Fabian Wosar

Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by Fabian Wosar

  1. No, but if the exploit installs and executes actual malware it gets detected. Additionally the Malware-IDS is able to detect malicious behavior caused by the exploit as well.
  2. Dann sind alle derzeit öffentlich erhältlichen Produkte unbrauchbar. In den offiziellen Tests in denen mit Rootkits getestet wurde, war unsere Erkennungsrate stets über 80%. Bei inaktivien Rootkits stets nahezu perfekt.
  3. Wahrscheinlich hast Du a-squared erlaubt basierend auf Community Feedback selbstständig Regeln zu erstellen. In diesem Fall würde dann kurz ein Fenster sichtbar sein, daß dann aber sofort geschlossen wird. Für genaueres müsste man wissen in welchen Situationen genau der Alarm auftritt. Es gibt durchaus Situationen bei denen installierte Software diese Meldung auslöst.
  4. Das Problem bei Rootkits ist, daß sie dazu designed sind nicht erkannt zu werden. Wir erkennen viele Rootkits auch wenn sie aktiv sind, aber längst nicht alle. Auch dedizierte Anti-Rootkit Tools erkennen bei weitem nicht alle. Ein prominentes Beispiel für Rootkits, die nahezu für alle öffentlichen Produkte unerkannt sind, wären die neueren TDSS Varianten. Entsprechend ist hier Prävention deutlich wichtiger als Erkennung.
  5. I corrected the detection. Please run the online update again to get the updated signature files.
  6. Currently there are no known problems on Windows 7 that could cause something like that. The only known problem is caused by the shell extension we install and prevent jump lists and certain context menu entries from working correctly. Could it be that you accidentally blocked a message regarding Firefox and IE and saved them as permanent rules? That would result in the behavior you described. So you may want to take a look at your Malware-IDS rules (Background Guard, Application Rules).
  7. Ja, wir haben die Downloads auf CNET verlagert. Falls Du die Setups lieber direkt von unseren Servern herunter laden möchtest: http://download1.emsisoft.com/a2AntiMalwareSetup.exe http://download1.emsisoft.com/a2FreeSetup.exe
  8. Ich hab kurzer Hand mal AntiVir installiert. Die Meldung ist in der Tat normal und tritt deshalb auf, weil AntiVir wie bereits vermutet blind alle Rechte anfordert um auf einen Prozess zuzugreifen, statt nur Leserechte. Entsprechend kannst Du das Verhalten einfach erlauben.
  9. Erschien die Meldung, als Du den Arbeitsspeicher von AVIRA hast scannen lassen? Wenn ja ist dies sehr wahrscheinlich eine normale Meldung. In dem Fall haben es die Entwickler von AVIRA versäumt statt Leserechte für einen Prozess direkt alle Rechte anzufordern.
  10. Please create a different thread in that case since your "problem" has obviously nothing to do with anything that was discussed here.
  11. If you had read the original posting you would have noticed that we are talking about the Quick Scan (which essentially is a scan for cookies, traces and a memory scan). You on the other hand only did a scan of a custom folder which has nothing to do with the performance improvements we implemented to speed up the memory scan.
  12. Y:\ looks like a network share or external drive. Since you scanned it once it is likely that the data still resides inside the cache. To get the cache out of the picture you would have to reboot between scans instead of just doing consecutive scans.
  13. If a new application version is available it will be downloaded and installed by the updater as well.
  14. All updates are listed here: http://www.emsisoft.com/a2/changelog/free/ Easier than clicking one button?
  15. Essentially you should scan your user profile, your program files folders and your Windows folder. To save time you should deactivate scanning inside archives. You may want to enable the extension filter as well.
  16. Can you please send me your a2HiJackFree.exe file via mail? My mail address is [email protected] Otherwise if you want to try a reinstall you should download a new setup package. This will include the newest updates since your setup seems to be pretty outdated. Download link: http://download1.emsisoft.com/a2AntiMalwareSetup.exe
  17. With the initial dots please. Otherwise you will exclude not only emsisoft.com but iamadomainthatendsinemsisoft.com as well. You have to ask your ISP about that. An exclusion inside the guard shouldn't be neccessary. The reason why I asked you to rename the file was to force an update of the file and make sure the original file is not locked in some way (and therefore can't be replaced). Changing the file's name so it fits AntiVir's exclusion list limitation is not an option.
  18. Try to exclude the following two URLs: .emsisoft.com .ikarus.at This should exclude all Emsi Software update servers as well as IKARUS update servers.
  19. I am currently installing AntiVir Premium to give you a step by step instruction on how to exclude the update from the AVIRA Web Guard. It will take a few minutes though.
  20. Direkt nachvollziehen konnte ich das Problem bislang nicht. Weder mit der Stable Version noch mit einer der derzeitigen Test Builds.
  21. Just add a letter or a number. It doesn't matter really. We haven't heared any complains until now. But there were problems with other similar software in the past. So you may try to exclude the a-squared components from the web guard (if it is possible) or try to update without the web guard running.
  22. That's odd indeed. Is HiJackFree running in the background while updating? Could you please rename the a2HiJackFree.exe file inside your a-squared folder and try to update twice again? The first update should download the file again. The second should report no update at all. Please include the update logs of those 2 updates in your post as well.
  23. Could you please view the details of one of the failed updates in the update logs and post it here?