chispaluz

Thanks so much for the in depth reply, Jeremy. I appreciate the time you took to do it. I'm still waiting to remote in to the client's machine to see what I find in Task Scheduler. I'll report back when I do. Thanks again!

Thanks for the feedback. So the same issue has been coming up. Powershell being blocked. Different days, but always at 6:57pm. I pulled up the forensics log (attached), and the Event Viewer Powershell log (attached). Looks like it's been going on since at least June 2017. How can I dig into this further to find out what is making in run everyday at 6:57pm? Do I need to remote in at that time to see what was going on using Process Explorer or Process Monitor or can I see the application in some sort of other event log? I tried looking in Event Viewer Applications, but nothing was shown for those specific days and times that I could find. The client is older, and very concerned about computer safety. He's been shutting his computer down each time the Emsisoft alert pops up. I'd like to reassure him, or tun off that specific notification if it's not something to worry about. Thanks!

Thanks, Jeremy. I can reassure the client that Emsisoft is protecting him with the Behavior Blocker, even if we don't know exactly how the threat came to be.

Hi there, I have a client with newly installed Emsisoft AntiMalware. He was visiting an MSN website and a notification popped up that said "Behavior blocker detected suspicious behavior "Exploit" of C:\\Windows\System32\WindowsPowerShell\v1.0\powershell.exe. It was blocked by default. Any idea what caused this? After going through his history, we tried to replicate the situation by visiting the same page, and nothing happened. Thanks.

Hi there, I uninstalled and reinstalled and the update process ran just fine. Thanks for your prompt reply.

Hi all, I have done many installs of Emsisoft A/M and have not yet encountered this problem: when I try to update, it initializes, but then remains out-of-date. No error messages appear. The internet connection is fine. The client does not use a proxy. I've tried unchecking "Use SSL encryption for all server communication" and have the same result. Any suggestions? Thanks!