Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Bundaburra

  1. I use Macrium Reflect (free version) to do regular image backups of my hard drive. The backups go to an external 3.0 USB drive. I am concerned about slow transmission speeds between the hard drive and the backup. In the Macrium documentation, among other things, it says: Antivirus software AV software typically will scan new or modified files for viruses. This can radically slow down the imaging process. Unfortunately, it is not always possible to turn off AV software or disabling it has no effect on the scanning behavior. Some customers have reported that they had to uninstall their AV software completely, before they saw a performance improvement. Is this true of Emsisoft Anti-Malware, and if so can anything be done? I have tried pausing the EAM protection while running the backup, but as suggested above, it makes no difference.
  2. There is a suggestion in the Feb 25 issue of the AskWoody newsletter that the protection provided by Microsoft could be turned off, via the InSpectre tool from Steve Gibson. Apparently an improvement in overall performance can be achieved by turning this off. Does Emsisoft Anti Malware provide adequate protection against these, or would we be better advised to leave it turned on?
  3. I know I can pause EAM protection via the tray icon - Pause protection - but is there a batch command to do it? And re-enable later?
  4. Wow. I had no idea that I would be stirring up such a hornets nest. The only reason I asked the original question was when Foollish IT said that the free version of CP would no longer be receiving updates, and I thought there is nothing more useless than an AV/ransomware detector which is not being updated. As I already had a paid subscription to Emsisoft Anti Malware, I did not want another such. I am happy with the above description of the Behaviour Blocker, and in any case I take regular backups (with the internet disconnected) which could be restored if necessary. BTW, up until then I had been receiving occasional updates to the CP free version.. The last version I had was 9.1.
  5. Thanks for the heads-up. I have now completely disabled and uninstalled CryptoPrevent, and will see how I go. One other question: the reply from GT500 mentions Group Policies. Would the uninstall have removed or reverted these? If not, should I do so and what are they?
  6. Since the ransomware scare I have been using CryptoPrevent (free version) from Foolish IT, in addition to Emsisoft anti-malware. I now find that the free version of CP is discontinued, so I would like to know if I really need it? Does EAM provide the same or similar protection as CryptoPrevent, or should I switch to the paid version?
  7. I had exactly the same problem with W10 1803. The update would get to 5% installed, then the entire system would freeze. Even the clock stopped running. After several retries, always with the same result, I tried shutting down EAM before running the update, and then it worked as expected. I have never previously had to shut down EAM before running a Windows Update, but should I do so in future? Running Windows 10 64 bit, EAM version 2018.3.1.8572,
  8. In the blog on layered protection, it says that the first layer of defence is a firewall, and it goes on to discuss the Windows Firewall. Many users nowadays access the internet via a router, and most routers have some kind of built in firewall, so would not this be the first layer of defence? I realise that Emsisoft is not in the business of routers, but for the sake of completeness of topic, should this also be mentioned, with some explanation of what a router's firewall does?
  9. Maybe that adservice is just a bad site? When I tried it in Firefox, it was first blocked by Ublock Origin. When I allowed that, it was then blocked by Surf Protection.
  10. This is probably a silly question, but in the documentation for KB4088776 it says "Due to recent work with our antivirus (AV) partners, AV software has now reached a sustained level of broad compatibility with Windows updates. After analyzing the available data, we’re lifting the AV compatibility check for the March 2018 Windows security updates for supported Windows 10 devices through Windows Update. We’ll continue to require that AV software be compatible. Devices with known AV driver compatibility problems will be blocked from updates. We recommend that customers check installed AV software compatibility with their AV provider.". Please note the last sentence - is EAM compatible?
  11. Thanks for the replies. I guess the main point is that regardless of what the email sender says, or does, or puts in a footer, the primary defence is at the receiving end. Turns out that my multiple sender was using a free Russian AV program .... enough said?
  12. Interesting. Often I receive an email where at the bottom it says something like "scanned by XXX anti-virus" or "checked to be virus free by XXXX anti-virus". If EAM does not scan outgoing emails,how can a recipient know that they are virus free, especially if there is an attachment?
  13. Yesterday I received the same email 10 times in succession. As it was a large email (15MB) with several attachments, it made for a large download which I did not appreciate. The sender advised that his AV software (unspecified) was updating itself at the time of sending the email . When he became aware of the multiple sends, he killed them by shutting down the entire PC. On looking into this, I found a link which says "The most common reason for many copies of the same email being sent can be traced back to your mailware or virius scanning tools attempting to scan outgoing messages. This tends to interfere with the proper operation of the mail program, such as Outlook ..." Is this something which could happen with Emsisoft Anti-Malware? I often send large emails to multiple recipients, and would hate to think that I could cause problems at their end.
  14. In the blog "13 mistakes to avoid", under the heading "SSL inspection practice", it says " DNS based filtering is the way to go, if you’re worried about your SSL security.". What does this mean? I use the DNS servers provided by my ISP, but I know there are others, some of which are said to offer enhanced security and filtering. Does Emsisoft have any recommendation about which DNS servers to use? (Windows 10 1709, Firefox 58.0.1, EAM 2018.1.1.8439))
  15. I have decided to use the Binsoft WFC,in "Medium Filtering" mode, which bans all outward connections except for those which are specifically allowed. There's a bit of initial setting up, to allow programs such as Outlook, Firefox, EAM, but then it's just a matter of noting any failed connections and allowing them if they are OK, and keeping an eye on the log. Working well so far.
