
chispaluz
Member-
Content Count
6 -
Joined
-
Last visited
Community Reputation
0 NeutralAbout chispaluz
-
Rank
New Member
-
Behavior Blocker and Powershell
chispaluz replied to chispaluz's topic in Malware and Computer Security
Thanks so much for the in depth reply, Jeremy. I appreciate the time you took to do it. I'm still waiting to remote in to the client's machine to see what I find in Task Scheduler. I'll report back when I do. Thanks again! -
Behavior Blocker and Powershell
chispaluz replied to chispaluz's topic in Malware and Computer Security
Thanks for the feedback. So the same issue has been coming up. Powershell being blocked. Different days, but always at 6:57pm. I pulled up the forensics log (attached), and the Event Viewer Powershell log (attached). Looks like it's been going on since at least June 2017. How can I dig into this further to find out what is making in run everyday at 6:57pm? Do I need to remote in at that time to see what was going on using Process Explorer or Process Monitor or can I see the application in some sort of other event log? I tried looking in Event Viewer Applications, but nothing was shown -
Behavior Blocker and Powershell
chispaluz replied to chispaluz's topic in Malware and Computer Security
Thanks, Jeremy. I can reassure the client that Emsisoft is protecting him with the Behavior Blocker, even if we don't know exactly how the threat came to be. -
Hi there, I have a client with newly installed Emsisoft AntiMalware. He was visiting an MSN website and a notification popped up that said "Behavior blocker detected suspicious behavior "Exploit" of C:\\Windows\System32\WindowsPowerShell\v1.0\powershell.exe. It was blocked by default. Any idea what caused this? After going through his history, we tried to replicate the situation by visiting the same page, and nothing happened. Thanks.
-
Cannot update -- manually or otherwise
chispaluz replied to chispaluz's topic in Emsisoft Anti-Malware Home
Hi there, I uninstalled and reinstalled and the update process ran just fine. Thanks for your prompt reply. -
Hi all, I have done many installs of Emsisoft A/M and have not yet encountered this problem: when I try to update, it initializes, but then remains out-of-date. No error messages appear. The internet connection is fine. The client does not use a proxy. I've tried unchecking "Use SSL encryption for all server communication" and have the same result. Any suggestions? Thanks!