Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Just a follow-up. Currently the Synology script runs from the /temp directory, so it's not feasible to exclude that directory from active protection. I'll either have to allow all powershell or switch products on the server. 😐
  2. GT500: I have a support ticket created with them. Hopefully I'll get to the bottom of the problem. I prefer using Emsi, but if I can't find a solution, I'll have to switch this clients server to another product. ☹️ Jeremy: Thanks for the added info and link. I'll check it out.
  3. I don't know what process Synology is using. I do know that when Active Backup for Business attempts to backup the Hyper-V VM that Emsi coughs up a block and it won't complete. When I disable Emsi the backup proceeds and completes. Emsi is only reporting the block, specifying that it blocked Powershell: "Behavior Blocker detected suspicious behavior "undefined" of "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" (SHA1: 6CBCE4A295C163791B60FC23D285E6D84F28EE4C)" I can't find any solution other than to add powershell as an exception to behavior blocker. Clearly that is not an idea solution! Any thoughts as to how to proceed?
  4. Thanks Jeremy. I may have to reach out to Synology then. You're correct, I don't want to open up for all PowerShell scripts to run, just this one in particular. The popup occurs from EmsiSoft but no option to allow this particular instance. Synology is connecting to the HYPER-V host server to backup the VM. It seems to me that I can't possibly be the first to run into this exact scenario! LOL
  5. I'm attempting to backup my Hyper-V VM using Synology's Active Backup for Business. It appears that EmsiSoft is blocking it. I'm getting pop-ups from Emsi in regard to behavior blocking. If I disable Emsisoft, the backup will occur. The logs indicate that C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" (SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx) is being blocked. Do I add the complete path string with the SHA numbers to the exception list, or just the PowerShell path? It seems to me that I don't want just ANY PowerShell item to run. Just need a little guidance please. TIA
  6. Go back into the registry as directed earlier and double check that the entry isn't in again. I had made the mistake of forgetting to turn off the entry in Kabuto that wound up reinstalling Emsisoft immediately,. Also, check that the epp listing isn't in "ControlSet001 or 002 as well. I'm not sure if those are active keys, but I made sure the entries had been removed from there as well.
  7. I misspoke in regard to EAM having an update "in the wind". It did, however, reinstall... but I realized that was my fault; it was still turned on in Kabuto. So when it synced it wasn't there and it reinstalled. Bottom line is that the problem was the eppdisk setting in the registry. the version of EAM installed had been 2017.2 As to having a copy/export of the registry for comparison, I do not. I am however gun-shy at this point, and irregardless of the system, I'm checking the registry first before performing any uninstalls! Thanks for the help!
  8. The same thing happened this morning on another system at the same location. I removed the entry from the registry and the system booted. I then applied the same repair to the original system after uninstalling EAM and rebooted. Interestingly, EAM must have had an "update" in the wind, so to speak, because after rebooting, EAM was installed again. I uninstalled it again and checked the registry; the problem setting wasn't there. All's well! Thanks for all the help! Hat's off to all!
  9. Thanks GT500. I had to return the system back to the Township office after restoring a working image for now. David, from Emsisoft, provided similar instructions to yours as well last night. I intend on attempting this process again my next available time slot. I'll keep you posted.
  10. I have a Win7Pro system that when I uninstall Emsisoft from the system, it creates a non-bootable system with an error 0xc000000e. LUCKILY, I have an image backup that has allowed me to restore it. I've isolated the issue to ensure nothing else was causing it. This system is a local townships computer, so I have to return it to get them back up and running ASAP.
  11. UPDATE: Both systems are now installed. Kabuto released a patch.
  12. Good Morning, Two systems today refuse to install EAM. All I get is the " Failed to install will try again on next sync". Multiple uninstalls, reboots, etc.
  13. Thanks Frank. I'll get them installed tomorrow! Great work!
  14. @Frank: Glad you were able to replicate it! By "normalize" do you just mean non-maximized?
  • Create New...