RandomGuy

Member
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RandomGuy

  • Rank
    New Member
  1. This video speaks for itself. Judging from this, I would like improvements for protection against worms.
  2. RandomGuy

    Feature Request: Rollback

    I understand the mission statement and purpose of your product. I just thought that this feature would assist in making this product an amazing Anti-Malware product. This feature should be lightweight and assists only through late BB detection. Also, Webroot’s system is a rollback feature and is among one of the lightest AV products out there.
  3. RandomGuy

    Feature Request: Rollback

    Towards the end of this video, two pieces of adware designated “Advanced System Protector” and “RegClean Pro” copied themselves everywhere on the desktop. The behavior blocker didn’t detect this action malicious and wasn’t monitoring it because it was designated as Safe by the Anti-Malware Network. This video reinforces scenario 1 and also suggests an improvement on the behavior blocker.
  4. RandomGuy

    Feature Request: Rollback

    Well, I know that some legitimate applications do this as well. So if a rule is in place that intercepts this behavior, legitimate applications can also be flagged. This is only a hypothetical scenario, but I see your point. Cheers!
  5. I'm sure you are all very familiar with the rollback feature found in Kaspersky products. I would like this feature also implemented into Emsisoft products because it can be very useful. This feature can be very useful in 2 scenarios. Scenario 1: A malicious file is executed and starts copying itself to different parts of the drive. It then tries to send data to a malicious host which triggers an Emsisoft Anti-malware Network cloud look up. The parent file is then detected and quarantined, BUT the copies are still there. In this case, if the rollback feature is implemented, then the file would have been detected and quarantined and everything it has done (which in this case is copy itself) prior to detection will have been rolled back (deleted). Scenario 2: A ransomware file is unknowingly executed by the user. The file is fairly new and released only about 4 hours ago. It starts encrypting desktop photos and then tries to encrypt the pictures folder. This is where the behavior blocker kicks in; it stops and quarantines the file protecting the pictures folder. BUT, the encrypted files in the desktop folder stays encrypted. With a rollback feature in place, the file would have been detected and quarantined (by the behavior blocker) and the roll back feature would have unencrypted files prior to detection. This is just a suggestion that I would love to have implemented in Emsisoft products.