Recommended Posts

Hi, 
 
Well it's my first spin with EAM so I was dumbfounded as to why EAM is blocking Gmail and
Google-analytics etc. I could not connect to it since yesterday. I already made a rule to "Dont
Block" in EAM>Guard>Host Rules. Saw to it that I rebotted after the rule setting. But it did not
help. See image attached.
 
 
This was going on since yesterday so I disabled Surf Protection in the meantime.I tested Gmail in the next partition I had but it was okay. That partition had Avira/Outpost Pro
firewall. 
 
No issues like that were observed. Booted again to the partition with Emsisoft IS Pack
butthe issue seems to still remain. Thus I decide3d to disable Surf Protection.
Any ideas here..?Oh and also I wanted to ask if I can do a custom install for EAM. If ever I do
not want the Surf Protection as I have Online Armor Premium(as part of the Emsisoft IS Pack)
or any other component for that matter, can I remove them via a custom install? How can I
do that?
 
 
5336542eam_surf.png
 
6943424eam.png
 
In addition, I observed this and compared to the other partition with Avira and Outpost Pro
firewall. I also cannot connect to Wilders on the partition with EAM/OA. See also images on
Gmail. This with Surf Protection disabled. Wilders is placed in OA Premium>Domain>Trusted in
partition with EAM/OA.
 
From partition with Avira and Outpost Pro firewall
wilders_Avira_OP.png
 
 
From partition with EAM/OA
3652286iron_on_emsisoft_pack.png
 
From partition with EAM/OA Dragon portable
7108737eam_dragon_google.png
 
Maxthon Portable in RunSafer
6031089maxthon_port_eam_gmail.png
 
From partition with EAM/OA_Gmail on Google Chrome
9899524g.png
 
Exclude browsers in Guard>Application Rules..correct?
Add new rule>Select Application --browser>Always allow this application...correct?
Question: If I disable Surf Protection will the rules in the Host Rule matter..?
 
I see an "import host file" at the left-bottom corner of the Host Rules tab. Is that the same as
that of the MVPS host file or say, blocklist as that of OA Premium? If it is well it seems to be
redundant because OA has it already. Or EAM's is different from OA's...I Think I saw during an update of EAM that it downloaded a host file or something...
 
On testing if Wilders will load okay when EAM is "off", it was like that. Turning off EAM loads all nicely except Wilders.
 
 
I accidently discovered that when I delete all the Blocklist Pro contents I placed in the
Firewall Blacklist, Wilders opens okay(that is with Surf Protection still disabled). Gmail displays
the same in Dragon/Maxthon Portables. I use the blocklist for OA from http://blocklistpro.com/downloads.html (use the one for Outpost and manually input it to
OA).
 
ubXbqGQ.png
 
I have also an error that I noticed yesterday when I boot to the partition with EAM/OA from
another partition.See image attached. I have already excluded BCDedit / iReboot in EAM and OA but the error still
showed. (exclusions in EAM/OA are highligeted). Any ideas...?
 
3538330bcdedit.png
 
Been 6 days now and the "bcdedit' error is the same. 
 
Earlier I turned on the pc and EAM did not start (using Win 7 SP1). I had to start it manually. After a restart it was okay. I will observe again.
 
I was placing a file on the exclusions of EAM. Guard>Application Rules>Add new rule>Select Application --browser>Always allow this application...correct? And then I tested if EAM will scan it. It did. How can I effectively exclude a file from being scanned..?
 
How can I exclude a folder from being scanned..?

 

When I was using just OA Premium, it felt heavy on the system and it would be slow...bordering on dead slow..like my experience with Bitdefender. But this version is different. It's okay and zippy. Just these issues I experience mostly with EAM and of course the 'blocklist'. Previosuly I was using the blocklist from COU but Ms. Donna has passed away... :( that was a great loss..
 
Anyway, please help me as I wanna make this one work out :)
 
Thank you!

Share this post


Link to post
Share on other sites

Have you searched for any of these blocked websites in EAM's Host Rules? Have you checked the logs in EAM and OA to see if they show the websites being blocked?

Share this post


Link to post
Share on other sites
I booted and the same error with the "bdcedit" showed. See image.
 
 
8803079bcd.png
 
 
This is the most prominent in the EAM logs(when Surf Protection is still "on").
 
7254054ga.png
 
There is no wilderssecurity.com in the host file. I use the same blocklist in Outpost but Wilders is not blocked. Placing it in the domain of OA as "Trusted" should allow all to display correctly and not be blocked as I clicked "Ignore Online Armor domain list" right? 

 

 

See host file of OA.
 
4957786host.png
 
I am using the MVPS Host file for April 2013. 

