed that when i went to run a scheduled custom scan of my external drive only that the scan was much too fast. Upon looking at the settings under "WHAT" TO SCAN THEN "CONFIGURE" that the scan was set up as a Quick Scan and not Custom which explained why the scan went so fast. Edit: I really don't know when this problem started because it was just coincidental that I went to run one of my existing custom scheduled scans just one day after the above update. Furthermore, after I reset all the custom "what to scan" settings I discovered that I could run the Custom Scan before exiting the settings but once I clicked OK to exit and went back into the settings it continues to revert back to "Quick Scan". So I have "3 different Custom Scans" set up on 3 different Win7 computers and they are all behaving the same way. Also, this problem remains even if I am logged into an ADMIN USER ACCOUNT. It's not a big deal as I can always run a MANUAL CUSTOM SCAN USING SAVED SETTINGS, but I would eventually prefer that the scheduled settings would remain in place and run correctly. I prefer not to provide a troubleshooting log as I do not like to share such data or any data for that matter. I am hoping that someone else might check to see if this is happening on other users computers or if it can be duplicated. All of my Windows 7 Pro and 2 Ultimate computers are updated through Dec2019 and have the Sept 2019 Service Stack Patch which is the minimum SSU required to get any lingering updates or to update Office 2010. I have been using EAM for several years without any problems for at least 2 years or more now. Any help about the above matter would be appreciated. Extra question: How much longer will EAM be supported on Windows 7 ???
  9. I can't adjust to spending more time getting what I quickly want from the All-In-One-Forensics Log. I was doing fine until the Delayed Update Option also started using the All-In-One-Forensics Log. Now I get livid when I have to deal with it and now I can't get my spouse to interpret the combined log so now I have to always do it. If several days pass between observations the effort it takes to get a clear picture going several days back is not acceptable especially when I was previously using a better method of individual log columns. This is for me EAM's first big Strike One, regardless of the placating this post may get. I'm not a Millennial, I'm much older. I like explicit Tool Bars on my Browsers and Desktops, still use classic views on OS and Browsers so I don't forget what options I have as I get older. Why do you younger people never look out for your elders? This complaint can be assumed to apply to other upcoming and past reasons why half the population still uses Windows 7 and a Browser with a classic view. I like my 30" monitor that I am currently typing on along with my 70" TV. I don't and never will watch TV on a Smart phone or a tablet, not even on an airline flight. If, as GT-500 mentioned that the move was not to save on coding and that it wasn't any harder one way or the other then give your users a choice to use individual log columns or the all-in-on since it's not so hard to do since all of the coding is already in place anyway!!!!!As you previously mentioned in another post in which I previously complained about this same issue Anyway at a glance, just looking at uptick in EAM problems since the 1st release of the all-in-one log build release it seems that things are starting to slightly get away from your control. Don't get me wrong, I still thing EAM is one of the best choices for OS malware protection when used with other measures, but just remember; 50% of Windows users still use Windows 7 and for good reasons-too many reasons to mention here. If you follow Microsoft and begin to mimic their behaviour and dumb down and simplify the UGI at the expense of those who require to clearly see and have access to tools and options you will begin to lose your advantage over other AV Solutions. Many years ago ZoneAlarm did the same thing plus they eventually just became evil and their program became a spy program that could not be neutered or managed. They could have chosen the honorable way and just died away in a respectful manner. Going forward I will probably just stop observing the logs unless a specific problem arises, however this is not to my liking. So, if the information is already in place to produce separate log columns, why not give the customers the option????
  10. Both Jeremy and GT500 have confirmed what I was pointing out! 1. I don't want to type anything. I don't like Drop-Down options unless they improve the interaction. In this case they degrade the interaction! prefer to click and move on quickly in each of the older style columns and only see info that pertains to one of the previous 6 log sections, and then occasionally the Forensics column was useful for a all in one historical check with a slightly different perspective to see if certain actions were interfering with other processes etc... I want every log column ready to go without changing anything except grabbing the scrollbar. Typing is for other areas such as Protection where you are looking for a specific rule or etc... 2. I disagree that the Forensics Log by itself was more useful and made the other logs redundant. Sometimes the Forensics log would not catch changes that the other logs did catch for whatever reason did not. So, that makes all the logs helpful and much more organized. 3. I would rather mindlessly click 6 or 7 columns than to thoughtfully with effort use a drop down list to catch up on Log HX! 4. Please don't placate me with answers that are inherently false and at best trying to brush off the issue that this change is a backwards move. 5. I will stay on the DELAYED UPDATE until forced off. 6. Let's have a vote on this one. Everyone please chime in on this particular change because if you let this one go by without protest then in a short while EAM will be so dumbed down because of CODE-COST-CUTTING-MEASURES that you will not be able to recognize it in the near future.