  16. I'm sorry to be a pain, but further explanation is required. I have a legitimate program which uses an outbound connection - call it Program X. When I run X with outbound connections disabled in the Windows Firewall it will not connect and gets an error - no prompt or warning.So I re-enabled outbound connections and looked at how it works in the Behaviour Blocker, which appears in EAM under "Protection". Under "Protection", and then under the "Behaviour Blocker" tab, program X does not appear unless it is running at the time. When I exit from it, X disappears from the list. Under the "Application Rules" tab, X is not listed at all, even with fully trusted applications unhidden and with the program running, so there is evidently no Rule for it. The entry under "Behaviour Blocker", when X is running, shows "Monitored Yes" and "Reputation Unknown". If the reputation is unknown, should I be asked to allow it or not, thereby creating an Application Rule? That doesn't happen, it just runs and connects, even though its reputation is unknown. I assume that the monitoring would pick up any suspicious behaviour and then ask the question, but it seems strange for an "unknown" program.
  17. I don't understand why the default for all outbound connections is "allow". If there is a rogue program on my PC which wants to send out personal details, how does that work? Sure, the rogue program should not be there in the first place if EAM has done its job, but what if it is? I would have thought that when such a program attempts to send its data, I should see a message asking to allow or block, and the response would then become a rule for that program. I can't find anything like that in the Windows Firewall - am I missing something? I have tried with all outbound connections blocked. in the expectation that when a legitimate program tries to connect, I would see a similar message, but no - the legitimate program just gets an error, such as "Socket error" or "cannot connect to server". So it appears to be all or nothing, which I am not too happy about. Advice would be welcomed.
  18. Now that the EIS firewall has gone and we are left to rely on the Windows Firewall, it would be nice to know how to configure it. The Windows Firewall interface seems to be very complicated, with a myriad of different settings - some of which are difficult to understand. It would be great if Emsisoft could provide a list of recommended settings, and how to use it. In particular, how to configure inbound and outbound connections for maximum protection.
  19. "Scan in email data files" is said to be a new setting in EIS 2017.5, but I cannot find it. I have looked in "Settings", and in "Scan > Scanner Settings", but I don't see it. Is this an option that can be turned on or off, and if so, how to do it?
  20. When I started my PC by waking it from hybrid sleep, it crashed on startup with KMODE_EXCEPTION_NOT_HANDLED, code 0x0000001e. According to NIRSOFT's BlueScreenView, the crash was apparently caused by epp.sys, which is a component of EIS, so just wondering if there is a problem. Here is the information provided; I could send the dump file if necessary: Parameter 1: ffffffff`c0000005 Parameter 2: fffff801`d4a1ed8f Parameter 3: 00000000`00000000 Parameter 4: 00000000`00000ab8 Caused by Driver: epp.sys Caused by Address: epp.sys+16630 Crash Address: ntoskrnl.exe+14ec00 Running EIS 2017.5, Windows 10 Home 1607, build 14393.1358, 64 bit.
  21. From time to time, I get an annoying OA pop-up which says "Hidden process detected". The process is identified as "C:\Windows\System32\cmd.exe". In the pop-up, all options are greyed out except "Ignore", which I click and the pop-up goes away, but it will come back a day or two later. I don't believe there is anything wrong with cmd.exe, and in OA Programs it is both allowed and trusted. I have a scheduled task which runs a batch file every x minutes. In the scheduled task parameters, it is set to run under a different username and password which is not logged on, with the "Run only if logged on" box unticked, so it will run entirely in the background, as a subtask. The command in the batch file is "cmd /c start /wait xcopy.......", followed by some xcopy parameters. Could this be causing OA to report a hidden process, because the job is running without a logged on user? Is there a way to stop it, apart from turning off "Hidden processes detection"? Could cmd.exe be added to a safe list? Windows XP SP3, fully patched, OA free, version, also running Total Defense (formerly CA) antivirus.
  22. Many thanks to both catprincess and dallas7 for the useful information provided. I have a better understanding of it now, but it sure is complicated !! As this information is apparently not easily available elsewhere, I would like to suggest that it could be included in the Online Help - perhaps just as a "more information" link on the main Domains help page?
  23. I have installed OA Free, version running on XP Pro, and I have a question about the "Domains" page, because it is completely empty. Are entries added automatically when I visit sites, or from a pre-configured list, or must I add entries manually? I have read the Help for domains, and although it explains quite well about "trusted", "blocked" etc., it does not say much about how entries are added and how they are given a particular status. When I run a program for the first time, OA asks if it is to be allowed, trusted, etc. and then puts that program into the "Programs" list, but a similar process does not seem to happen for "Domains". How does it work?
  24. I have installed the free version When it starts, it asks for a password. I have no idea what to put in, so I just push the Enter key. It comes back with "invalid password", but then when I click OK it starts normally and seems to run normally from then on. How can I get rid of this annoying behaviour at startup? It means that a reboot is not seamless, it requires user intervention before a reboot is complete.
  • Create New...