 

 

This is the behavior with Surf Protection "on" for EAM but no Blocklist in OA. Wilders displays right/correct. Exclusions as stated in the previous post. 
 
6137082surfon.png
 
OA issue...right..or something else?

 

May I be enlightened on these please:
 

Question: If I disable Surf Protection will the rules in the Host Rule matter..?
 
 
 

I see an "import host file" at the left-bottom corner of the Host Rules tab. Is that the same as
that of the MVPS host file or say, blocklist as that of OA Premium? If it is well it seems to be
redundant because OA has it already. Or EAM's is different from OA's...I Think I saw during an update of EAM that it downloaded a host file or something...
 

 

 

 

Or is OA's Host File different from the MVPS Host file? If I have a host file for OA and MVPS host file, is it advisable to run both..? What if I "import a host file" in EAM..what now...? Isn't this redundant...host file in EAM and separately a host file in OA? Or both are the same..?

 

What blocklist do you guys recommend with OA..?

 

What Host file do you recommend with OA?

 

..with EAM..?

 

Here is what I use: (as of the moment have deleted all (text files) from OA)

 

http://blocklistpro.com/viewcategory/9-blocklists-zip-files.html

 

BlocklistPro has it's own Host file but I do not use it.


 

 

 

 

 

Share this post


Link to post
Share on other sites

Which HOSTS file or blocklist you use if up to you. hpHosts and MVPS HOSTS are both good.

Would it be possible for you to attach your screenshots to your posts? They are all too small for me to read, and clicking on them only takes me to the bild.me homepage.

Also, lets get an OTL log, since it sounds like this is more than just an EAM/OA issue. Please run OTL by following the instructions below:

  • Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  • Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  • Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

Share this post


Link to post
Share on other sites
Here are the direct links I have. I have already deleted the other images as I have printed it already in .pdf so I do not have any copy here with me. I am attaching the OTL text files for your perusal. The machine with EAM/OA is in
a 3 boot arrangment. The other partitions are with Avira IS/Outpost Pro ver8 Firewall/ Exploitshield Alpha and Avast IS ver8. Uploading also seems taking forever or my ISP is fx$#%@kng with me again :(
 
 
 
 
 
 
 
 
 
 
 
 

 

Share this post


Link to post
Share on other sites

Do you connect to the Internet through a mobile broadband card?

 

Hi GT500,
 
Yes and sometimes through an old dial-up service. 
 
I accidentally ( I think ) solved the issue with iReboot / bcdedit.exe error I am having all I needed to do was "allow" ICMP / RAW in the Fiurewall settings of OA. 
 
Question: Is it okay to allow it? While I think it's a safe application I am dumbfounded as to why I am having this error with OA. 
 
Thanks again for the help here.
 
Raul90

Share this post


Link to post
Share on other sites

Question: Is it okay to allow it? While I think it's a safe application I am dumbfounded as to why I am having this error with OA.

ICMP isn't a major security risk. People will be able to ping your IP address over the Internet, but you will still be protected by Online Armor.

As for iReboot specifically, it appears to be from NeoSmart Technologies, which is supposed to be a reputable software company (I've used their EasyBCD in the past).

bcdedit.exe is a Microsoft program called "Boot Configuration Data Editor", and it is safe (as long as you don't accidentally break your boot configuration with it). You can read a little more about it here.

Share this post


Link to post
Share on other sites
Thanks for the infomation/explanation there. The issues seems to have died down but I am "not" (still) using a blocklist in OA. I do not know why when I use a blocklist some sites don't display right eventhough they are not listed in the said blocklist..
 
Any particular blocklist you suggest so I can try it out in this prtition...? I'd like very much to try it out. 
 
Along this line, the other partition with Avira (IS --no firewall/Proactive/Backup) and Outpost Firewall Pro ver8 is now, Avira + OA. Just uninstalled OPver8 in the meantime and installed OA to observe whether it is an OA issue with the blocklist or an EAM issue evethough Surf Protection is "off". 
 
On Neosmart Technologies, I have also EASYBCD and I've been using it a long time now. With iReboot about two years since I did a triple-boot. 
 
On the other questions I posted, allow me to ask again please:
 
1. 
 

I see an "import host file" at the left-bottom corner of the Host Rules tab. Is that the same as that of the MVPS host file or say, blocklist as that of OA Premium? If it is well it seems to be redundant because OA has it already. Or EAM's is different from OA's...I Think I saw during an update of EAM that it downloaded a host file or something...
 
 
Does EAM have it's own host list? I seem to catch a glance when it updates that it downloads a host list...If it does, what's the difference with that of MVPS or hpHost's..? To have both seems to be redundant..correct?
 
2. 
 

Question: If I disable Surf Protection will the rules in the Host Rule matter..?
 