  11. Hello Once a day after manually updating I go to the Logs Tab, then starting from Right to Left with the Update tab then Quarantine etc.. to the Forensics tab, I very quickly check the top 2 or 3 entries in each section to see what happened since yesterday and it goes very fast and the results are concise. Lastly, I glance at the Forensics section to see if it confirms and very occasionally I will go through it's HX to check previous silent Browsing Blocks or other Historical events, but very seldom . This approach gives me great conformation and reassurance that all is in order and if not that I will definitely see any problems and I no longer have to think twice about the matter. Now with Build 8334 the only log remaining is a complicated Forensics Log with a Convoluted Management Drop-Down Box that takes up my time to deal with it plus I'm not certain that the upper section choice is much different from the lower section choices. Of course I did not give the Drop-Down List much of a chance because I knew right away that this was Cost-Cutting measure or a Code-Cutting measure not meant to serve it's users as well as the previous layout. Most all of the time these GUI changes are for the Best and the program is still one of my favorite modern contemporary program-app like installs. Also, in most cases the improvement is obvious and I go on my way without comment. However I have noticed that in the Main forum and in the Beta forum the advantages of the Majority of major GUI changes (good or bad) are not fully explained. This change has irritated me so much that I switched all 3 computers to delayed Update and will stay there until I am forced off or the Log situation is changed back or improved. I don't want to go back to using ONE Forensics Log that requires more time and attention to see what has taken place especially if I have not checked the log for a few days. Do you really thing people want to use optional drop-down filters to segregate only what they want to see at any time. The previous segregation worked wonderfully. I suppose it won't matter much if EAM starts to slowly go Downhill like many other things in this day and time. I plan on using Windows 7 well past 2020 (to keep using certain Non-Linux Programs when needed) along with Linux Mint or similar for Online activities. I am betting that Microsoft will offer the public extended security updates for Win7 for a monthly or yearly fee. I know that I as well as others would pay to continue using the best user friendly Windows OS ever build. They will never get the majority of users to use Windows 10 in it's current state. Based on Emsisoft's HX, I expect that EAM will no longer support Win7 past the year 2020, although I hope you can find the strength to push back at MS and support Win7 as long as the public continues to fervently use it and you had better start working on a Linux Version. There are a lot of Windows 7 users who have already tried and accepted certain Linux programs and will jump to them as soon as Windows 7 is truly unsafe to use online. That day is not far away. What will Emsisoft do? Continue to offer the best AV-Malware program on the market when used with other security measures or will you start to Dumb Down your customers with changes such as the new Log-Forensics Log Only which in some ways is similar to how Microsoft has dumbed down Windows 10 GUI meaningful user option-preference configuration access along with increased Telemetry. Please, no comments from newer users who have never used Windows 7. Thanks, Yilee
  12. Just to let you know, the lsass.exe registry handle leak warnings that I was getting at the same time that I was getting some a2service.exe leaks on the Builds prior to 7014 were not related. I'm sure you knew that. Many people on the internet have searched and failed for an answer concerning lsass.exe. I spoke too soon after updating to EAM 7035 and was getting them again after tweaking and rebooting both of my machines. I had to get serious about how to frame my search criteria on google and finally hit pay-dirt. In my case both computers were using SSD's and the laptop's USB 3.0 backup drive was also a SSD. The answer that I found on Expert's Exchange was to uncheck the "Enable Write Caching on this device" for any SSD drives, even the usb backup ssd. The solution worked immediately upon reboot. I don't perceive any reduction in performance and my acronis backups to the USB SSD are possibly faster. I have read other articles that disagree about whether there is actually any performance degradation concerning SSD drives. On mechanical drives it's best to leave the option checked. My opinion is that there is no noticeable difference on SSD drives. I am also quite sure that these separate lsass.exe leak alerts were caused by a windows update patch between july and nov 2016. I know this is off topic but I like to help when I can.
  13. Thanks GT and the Rest of the Team, my computers are doing well on the new Beta 7035. This ordeal was tough on me because I had just patched both of my computers with 5 months of Windows update patches just a few days before Build 7014 was released. So, between the previous registry leaks and then the problems with Build 7014 I have vowed never to wait so long in between Windows updates. In my case the issues has so many possibilities which caused me extra effort. I have learned my lesson. Thanks again for the feedback.
