Fabian Wosar

Emsisoft Employee
  • Content Count

    4403
  • Joined

  • Days Won

    1

Everything posted by Fabian Wosar

  1. Fuer uns aendert sich ueberhaupt gar nichts. Unsere verhaltensbasierte Erkennung ist gegen alle Arten von Obfuscation immun, da sich zwar das Aussehen der Malware aendert, aber nicht ihr Verhalten.
  2. Das war schon immer so. Ist auch in unserer Privacy Policy ersichtlich: https://www.emsisoft.com/de/software/privacy/
  3. Quick scan only scans stuff that is currently running. Not files that aren't active. You will at least have to perform a Malware Scan to get your downloads scanned.
  4. I will make sure to sneak in some bugs into the next releases so Peter has some excitement in his life
  5. Text files don't have an inherent format that we can use to verify that a file was decrypted properly. Therefore, the decrypter can't decrypt them. The decrypter can only decrypt files that have fixed headers that can be used to verify that it found the correct key.
  6. Indem Du die Option abschaltest. Nur wenn die Option aktiviert ist, wird der Filter benutzt. Ansonsten wird alles gescanned.
  7. Emsisoft Anti-Malware ist vollständig mit dem Windows Update kompatibel. Wir haben ausserdem grade ein Update für alle Nutzer des Beta, Stable und Delayed Update Trees veröffentlicht, dass den entsprechenden Kompatibilitätsmarker in der Registry platziert. Wir möchten an dieser Stelle zu bedenken geben, dass Microsoft den selben Kompatibilitätsmarker für alle Anti-Virus und Anti-Malware Anwendungen verwendet. Sollten also mehr als ein Anti-Virus oder Anti-Malware Programm in Benutzung sein, besteht das Risiko das eine der Anwendungen, wie Emsisoft Anti-Malware z.B., das System als kompatibel markiert, obwohl eines der anderen installierten Sicherheitsprodukte nicht kompatibel ist. Es gibt für uns leider keine Möglichkeit dies zu verhindern oder abzufangen, da Microsoft die Verwendung mehrerer Schutzprogramme auf dem selben System schlicht nicht vorsieht. Dies ist übrigens ein perfektes Beispiel dafür, wieso wir seit Windows 10 von der parallelen Verwendung mehrerer Sicherheitsprogramme abraten. Weitere Informationen, gibt es auch in unserem Blog.
  8. Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  9. It X-es out an existing installation so to say
  10. Our signatures are the *.sig files with the names based on dates. However, we do use two scan engines. Our own and the Bitdefender engine. The Bitdefender signatures are stored in the Signatures\BD folder and those take up about 500 MB.
  11. EAM will take care of the signature files on its own. No need to do anything. If you try to delete any of the files, they will just be redownloaded again. Our signatures account for about 13 MB. I don't think you will notice that compared to the Bitdefender signature database, which is about 500 MB with the cache.
  12. The self-protection protects the entire EAM directory, which includes the language files. In addition, upon update, it will simply re-download the missing language files.
  13. The encrypted files are useless. We will require the ransomware executable that encrypted those files in order to extract the necessary information.
  14. This question has been answered many times before. But to repeat the answer: The whole world product tests do not simply evaluate the on-demand scan performance of products but test all protection layers of a product. Essentially the attack vector is being replicated exactly as it would happen in the real world and the products get a chance to protect the system on many different layers. Signature detection, which is the part we licensed from Bitdefender, just being one of many layers. AV-C doesn't release detailed information about what infection is being blocked at which layer, which means nobody but them know how these scores break down exactly. So while EAM and Bitdefender will always perform comparatively when it comes to just the signature-based detection, other areas, like the URL blocking, for example, will not.
  15. Stampado doesn't use a bitcoin address. It uses an ID and email. Philadelphia uses a bitcoin address and is visually extremely similar. So I suggest you try the Philadelphia decrypter instead.
  16. Putting it into the context menu of the systray icon is just as hidden as it is now and wouldn't fix the issue at all. The reality is: Most users don't care and if you want to make sure you have the latest version, you should hit the update button instead of comparing the numbers, as the update will ensure you have the latest version appropriate for your currently selected update tree. For those who truly want to see the version numbers all the time, we have the workaround with removing the renew link and replace it with the version number instead. It's a one-time click that permanently gets you what you want.
  17. Can you please upload the ransom note and one encrypted file to https://id-ransomware.malwarehunterteam.com and post the result link here? Thanks.
  18. Das Update befindet sich zwischenzeitlich im Beta Updatezweig. Falls einer derjenigen, die von dem Problem betroffen sind mal kurz testen möchte ob das Problem auf Ihrem System damit behoben ist.
  19. Jemand anderes hat mittlerweile einen Dump eingeschickt. Ein Fix sollte im Laufe des Tages zur Verfügung stehen via Beta Updates.
  20. Verwechsel bitte nicht Icewolf mit Emsisoft. Er benutzt zwar das Pronom "wir" hat mit Emsisoft allerdings nichts zu tun. Das von Dir beschriebene Problem wird zu 100% von Emsisoft Anti-Malware ausgelöst. Allerdings war ich bislang nicht in der Lage es auf einem meiner Systeme zu reproduzieren, weder mit der alten Acrobat Reader Version die Du verwendest, noch mit neueren Versionen. Daher wäre ein Crash Dump notwendig um genauer hinzuschauen.
  21. Generell ist bei Anwendungsabstürzen aller Art immer ein Crash Dump sinnvoll und notwendig. Die Meldung ist letztlich für uns als Entwickler genauso nutzlos wie für Euch als Nutzer. Entsprechend wäre es ungemein hilfreich, wenn Ihr so einen vollständigen Crash Dump erstellen und hochladen könntet: https://helpdesk.emsisoft.com/Knowledgebase/Article/View/222/0/so-konfigurieren-sie-automatische-crash-dumps-bei-anwendungsfehlern
  22. Keep in mind we do not officially support any firewall besides the Windows firewall. That means, that we do not do any compatibility testing with any other product. So while it may be true that running EAM and Comodo side by side is possible right now, compatibility may get broken by any update on either side.
  23. We decided internally to treat javascript-based crypto-currency miners as PUP. That means we started actively targetting these services via the surf protection.
  24. There is no read-only access. The same COM object allows for both reading and writing.