reerden

Member
  • Content Count

    27
  • Joined

  • Last visited

Everything posted by reerden

  1. Since around April 18th, I had multiple complete hangs on two different Windows 10 systems. All crashes happen at the exact time the a2service crashes and restarts around 5 times in a row. After that the system completely hangs. Both system also have Hitmanpro.Alert installed, in case that matters. First application error: Faulting application name: a2service.exe, version: 2018.3.1.8572, time stamp: 0x5acb5d54 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x560 Faulting application start time: 0x01d3dc13f1f5aa43 Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe Faulting module path: unknown Report Id: b24e20f5-64f3-4e03-ae25-fa2f98e9702b Faulting package full name: Faulting package-relative application ID: Last application error: Faulting application name: a2service.exe, version: 2018.3.1.8572, time stamp: 0x5acb5d54 Faulting module name: ntdll.dll, version: 10.0.16299.402, time stamp: 0xd826f10d Exception code: 0xc0000005 Fault offset: 0x000000000001d14c Faulting process id: 0x17f8 Faulting application start time: 0x01d3dc7f312dfd19 Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 19be08d3-23f3-44f9-9f92-4b145427322d Faulting package full name: Faulting package-relative application ID:
  2. I renewed the license on one phone, but I cannot activate it on the second one. They use different Google accounts and apparently that's an issue. Is it possible to activate the license on both google accounts?
  3. It looks like they're working on it. It's now listed as trusted on the anti-malware network. Now for MS to update their definitions.
  4. I think so. You could try adding the EMS program files folder to exclusions in Windows defender to prevent it from scanning that file again.
  5. I was kind of worried and wondering how a freshly installed Windows PC could catch malware this easily. Then I saw it was one of Emsisoft's own files. Ironically, Emsisoft's anti-malware network has copied over this false positive from Windows defender:http://www.isthisfilesafe.com/sha1/F564B91383250DAC777C310C30978F0BD2D6FED9_details.aspx The reason defender still quarantines the file even if disabled is because it starts up temporarily after a fresh boot, until the service responsible for AV status reporting is loaded in.
  6. That's weird because they weren't freed on my systems, even after 30 minutes or so. I had problems with the entire system hanging and applications losing their settings profile because they couldn't access it. Caused by a read error caused by file locking. The file locking was caused by the a2service according to process explorer. Removing or downgrading EAM also solved the issue. I'm also not sure what is so different about my systems, other than hitmanpro alert being installed (which I also removed for testing). I only have a few applications installed, and even less on the other PC.
  7. Event log has been clean and no more system locking issues with the new beta.
  8. I'll check as soon as I get the chance. Thanks for help and the quick response.
  9. Here's the scan log. Did a few scans and had the problem somewhat less severe. Rebooted and immediately ran a scan and had the problem again. All scans were fully completed. tmp_8667-ScanEngineDebug14045624.log
  10. I'll send a debug log as soon as I get home. I'm also in contact with Mr Biggar through the helpdesk mail. I've send him a FRST log. Both systems have an SSD. No hard drives. And yes. These are complete scans. The problem becomes worse the more scans I run without a full reboot.
  11. Yes. Start menu locks up too. EDIT: I'm able to reproduce the problem by running the malware scan a few times. Usually, the first indication the problem starts is that the event viewer shows that windows can't write live tiles to its cache. The more often I run the scan, the worse the problem becomes. I can see the EAM service creating file handlers for files it's scanning using process explorer. They're never released and keep building up until the system becomes unusable. EDIT2: I also have bitlocker active on both machines. Maybe that has something to do with it.
  12. I'm having issues with applications being unable to access any files after running the on demand scan a few times. A reboot only fixes this issue temporarily. The event viewer is full of errors indicating apps can't access files because they are already in use. This causes gigantic issues like settings disappearing and even being unable to fully boot after login. A quick inspection with Sysinternals Process explorer reveals that the culprit is the a2service, which keeps open the file handlers after a manual scan. I've put my update feed in delayed and my EAM is now back at 12.0.1.6859. All issues have disappeared. This is on a Windows 10 professional 64 bit. The only other security software I have installed is hitmanpro alert. I'm unable to provide you with a debug log as EAM is unable to save any logs when it happens, since the a2service keeps locking the log files. EDIT: problem is also present on another PC. I tried removing hitmanpro to see if it caused the issue, but it is still present.
  13. I factory reset my device and now I'm unable to reactivate EMS. It keeps saying the code is already in use. EDIT: Nevermind. Solved the problem.
  14. I want to report that after EAM was updated to the newest version today, the epp file system driver caused a BSOD with the following message: "driver unloaded without cancelling pending operations" I have a scan running at boot up. This may have something to do with it.
  15. I cannot login anymore. When I try to login, I get message that "an unknown error occurred". I tried reinstalling and removing app data. I also tried removing access to EMS from my Google account, but that doesn't work either. EDIT: it seems this is triggered by activating Anti-theft, leave the trusted number disabled and then uninstalling EMS. I've tried this on a different account and now that account is locked out too. my.emsisoft.com gives a 404 error when clicking Anti-theft. EDIT2: Problem seems to be solved. Was probably because of to many login attempts. Thanks anyway.
  16. Can I safely leave the Trusted Number empty to disable this feature?
  17. The app locking feature is not working in EMS. I am never prompted for a PIN. All permissions are enabled, including the ability to draw over other apps. Reinstalling EMS also didn't work. This is on a Nexus 5X running Android 6.0.1.
  18. What is the purpose of the "Trusted network traffic (TCP/UDP)" default global firewall rule? Aren't trusted connections already handled by application rules? If so, why add this rule to the global rules?
  19. Why not? If EIS's goal is to make the PC invisible on public networks, it might be good to block outgoing SSDP/UPnP ports. As far as I know, Windows firewall completely stops outgoing SSDP when set to the public profile.
  20. I assume I can just copy over the ports from the default "Windows services" rule?
  21. How do I block network discovery and file sharing on private networks? Can I just change the default "Windows services" rules from public networks to All? I want to block network discovery and file sharing and only allow it for certain IP addresses.
  22. What exactly does the "use recommended option" mean in the behavior blocker when a program can't be verified? How is this "recommended option" determined? By signatures? I want to install EIS on the laptop of a less experienced user and reduce the amount of alerts to a minimum.
  23. So if I understand correctly, the firewall applies certain hidden rules that aren't shown in the Global rules when the network is configured as a public network?
  24. I noticed that in the global packet rules, certain ports (1900 UDP, 3702 UDP, 5355 UDP, 5357 TCP, 5358 UDP) used by network discovery and file sharing aren't filtered by default. Windows Firewall does filter these ports when network discovery and file sharing is disabled. Shouldn't these ports be added to the default "Windows Services" rule in the firewall?