Will it..?
 
3. Is this the correct way of "excluding a process" from the Behavioral Shield..?
 

Guard>Application Rules>Add new rule>Select Application --browser>Always allow this application.
 
4. Isn't it redundant/overkill to have a Behavioral Shield (EAM's Mamutu)and (OA's)HIPS running...? Some insights will be helpfull so I can distinguish both.
 
5. How can I exclude a file or folder from being "scanned again" in EAM..?
 
Thanks again and will wait for your reply. 

Share this post


Link to post
Share on other sites

Any particular blocklist you suggest so I can try it out in this prtition...? I'd like very much to try it out.

I am not personally aware of any. The last time I did a search I was only able to find one that was in the format that Online Armor uses, however I imagine that there are more than one out there.

 

Does EAM have it's own host list? I seem to catch a glance when it updates that it downloads a host list...If it does, what's the difference with that of MVPS or hpHost's..? To have both seems to be redundant..correct?

Yes, we maintain our own Host Rules for EAM so that the Surf Protection offers protection against malicious websites without needing to import your own rules. We actually used to use the database from hpHosts to supplement our host rules, however we are currently maintaining the database on our own. The databases in MVPS HOSTS and hpHosts will contain things that we do not include in our Host Rules. For instance, Steven Burn will add things to hpHosts that we wouldn't normally add to our own Host Rules.

 

 

Question: If I disable Surf Protection will the rules in the Host Rule matter..?

I remember this question, but I thought I had already answered it. The Host Rules are the rules for the Surf Protection. No other component in EAM uses them, so if you turn off Surf Protection then the Host Rules are not being used.

 

3. Is this the correct way of "excluding a process" from the Behavioral Shield..?

Guard>Application Rules>Add new rule>Select Application --browser>Always allow this application.

Technically that's not 'excluded', that's just set to "Always Allow". The program would still be monitored, it would just always be allowed rather than asking you what to do. If you want to completely exclude something from protection, then follow these instructions:

  • Open Emsisoft Anti-Malware from the icon on the desktop.
  • Click Guard in the menu on the left.
  • Go to the File Guard tab.
  • In the lower-left corner, just above Alerts, click on the Manage whitelist link.
  • In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear).
  • Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button.
  • Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it.
  • Repeat the last 3 steps as needed to add each file to the exclusions list.
  • Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.

4. Isn't it redundant/overkill to have a Behavioral Shield (EAM's Mamutu)and (OA's)HIPS running...? Some insights will be helpfull so I can distinguish both.

The Behavior Blocker in EAM/Mamutu and the HIPS in Online Armor work differently. The Behavior Blocker actually tries to determine if a program is safe, whereas anything not 'Trusted' in OA will generate a warning about behavior monitored by the HIPS.

 

5. How can I exclude a file or folder from being "scanned again" in EAM..?

The process is similar to adding a Process exclusion to the Whitelist, however you would add it as a File exclusion rather than a Process exclusion.

Share this post


Link to post
Share on other sites
 

 

Hi,
 
Thanks for the reply and explanation there.
 
This is a bit long and I beg for your patience and understanding as to the "bcdedit.exe error" I am experiencing while using EAM / OA. 
 
As of last post I mentioned that I now set the second partition which formerly was Avira IS (no firewall etc) + Outpost Firewall Pro ver8 to have Avira IS (no firewall etc) + Online Armor Premium. Now I am also having bcdedit.exe error as of the partition with EAM/OA (let's call it partiton A). See image attached. 
 
33dh309.png
 
This partition when it was with Avira IS (no firewall etc) + Outpost Firewall Pro ver8 (let's call it partition B) "never" had any issues like this one. 
 
I used the same partition as of the EAM/OA. What I did was to make an image of the partition using Acronis True Image 2011. Deleted the partition housing the former Avira IS (no firewall etc) + Outpost Firewall Pro ver8 and restored that system image to it.
 
a. imaged partiton A with EAM/OA
b. deleted/formatted partition B
c. restored imaged partiton A with EAM/OA to partition B
d. uninstalled EAM via Revo Uninstaller, rebooted 2x
e. installed Avira IS (no firewall etc) and updated it via the internet). 
f. rebooted
g. error in bcdedit.exe
 
Now I have searched for some possible resolve in this issue as I do not want to just not use a prduct because of this. I made an upgrade of iReboot from 1.0 to iReboot 1.1.1. Now I remember that the reason that I was using 1.0 is that I do not want iReboot 1.1.x trying to use port xxx (I think I was with Comodo at that time (or Avast IS firewall). For me those that do not need to call home I block.
 
I went to Neosmart Forums and saw this:
 

iReboot 1.1.x needs an open port to work talk between the service and the taskbar icon to get around UAC....
 