  14. I missed that Build 7035 was a Beta release. After looking at the list of issues that were addressed I did not see any evidence that addressed problems that can occur when trying to run other windows maintenance tasks at the same time a manual scan is initiated. Could you please consult with the team working on this matter if the fix is included in this beta or if the investigation is still ongoing. I noticed that another poster named Reerden recently sent in diagnostic logs concerning this very issue 12 hours ago about the same time the Beta release came out. I also read your reply to Reerden that the team believes that this issue has been fixed in the current 7035 beta release. I will wait for the stable release and for some feedback from Reerden. However, I still would like some input about these Registry Handle Leaks (Build 6859) when they occur on a locked down LAN system where users never use Remote connections ETC....??? Do they still present a risk when browsing the internet?? I ask because I do not know how long I will have to stay on build 6859. Thanks
  15. Thank You for the timely info. The problems are definitely related to .IO.IO input output errors as far as running Event Viewer/MMC Snap-In is concerned as there was an image that I included(several images) that I could not figure out how to attach or insert. I was tired and I don't blog much, I usually fix my own problems only with research. The problem is related to EAM not releasing the needed files to run various other tasks when it is running, especially during the starting phase of a manual scan. So, I have the following questions to GT500: 1. Dose EAM Build 7035 address this particular issue? From what I can tell it doesn't. If that's the case, then should I stay on delayed build 6859 for a while longer or are the a2service.exe registry leaks a concern for me even if I am protected by a secure LAN/UTM Gateway and I'm not involved with remote connections, VPN or other similar outgoing connections ? 2. Is there an easy way to insert images or upload jpeg's or gif's using Microsoft's built-in Snipping Tool if I first save the image using the "Snipping Tool" to a desktop file. The FILE choices are: PNG, GIF, JPG, AND MHT. What is the procedure? I couldn't find an FAQ section to address such question. I am not interested in creating an online dropbox link account or anything similar. Thanks again. Looks like I figured out how to add an image. I guess you have to do it where the curser is at the time you hit save edit. The following are the images that I wanted to insert in my primary post but didn't know how to get it done:
  16. ***If someone know an easy way to add the missing images I will get it done, Thanks The following article is about Misc. EAM Build 12.1.1.7014 Issues that can occur during a malware or full custom Scan at the beginning of the scan when EAM stall for a bit of time when the scan is just starting. I call it the "scan stall period". I have identified that if you open certain processes/tasks during this stall period these tasks will fail with error codes and all seem to be related to EAM not releasing (still in use) the processes for the user to use them. ***These errors are more easily duplicated when running a Full Custom Scan where on my laptop the scan usually allways stall for a bit at 50%. The stall is less noticable on the Malware Scan but the same errors can be produced if you are fast enough to open certain Tasks. On Builld 6859 this problem does not exist. I often start manual Scans and also begin certain maintanence checks during the beggining stages of most all manual scans that I trigger. The tasks that are affected during the starting stage of scans of Build 7014 to my knowledge are: ***Task Manager ***Event Viewer ***Run Maintanence Tasks in Action Center ***Saving WordPad rtf. files during scan problems(did not try Word). ****Also after enduring all of these problems (3 acronis system restores and duplicating the issues over and over in slightly different approaches) during a roll-back to delayed Build 6859, EAM would not start at reboot and showed brown in Taskbar and nothing would work for several minutes. After several minutes it would show green and Build 6859 would work but would keep failing at additional re-boots. I blame that problem on corruption caused by Build 7014 , because when I used a recent System Restore point to correct the problem, the Restore succeeded but hung with a blank blue screen for a miniute before explorer opened and the successful dialog box showed up. After that happened my system was corrupted. Instead of using Acronis to restore I reviewed the Event Viewer and saw a Service problem with the Windows Presentation Font Cache. I fixed that problem by deleting the font cache file in system32 and rebooted and the system was OK. Google the Procedure if affected. THE FOLLOWING IS MY STORY CONCERING BUILD 7014 WITH THE FOLLOWING MITIGATING FACTORS: *** I patched 2 windows 6 64Bit systems a laptop and a desktop with MS Udate patches from July through Nov. Only Net.framework,Security Only Monthly and a few misc. patches. No telemtry or new features. I immediately noticed that I was getting the same (5) lsass registry leaks from Local User SID's which I attributed to 2 MS patches that hardened SMB 445 Protocol for Homegroup and Remote connections. I plan on removing these patches. On both computers, I share common data folders on Drive C: and share them through homegroup. When I disable the sharing of these folders in Homegroup the lsass.exe registry leaks dissapear but are replaced with registry leaks from a2Service.exe with Build 6859. These leaks are not present with Build 7014, but the problems that it causes are the worst I have seen in a long time considering how cautious I am. ***Over the next few days I got hit with the stable EAM Build 7014 and immediately had the following problems. I have since successfully rolled back to EAM build 6859 and everything is just fine except for the Registry leaks that it causes when Re-booting. The following is what I encountered when initiating a manual Full Custom Scan and immediately trying to run the following tasks: 1. If you open Task Manager during the"Scan Stall Period" it will cause EAM to stop scanning and no Log File will be created and other issues become present once this occurs such as: ***See Event Viewer Admin Log BELOW produced when opening up Task Manager during the "Scan Stall Period", see error (red error, not warning) as follows: ******taskhost (4060) WebCacheLocal: An attempt to open the file "C:\Users\YEL\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).   