Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by ValarM5

  1. Then whatever it is doing then. I can do a screen capture if you'd like to show you when it happens. Monitoring it in Process Explorer after execution, it usually takes around 30 seconds to complete, but several processes are spawned and dropped, and then eventually all three Emsi processes disappear. Then the notification icon disappears when I try clicking on it. After that I can't get into the GUI nor does it block any more samples, so the real-time protection isn't active anymore. After a reboot I get the error message as in the picture. The only way to resolve it is to revert back to a previous snapshot or reinstall. My concern is for me or anybody else coming across this in the real world and not just in a testing environment. But thanks I'd appreciate any updates.
  2. Ok. If it's not to much to ask, would you mind keeping me updated on the crash issue? Thank you.
  3. On side note, I am currently running EAM and Hitmanpro.alert, do you recommend adding monitoring and/or scanning exclusions in each program for one another, or is that not necessary? I know they are both compatible but I'm just trying to avoid any possible conflicts. Or is it better to leave it as is since HMP.alert does help mitigate against exploits and it could help protect the EAM processes. Thanks.
  4. Sounds good, thanks. When I try to reproduce with the first 3 to try to simulate a real-world zero day encounter like the 4th one currently is, I make sure to disable FileGuard and AMNet before copying the samples to the VM, and the BB still misses it. That's why I thought maybe it was just my one Windows setup, so like I said I used 2 separate VM software with 3 versions of Windows, on 2 separate machines. I have never had this happen to me before outside of these 4 so far. I also have some debug logs if you want them.
  5. 1C232A8252B20A9F440D1ED13DEC84B358D9423EF973591A72EAE8DB54FC5684 F0BD2E1352FCCCDB0886465742D604906A03DB7B704840DB24084FA4552C1BE0 2F0ECE60256BAF67878D4CD5E5A16A57C3BC383A4B27D223C9F2845CA8E19704 2123FEB27E9116DF8F8247ACF8C0384850CA88C250F856626F4D67A1C23FB9CC I just wanted to show the error message with the attachment. Didn't want to post live samples. The 4th one is the 0-day sample. I have them zipped up, if you want I can send them your way via PM or email.
  6. Hello. I have been doing some malware testing lately and I have come across four samples that completely crash real-time protection. After a reboot the notification icon is red, and after a few minutes I get a pop up as shown in the attachment. One of the samples from 03/16 is still zero-day as the signatures and heuristics don't pick it up along with the Behavior Blocker misses it. I have tested in both Oracle VirtualBox and VMWare with Windows 7, 8.1, and 10 and it occurs with all of them. I have forwarded 3 of the samples to customer service over a week ago, but I see this hasn't been addressed yet and was advised to start a thread in this particular sub-forum to get the most quick and direct feedback from a developer. Thanks.
  • Create New...