Search the Community
Showing results for tags 'confirmed'.
Found 3 results
EAM *.7838 Windows 10 Pro 1703 OS Build 15063.540 x64 1. Execute malicious file (Locky variant) 2. Behavior blocker eventually detects suspicious activity, AMN query is performed, Bad reputation is returned, and the behavior blocker auto-resolves the file by terminating and sending to quarantine 3. The malicious process still appears in the behavior blocker list of actively running processes, but the process is not in active memory on the system 4. In the behavior blocker list, right-click on the process and select any of the context menu options and nothing happens (as expected) 5. Reboot system removes process from the behavior blocker active list 6. This same quirk happens when an active Bad reputation process, that just sits there and does nothing to trigger the behavior blocker, self-terminates Locky_Variant__diablo6.zip termsrv.zip
I am using GT500.org as my control site for testing. It is added in surf protection list as a custom entry. Unsandboxed I went to GT500 using 3 different browsers. Edge ..it said blocked but it was on screen. Opera 45.... it did nothing and I went there without issue. Seamonkey 2.46 I was blocked. Screenshots attached. gt.zip
stapp posted a topic in Emsisoft Anti-Malware BetaEAM 7424 on Win 10 Creators Build. The Flash Player Settings Manager in Control Panel will not open unless EAM service is turned off. Debug logs attached. I turned EAM service off and on twice Frank just to make sure that EAM was responsible. a2guard_20170426152920(5700).zip