2. *related to the above, once the scan fails and you close EAM Program Dialog UI Box and if you try to run the "Action Center\TroubleShooting\Run Maintanence Tasks" will fail to run with the following error (see error dialog boxes below or Event Log Entries:  *However, if you go directly to the Run Maintanence Task without first opening "Task Manager" during the "Scan Stall Period" the same error as above will also occur. *Also, if you wait for the "Scan Stall Period" to finish and resume it's normal scanning and do not immediately begin the mentioned maintanence tasks, the above problems do not occur. I usually like to perform certain maintanence checks as soon as I start manual scans. It's just a habit. I never had this problem with any of the older Builds of EAM . *Lastly. once you receive the below error dialog box, the only way to clear it up is to Re-Boot. Also, and most importantly if before rebooting if you try to update EAM 7014 you will get the other EAM "Unexpected Internal Processing Error Occured" which a re-boot will clear up also. I have duplicated this behaviour on 2 separate computers. Also other regular programs during the period before Re-boot become sluggish when trying to open them (don't open right away). ***The following is the error box that is received if you try to update EAM before Re-booting to clear up the Failed EAM Scan. OTHER NOTES: *The laptop has never produced significant issues since bought. *The problems above will occue on Admin or Standard User Profiles. *The problem continues to re-occur after Re-Boots when trying certain tasks during the initial "scan stall period. But, if you do not attempt to run any maintanence tasks , the EAM scan will complete successfully and produce a log if left alone and you don't try to run certain other Tasks as I will continue to describe, plus none of the problem effects describe so far will occur after a successful EAM Scan when left alone to complete. 3. Another Problem that can occur during the initial "Scan Stall Period" when trying to access the Event Log Viewer: Notes about the above error: * A reboot is not required for any reason after a few minutes once EAM finally offers a dialog box to confirm "Stop Scan. When the above error alerts happen, I always click pause then stop on the EAM Scan but it does not respond until several minutes later. Once it does respond with "do you really want to stop the scan" and click OK, then EAM will Update normally and the Event Viewer will work again and there are no problems with the Action Center. Everything seems OK, I believe because EAM has released it's use of the files needed to run the MMC snap-in/Event viewer and other items. I believe this is the case because in this case clicking OK to stop Scan causes EAM to release the needed files * Of course if you try to do anything before clicking OK to stop scan or if it's not offered then the Event viewer will continue to fail and an EAM update will produce the "internal processing error" dialog box. Plus, because the severity of the MMC Snap-in error seems more severe, if i continue to open other processes such as "Run Maintanence Task" in the Action Center and then Trying to update EAM and then producing the EAM "internal processing error" and then trying to Re-Boot, the following occurs likely due to OS corruption: ***Re-boot hangs during the "windows is shutting down" and requires turning off the laptop. I have my Power Button set to turn the laptop off just for such occasions. Sometimes I remove the Batteries in order to make sure any corrupted CMOS settings are removed. *** Also during the 1st part of the Re-boot process the screen shows that "TaskHost" is having trouble shutting down processes that refuse to close (EAM I suppose) and thus causes the shutting down/reboot process to hang and lock up permanently. The only way to solve the issue is to power off the laptop. ***After Turning off the laptop and then back on with the power button and automatically brought to the "Safe Mode" screen I enter safe mode and run a CHKDSK which shows no problems. Also SFC /scannow shows no errors. ****The "Scan Stall Period" is much more pronounced on Full Drive C: Custom scans and gives a user more time to open other Maintanence Task such as Event Viewer, ETC... Once the EAM scan gets past the " Scan Stall Period" the "Event Viewer" will work again, However the following errors can still be produced after the Full Drive C: Custom scan has been running for quite a while: ***Problem saving WordPad rtf file: ****As you can see I was unable to save to WordPad concerning this very document. ****Also Run Maintanence Tasks in Action Center completed the 1st standard user part but failed with the above error under the "run elevated as Admin" portion of the task. ****The spinning scan Icon continues to be active in the Taskbar even after pausing and trying to stop the scan. Eventually, EAM after several minutes will respond to the Stop Scan button and then I am able to save changes to my WordDoc, also the Elevated Run Maintanence Tasks in Action Center will run properly again without rebooting. Conclusion: This is complicated and I only have 2 days to renew my license. I will at this point roll EAM back to Delayed Updates and will just have to put up with the Registry Handle Leaks as long as none of the above effects are still present. I usually get a 1 yr/3 computer license and I was trying to get this resolved before renewing. I like a lot of the features offered on EAM and do not believe there are any other lightweight/unintrusive/not privacy invasive AV's available. What to do???? NOTE: Well I decided to again go back to the delayed Updates EAM build 6859 and to renew for now but now I encountered new problems after rolling back to build 6859 as I mentioned at the beggining of this article: ***Delay with EAM,WiFI, and anything else at startup after reboot. EAM shows Brown color and cannot be accessed after trying several reboots. ***(7) Registry Handle Leaks when rebooting only from the standard user profile. (2) from A2Service.exe and (5) from lsass.exe ***Taskhost when shutting down on all profiles shows delay in closing a program. ***New Event Viewer Error(red error) as follows:   SO I TRIED THE FOLLOWING: ***I did a System Restore to the point just before allowed EAM to Update to Build 7014 but that did not help and the same above Font Cache Error at startup remained. I have used System Restore in the same manner in the past and it usually corrects such problems as the Delayed Build 6859 did not cause this problem just before updating to build 7014. ****SEEMS LIKE ALL OF THE TROUBLESHOOTING EARLIER ON WITH BUILD 7014 DAMAGED MY "FONT CACHE SERVICE" IN A MANNER THAT SYSTEM RESTORE CANNOT OVERCOME OR THE ROLLBACK REMAINED CORRUPTED. I eventually fixed the above Font Cache Error and Rolled back to delayed build 6859 and everything is ok. I am not worried about my Registry Handle Leaks from a2service.exe or from lsass.exe because I am on a well insulated LAN with an external UTM Gateway with external BlueCoat content protection, IDP and Anti-Virus. I also do not ever make any remote connections. So, I know that my leaks are being caused locally likely by the new SMB 445 Protocol patches from MS and because I share common folders on Drive C: and use Homegroup. The Leaks do not occur if I turn off Homegroup. I have also Renewed for 1 more year. I would like to suggest that Emsisoft stop trying to be everthing to everyone and stick to an unbloated version of EAM, but at least stay compatible with Sandboxie and whatever else works with it now. Improving current features is fine but adding a lot of new features over time will put you out of business. InvinciaX is a new malware program on the horizon that I am keeping an eye on. Made by the same group who bought Sandboxie, which has been the most excellent 3rd party progrem that I have ever had the pleasure to use. I'm sure someone will duplicate these problems and send you guys some logs. I'm done with this stuff for a while. This wore me out. PS: Re-booting does not permanently solve this issue. It will continue.  *** As I mentioned at the top, there are missing images and if there is an easy way to insert them , please advise.
