Jump to content

Fabian Wosar

Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by Fabian Wosar

  1. In general, we don't pay much attention to the insider builds until they are closing in onto a new RTW. This particular issue will be fixed in the 2018.3 release of EAM so a fix will be available in time before RS4 is officially made available to all users in early April.
  2. Fuer uns aendert sich ueberhaupt gar nichts. Unsere verhaltensbasierte Erkennung ist gegen alle Arten von Obfuscation immun, da sich zwar das Aussehen der Malware aendert, aber nicht ihr Verhalten.
  3. Das war schon immer so. Ist auch in unserer Privacy Policy ersichtlich: https://www.emsisoft.com/de/software/privacy/
  4. Quick scan only scans stuff that is currently running. Not files that aren't active. You will at least have to perform a Malware Scan to get your downloads scanned.
  5. I will make sure to sneak in some bugs into the next releases so Peter has some excitement in his life
  6. Text files don't have an inherent format that we can use to verify that a file was decrypted properly. Therefore, the decrypter can't decrypt them. The decrypter can only decrypt files that have fixed headers that can be used to verify that it found the correct key.
  7. Indem Du die Option abschaltest. Nur wenn die Option aktiviert ist, wird der Filter benutzt. Ansonsten wird alles gescanned.
  8. Emsisoft Anti-Malware ist vollständig mit dem Windows Update kompatibel. Wir haben ausserdem grade ein Update für alle Nutzer des Beta, Stable und Delayed Update Trees veröffentlicht, dass den entsprechenden Kompatibilitätsmarker in der Registry platziert. Wir möchten an dieser Stelle zu bedenken geben, dass Microsoft den selben Kompatibilitätsmarker für alle Anti-Virus und Anti-Malware Anwendungen verwendet. Sollten also mehr als ein Anti-Virus oder Anti-Malware Programm in Benutzung sein, besteht das Risiko das eine der Anwendungen, wie Emsisoft Anti-Malware z.B., das System als kompatibel m
  9. Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the s
  10. It X-es out an existing installation so to say
  11. Our signatures are the *.sig files with the names based on dates. However, we do use two scan engines. Our own and the Bitdefender engine. The Bitdefender signatures are stored in the Signatures\BD folder and those take up about 500 MB.
  12. EAM will take care of the signature files on its own. No need to do anything. If you try to delete any of the files, they will just be redownloaded again. Our signatures account for about 13 MB. I don't think you will notice that compared to the Bitdefender signature database, which is about 500 MB with the cache.
  13. The self-protection protects the entire EAM directory, which includes the language files. In addition, upon update, it will simply re-download the missing language files.
  14. The encrypted files are useless. We will require the ransomware executable that encrypted those files in order to extract the necessary information.
  15. This question has been answered many times before. But to repeat the answer: The whole world product tests do not simply evaluate the on-demand scan performance of products but test all protection layers of a product. Essentially the attack vector is being replicated exactly as it would happen in the real world and the products get a chance to protect the system on many different layers. Signature detection, which is the part we licensed from Bitdefender, just being one of many layers. AV-C doesn't release detailed information about what infection is being blocked at which layer, which me
  16. Stampado doesn't use a bitcoin address. It uses an ID and email. Philadelphia uses a bitcoin address and is visually extremely similar. So I suggest you try the Philadelphia decrypter instead.
  17. Putting it into the context menu of the systray icon is just as hidden as it is now and wouldn't fix the issue at all. The reality is: Most users don't care and if you want to make sure you have the latest version, you should hit the update button instead of comparing the numbers, as the update will ensure you have the latest version appropriate for your currently selected update tree. For those who truly want to see the version numbers all the time, we have the workaround with removing the renew link and replace it with the version number instead. It's a one-time click that permanently gets y
  18. Can you please upload the ransom note and one encrypted file to https://id-ransomware.malwarehunterteam.com and post the result link here? Thanks.
  19. Das Update befindet sich zwischenzeitlich im Beta Updatezweig. Falls einer derjenigen, die von dem Problem betroffen sind mal kurz testen möchte ob das Problem auf Ihrem System damit behoben ist.
  20. Jemand anderes hat mittlerweile einen Dump eingeschickt. Ein Fix sollte im Laufe des Tages zur Verfügung stehen via Beta Updates.
  21. Verwechsel bitte nicht Icewolf mit Emsisoft. Er benutzt zwar das Pronom "wir" hat mit Emsisoft allerdings nichts zu tun. Das von Dir beschriebene Problem wird zu 100% von Emsisoft Anti-Malware ausgelöst. Allerdings war ich bislang nicht in der Lage es auf einem meiner Systeme zu reproduzieren, weder mit der alten Acrobat Reader Version die Du verwendest, noch mit neueren Versionen. Daher wäre ein Crash Dump notwendig um genauer hinzuschauen.
  22. Generell ist bei Anwendungsabstürzen aller Art immer ein Crash Dump sinnvoll und notwendig. Die Meldung ist letztlich für uns als Entwickler genauso nutzlos wie für Euch als Nutzer. Entsprechend wäre es ungemein hilfreich, wenn Ihr so einen vollständigen Crash Dump erstellen und hochladen könntet: https://helpdesk.emsisoft.com/Knowledgebase/Article/View/222/0/so-konfigurieren-sie-automatische-crash-dumps-bei-anwendungsfehlern
  23. Keep in mind we do not officially support any firewall besides the Windows firewall. That means, that we do not do any compatibility testing with any other product. So while it may be true that running EAM and Comodo side by side is possible right now, compatibility may get broken by any update on either side.
  24. We decided internally to treat javascript-based crypto-currency miners as PUP. That means we started actively targetting these services via the surf protection.
  • Create New...