  17. Received the same error box as above and much more in the form of several problems. It's hard this time to know where to begin but I'm certain of my findings as I have been following this one particular issue about a Registry Handle Leak from EAM and also about 5 specific Registry Handle Leaks from lsass.exe after every re-boot for 2 months now. However, there were no side effects and the alerts were warning alerts not errors. My license is soon to expire and I wanted to get the handle leak from EAM Build 6970 fixed so I intended to perform a clean un-install then re-install (this has worked in the past for other issues). But at the last moment I decided to manually update EAM for no specific reason and I got hit with the new EAM build 7014 which immediately gave me problems when I performed Full Scan: *Severe corruption of programs ***service/mmc/snap-in functions **** corrupted my admins app data roaming folder ***also when I tried to update I got the "internal processing error dialog box". ***also any scans that I performed did not create any log files to view ***also the scans would hang for a bit at the beginning ***also if I tried to stop the scans that were hanging EAM would lock up and only a reboot would unhang it ***also noticed that I caused my Software Protection Service to terminate unexpectedly ***The same would happen on admin or user profiles *** also noticed a System .IO.IO Exception error. This is stuff I have never seen before. On the good side I discovered the following: ****When a scan did complete in a normal fashion (but without log) the scan was not slow as has been the case for a while. Yes I realize that the scan speed did improve a week or so ago but not as fast as in the past. Also the scan was using between 20 to 100 % CPU instead 0 to 10% like it had been doing recently. *********After many re-boots I noticed that the Registry Handle Leaks from EAM and from Lsass.exe were no longer present at all-never!! So, the above prompted me to perform some diagnostics and this is what I Discovered: 1. I found that if I removed(uninstall) EAM or if I completely turned off it's Start-up Protection as well as all other Protections so that it would not start-up at re-boot that I could re-boot as many times as possible and not have any Registry Handle Leaks from EAM or from Lsass.exe. 2. When I re-enabled all EAM functions and set it to delayed update to EAM Build 6859 I again received the Registry Handle Leaks from Lsass.exe and occasionally from EAM. 3. All Summer into early Fall I did not have any Reg Handle Leak warnings from lsass.exe or EAM or any other unusual warning or errors until I Performed Windows updates during the month of Nov 2016 and only Security Only Monthly for Windows and Net.framework 4.2 and 3.5 and a few other misc. I avoid telemetry and quality roll-ups. However because I was busy I had not updated since June 2016 because I wanted to see how Microsoft's update changes would play out. I do not worry about not patching because I use an external gateway with Bluecoat Content Protection with Active x and java blocked except for various Microsoft Active x is whitelisted for update purposes. The gateway has Anti-virus and IDP(intrusion detection signatures) also. I can blacklist any unwanted MS ActiveX updates, host url's or IP's. Using external protection is how I intend to use windows 7 for many years past 2020. *In conclusion my Wind 7 OS works fine with the Nov. 2016 Windows Patches without EAM Installed. *It was OK with EAM build 6970 and the older EAM build 6859 even with Registry Handle Leak Warnings because the leak warning did not cause problems. *I know that there was a MS patch in May 2016 that was released to fix lsass.exe Leaks but it caused issues with Emet 5.5 on 32 bit Win 7 OS, so I avoided it. However, I looked it up again and used Microsoft Update Catalog to see if it was superceded and it was several times and was included in the Oct. 2016 Security Only Release. So I have been patched for the Lsass.exe leak. Anyway, I use Emet 5.2 on a 64Bit OS. Never gives me trouble. Spent a lot of time getting it right and it's been perfect ever since. *So my final conclusion is because EAM worked perfectly up until Nov 2016 with Builds 6859 through 6970 without any Windows update patches since June 2016 I can only conclude that there is a problem with EAM and a certain Windows update patch that was released since July 2016. *I am also saying that there are a lot of bloggers complaining about the same identicle (5) lsass.exe Registry Handle Leaks during the last several months and no one has resolved the issue. MS states that since it's only a warning that it's probably a timing issue at start-up after re-boot. Sounds reasonable as long as the alerts do not produce problems. I now suspect that MS may have released a patch that is making it difficult for 3rd party Anti-virus programs to work flawlessly. Since, they finally gave up on the Win 10 auto installs, it's likely that they will find other ways to get users to give up on Windows 7. * I suspect that by tomorrow Emsisoft will have many other users complaining about EAM build 7014. I however intend to just monitor the situation for a while and use the delayed release version. I'm busy with other stuff. I hope you guys can get to the bottom of this. I know for a fact that while not widely published, your team has been working on the EAM A2service.exe Registry Handle Leak for a long while and this Build 7014 Hotfix is the worse fix that I have had happen to my OS in a long while. Please look over the timeline that I described. The problem is definitely related to a windows update Patch. *I am worried that I will have to stop patching windows 7 well before 2020 because all of the 3rd party programs such as yours will have to work with the changes that are mostly aimed at windows 10 which will make it harder for you to make your program work well in windows 7(eventually). Your EAM program presents with an unusual problem that I don't have with other 3rd party Programs in that you mandate that program Updates be included with AV definitions. Well I have 2 suggestions: a. Maybe make separate EAM Programs for Windows 7 and Windows 10(I realize that from your point of view that this is a laughable suggestion, but MS is not going to make it easy for you to make your programs backwards compatible with Windows 7 like they did with Win XP. You guy's will be forced to abandon Windows 7 out of pure frustration over the coming months. Just as our political system is turning to crap and using nasty hardball tactics so will the software arena. b. Maybe have the EAM program create a restore point before changing to the next Build. This idea is not laughable. I was lucky that I had very recent Restore points. I also have Acronis backups but it takes extra effort to do a restoration. Not everyone is prepared as I am. I don't know how others that have very limited computer knowledge deal with these times. If they are young enough I guess they don't know the difference. Can't help but rant a little. I don't suspect your team has any answers yet, so I will just monitor the situation while I use the delayed update. Thanks
  18. Hello This could be helpful information. After updating to build EAM 6513 I checked various logs (routinely) and noticed 3 of the above titled log entries(under CodeIntegrity Logs) starting 2 minutes after the new build update finished. I have seen these entries sporadically (3 or 4 times a month) since 12-08-15. Also, per older complete memory dumps(1 month or older) the epp.sys driver was blamed by WhoCrashed Program. So about 4 weeks ago I did a clean uninstall of EAM and epp.sys driver and the Emet 5.2 program and then did a Net Framework Repair Tool repair with success. I ran it on all 3 user profiles to be sure all user profiles were successful. I re-installed EAM (the prior build to current one) plus emet 5.2 and have had no problems for around 10 days (no need to reboot) concerning any Net Framework garbage collection issues or crash dumps or apps stopped working issues. I also noticed in the Code Integrity Log (after re-installing EAM after clean uninstall using Emsiclean Removal) that the Code Integrity log entries no longer appeared and I was very satisfied plus my system was running for many days at a time without any problems such as app stopped working or BSOS's or Framework garbage collection timing issues. Per crashdumps and MS Reliability App compatibility Reports, I believe most of my occasional app stopped working were either due to Framework Garbage Collection or a2hooks64.dll hanging up under heavy video browsing sometimes leading to a epp.sys bsod. I also noticed that all of these problems stopped happening after I made the above mentioned repairs and re-installs. (Basically programs that rely heavily on Net Framework 4.5.2. But, now since my update to build 6513 the log entry: Code Integrity is unable to verify the image integrity of the file a2hooks64.dll because the set of per-page image hashes could not be found on the system has reappeared since the EAM build 6513 update. It has only been 1 whole day since I updated to build 6513 (done on 070316) and everything went smoothly but : I am concerned that I may start encountering problems again related to A2hooks64.dll or epp.sys and I will let you know promply. Question: Why does A2hooks64.dll specifically have problems with Code Integrity Checks? I am sure that the file is properly signed as I have checked. Is it a timing issue when the system is under heavy use? Does it have something to do with alternating betweem 3 user profiles or : Does it have something to do with the latest Build 6513 installing a new Epp.sys driver or a new A2hooks64.dll? I have noticed that from the Code Integrity Logs that the A2hooks64.dll problem comes and goes and could very well be linked to when a2hooks64.dll is updated, as it is not always updated in all new build releases. I have not analyzed the dates and times at this point. An attempt at an explanation concerning these Code Integrity Logs will go a long way towards my moving on from these questions unless problems arise over the next few days. I will appreciate any insightful input very much. Thanks
  19. Since my system crashed I have not seen the same previous aggressive move upward in a2service memory values so there could be an unknown mitigating factor that is no longer present. Therefore I am doing the following: *will update to latest stable build *getting rid of AMD's catalyst and switching to their new Radeon Crimson Control(does not use ccc.exe or mom.exe,never haved liked those processes). The switch went over without any snags. I used AMD's clean uninstall utility after regular uninstall. *If the problem with a2service's elevated memory values returns I will open a new thread or join back on this one if it is still open and applicable. For now on I will just actively monitor the values and hope that the mitigating factor is removed either by AMD driver updates or MS's monthly Patches. Going forward, many of us who want to remain on Windows 7 will be facing a struggle to combat many of the important and recommended patches that will in the end make Win 7 have more compatibility problems. Best to choose your patches wisely and read the fine print and take notes. I just saying that most unknown mitigating factors will mostly be a result of Monthly MS patches and in many cases Graphics Drivers with full software packages. *To Jeremy: As you may recall, I did not have that "memory optimization" enabled in EAM settings. Also, if it happens again I will use Process Explorer and Task Manager just to be sure. *I wish everyone luck and will be following this thread. *Also my laptop with 8GB of physical memory has stabilized at 34% physical memory usage and has not gained any further. Win7 Pro with same EAM settings. It never did reach catastrophic values. Thanks
  20. In my case it goes without saying that I always check all logs available with or without having a complete memory crash dump report (i use WhoCrashed to analyze and keep running records). When I say all logs I am referring to all Windows event logs and all Application and Sevices Logs/Microsoft/Windows logs looking for clues that I can put together around the time of the crash event. I even Review the Reliability Report inside the Action Center GUI. Everything points to the fact that after the resource intensive Full Acronis Backup Successfully completed(validated) the system entered the idle state(per event log) and began the partial stopping of services(didn't finish) in order to enter the sleep phase. However it must have ran out of memory resources and became paralyzed because its memory resources became depleted during midstream. My guess is that if I had been there to observe, it is likely that i would have seen some memory depletion warnings during the acronis backup. But the backups are performed while I am sleeping. As far as a2service's memory values are concerned, in my previous post I stated that I enabled all of the memory value column options in Task Manager(working set,peak working,private working,commit size, paged pool, NP Pool) and also kept tabs on my physical memory % usage. Just before the improper shutdown/sleep/resume lockup/crash occured all of the a2service memory values were each elevated in the 6 to 7 GB range and my physical memory usage the night before the system freeze/crash was at 81 %. So, you can always assume that I have always looked at all of my logs. So the question remains, do you want me to perform the debugging process on build 6315 or would you prefer I use the next stable build?
  21. Yes. this issue would only apply to those users who for whatever reason prefer to leave their machine running for up to 2 to 4 weeks at a time and avoid reboots except for when monthly MS update patches are installed. Reboots will reset a2service memory values back to normal. I am not sure about EAM or EIS program restarts at this time. I plan to test that later when I update to the next build. I'm currently giving my machine a few days to elevate the a2service memory values before I update to the newest stable build so that I can see if a2service memory values return to normal ranges. The issue is also affected by how much the machine is used and the type of tasks performed. Task such as streaming video, acronis backups and heavy surfing real-time charting with many windows and tabs open will cause all of the a2service memory values to rise quickly. In my case it takes about 6 to 14 days to crash the machine without causing a BSOD and no obvious driver errors depending on how much heavy use I put the machine through. See my previous post above for details.
  22. Thank You for your support offer. Over the weekend the following Happened: 1.With my Physical memory at around 85% and with a2service with even higher memory values than what I previously posted the system finally did crash but not with a BSOD. I woke up to find the computer unresponsive to the keyboard and mouse and a black monitor. The system fans were still running which indicates that the OS did not enter it's usual sleep mode. 2. After hitting the reset button I performed a chkdsk in safe mode and then a SFC /scannow, both were ok. Since the OS did not formally crash I don't have a full memory crash dump to analyze, which I would have if it had BSOD'ed. 3. The only significant info that made any sense to me was the following: a. The improper shutdown happened within a minute of my OS completely finishing an Acronis Full Backup instead of a Differential which takes up much more memory resources than does Differential and only happens around every 12 days per schedule. b. Just based on my experience and my speculation the way in which the system was unable to immediately go back to sleep after the Acronis backup as per schedule indicates that it most likely ran out of memory resources while initiating the idle/sleep routine. If it just ran out of system memory in the middle of this routine, the way that I found it make sense that it was unresponsive with no BSOD. I have my OS setup to stay on any BSOD and not to auto reboot. 4. So, the system was manully rebooted and now all of the memory values are back to normal and have only slighty grown but I have not been using the computer much. My other computer(laptop) is now at 40 % physical memory use and the only Process that continues to grow larger and larger is a2service. After reboot this computer started out at 13% physical memory but in 2 days is up to 18% due to a2service memory values continuing to grow. So, what would you have me do for now? I'm still running build .6315 which is OK with me as I employ other external anti-malware at the gateway. Would you prefer that I update 1st and get back to you if a2service's memory values get up to 4GB's usage range and then turn on the Debugger or just stay with build .6315 and wait the same way. I prefer to debug it once its' close crashing again or maybe the problem might disappear. What approach would you like to take?
  23. I understand. Please don't worry about this issue until you are caught up and ready. I'm in no hurry for now, at least until my computer crashes. I will continue to post updates and after it crashes I may have to open up my own thread. Thanks
  24. Update 4-22-16: starting 5th day since last reboot and last EAM update, still on Build 6315. Woke up after no additional activity to see the following values in Task Manager. Also, I do not have the Debugger turned on and I do occasionally for good measure completely shutdown my machine and unplug it and hit the power button while it is unplugged, so the machine does occasionally get it's garbage wiped completely from RAM/ROM/Bios. Task Manager Memory Values are as follows; * Physical Memory = 80% *a2service working set memory = 10,437,000 K *a2service commit size = 11,215,428 K I will let the readers convert to GB's. I'm sure that everyone who is following this article are already certain that my machine will blue screen in the next few days, probably during the weekend. What answers will be forthcoming. I believe that JeremyNicoll stated that he had to perform a reboot due to moving his computer, so basically he will probably restart the test and will soon catch up to where I am at. The only other useful information that I have noticed is that the buildup in the a2service memory values is directly tied to how much activity you perform on the said computer as my laptop is gaining but at a lesser pace than this machine as I use it much more. This issue it seems is here to stay until it is dissected and answers are forthcoming. Thanks and I'm hoping to hear from JeremyNicoll when he can find time again. His insight is very helpful.
  25. This topic is getting interesting. Yes, the commit charge value and working set value as well as the other values except for the 53% physical memory usage were all specifically pertaining to a2service since that is the process that you are concerned with. I was surprised also but wasn't sure because I never have investigated this type of problem. This morning a2service values are in order are: 1.working set = 6,681,256 K 2. peak working = 6,681,276 K 3. private memory = 6,659,076 K and 4. Commit Size = 7,296,388 K and the total physical memory use is at 57% up from 53% yesterday evening. That's a big overnight jump !!! Now this phenomenon is leading me to these conclusions and I would like your opinion: 1. If someone like myself who much of the time for specific reasons prefers not to re-boot no more than once a month usually during MS Patch updates. It is very possible that my system could occasionally experience a crash once the physical memory usage became maxed out without my knowing always when the system was resuming from sleep. I do have this happen about every 2 weeks without any consistent reasons or crash codes and other diagnostic data. *this is despite the OS passing the following diagnostic test: Memtest, Chkdsk, SFC, Windows System Readiness Tool, Driver Verification running for 4 days with around 30 Cyberfox(Firefox alternative) tabs opened, but 4 days may not be long enough to cause the memory crash during the Driver Verification Test. 2. It also occurred to me that EAM and EIS both are regularly subjected to update reboots and more lately program restarts which most likely both reset the memory values to their lowest starting values after which they start to grow again. I never have used a program that requires so many Build updates on such a regular basis! I have complained before about the inconvenience of having to reboot for users that need to keep their systems running for long periods of time. It would be one thing to have build updates say 6 times a year but every 2 weeks makes me suspicious that the constant build updates are a cover-up to have the memory values reset regularly before they crash too many users. It would be OK with me if that was the case and if I knew that the program needed to be reset once a week with a Program Restart Only Not a RE-BOOT. Firefox/Cyberfox are programs that supposedly still need to have their RAM Cache cleared every so often due to memory usage issues and require program restarts. I just want to get everything out on the table so that I can knowingly manage the situation appropriately. 3. Don't get me wrong, I still like the product because of the great customer service follow-up, the overall design, speed and for not processing our files in the cloud. 4. Concerning the EAM setting option "activate memory usage optimization" I suspect they use an algorithm based partly on how much physical memory is present on a machine. So if you have lots of unused physical memory and have the above option unchecked like I do, then maybe the program is going overboard and the code concerning the algorithm needs to be addressed. 5. I suppose after I finish monitoring my a2 service memory values to see how high they will go, I may try running the EAM program with the option checked so that EAM will use the Paging File but I suspect that will lead to other issues when pressing the OS with many Cyberfox windows and tabs and/or navigating quickly back and forth with constant tab refreshing. What do you thing about my new overnight values and my other speculations? Update 042116 at 740pm Central us: Its been just about 4 whole days since my last re-boot and since my last EAM update. Still running build 6315. My memory values continue to grow quite fast. Just finished some quite heavy video surfing followed by a full custom scan. My Task Manager Memory values are as follows: *physical memory % = 75% but had peaked at 79% during the EAM scan. * a2sevice working set memory = 9,585,900 K or 9.14 GB * a2service commit size = 10,327,689 K or 9.84 GB So it seems that the above values will continue to grow until my OS will BSOD unless I reboot or had a way to restart the EAM Program. My Laptop with similar setup right after reboot had values that were normal like you had mentioned earlier about your machine after reboot, but it is also slowly showing the same memory value gains concerning a2service. I don't use it as much or as heavy. I am assuming that if I rebooted this system the values would be normal at 1st also but I intend on running this test till the OS blue screens to make sure what the end result will be. Suggestion: Seems like a Restart Program menu tab would be a simple way to deal with this problem while the memory usage gain problem is improved upon. It seems this issue may turned out to be a serious problem for those of us who like to run without rebooting for several weeks at a time. I wonder how the Enterprise Users are dealing with this problem when using delayed updates for several weeks without rebooting. What's your take on the whole matter and the suggestion? Firefox has a restart program menu item.
×
×
  • Create New...