If you really don't want this, you can use iReboot 1.0 which did not have that feature...
 
iReboot doesn't open a port on the
physical network adapter, it uses the local loopback IP 127.0.0.1 which won't trigger a WoL call to the physical LAN adapter...
 
This is the link where I got the info,
 
 
Now as of this writing, I am leaning on the idea that it's OA whose blocking or not allowing iReboot to function properly eventhough that it's iReboot 1.0.x which as stated in a thread in Neosmart forums does not behave like iReboot ver1.1.1(uses the local loopback IP 127.0.0.1 and needs an open port to work/talk between the service and the taskbar icon to get around UAC).
 
This is what I see in 'Process Hacker ver2 > Network':
 
Name : iRebootd.exe (3956)
Local Address : 0.0.0.0
Local Port : 9076
Remote Address:
Remote Port: 
Protocol : TCP
State : Listen
Owner : iReboot
 
I was not able to check the behavior when I was still in iReboot 1.0.x (sorry..dont wanna revert back to an image..I'm tired now). Also I cannot check the Process Hacker log as I do not have internet at the moment as the dumb guys of my ISP have borked something and connection is not available at the moment(well at least not now). 
 
Now as mentioned I have upgraded to iReboot 1.1.1 and I see that the issue has disappeared for both the partitions (Partition A and B). I have booted around 5x on both partitions, even coming from a cold boot and there is no issue. 
 
While the issue is solved, I'd like some explanation as to why is this happening in OA ver6 and iReboot ver1.0.x. 
 
Now to test I blocked iReboot in the firewall and removed it from the "Exclusions" and rebooted. There was no error of the same sort but I cannot even use iReboot now. I cannot even right-click the icon to select what partition I would like to boot to. 
The icon is there but I cannot use the application. Checking 'Process Hacker ver2 > Network' there was no entry of iReboot. 
 
This is the pop-up that OA gave when it booted. 
 
2r2xkeb.png
 
In the "History" tab it says there,
 

C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe (?) (2364) wants to start C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe(?) (3500)
 
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe (?) Outgoing TCP acces blocked to: 127.0.0.1:9076
 
So I set in the Firewall,
 
Status: Allowed
ICMP: Blocked
RAW : Blocked
Program: iReboot.exe
Program Name : iReboot
 
Not Excluded: "C:\Program Files\NeoSmart Technologies\iReboot"
 
 
Logged-off so OA will adopt the new rule. After I came from the log-off, I got a pop-up from OA asking me about iReboot as it blocked it. I clicked "Allow" (just 'Allow' and not 'Trust'). See image below.
 
2zq9b9w.png
 
 
After I "allowed" it, I got a second pop-up from OA warning me of iReboot wanting to remotely control another process. I clicked "Remember my decision > Allow". Afterwhich I checked via the right-click if iReboot will function. It will not and I still cannot use iReboot > right-click to select a partition to boot to. 
 
29esnde.png
 
I tested again and changed the rule in the firewall to:
 
Status: Allowed
ICMP: Allowed
RAW : Allowed
Program: iReboot.exe
Program Name : iReboot
 
Excluded: "C:\Program Files\NeoSmart Technologies\iReboot"
 
Afterwards rebooted. I got a pop-up about iReboot asking to 'Create a rule' about loopback. I answered, 'Create Rule > Allow'. Another pop-up came asking about "A program wants to run" C:\Program Files\NeoSmart Technologies\iReboot\bcdedit.exe on which I answered "Remember my decision > Allow" after that I logged-off so OA will adopt the rule. See images below.
 
 
1q0h1y.png
 
 
eskahz.png
 
 
After coming off from the log-off I checked and I can now use iReboot. See image below. 
 
5khkb4.png
 
 
So in order for iReboot to run properly the firewall rule has to be:
 
(Rule 1)
 

in "Firewall",
 
Status: Allowed
ICMP: Allowed
RAW : Allowed
Program: iReboot.exe
Program Name : iReboot
 
Status: Allowed
ICMP: Allowed
RAW : Allowed
Program: bcdedit.exe
Program Name : Boot Configuration Data Editor
 
in "Programs", ("Allowed" but not necessarily "Trusted")
 
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\bcdedit.exe
 
Not Excluded : C:\Program Files\NeoSmart Technologies\iReboot
 
 
or,
 
(Rule 2)
 

Status: Allowed
ICMP: Ask
RAW : Ask
Program: iReboot.exe
Program Name : iReboot
 
Status: Allowed
ICMP: Ask
RAW : Ask
Program: bcdedit.exe
Program Name : Boot Configuration Data Editor
 
in "Programs", ("Allowed" but not necessarily "Trusted")
 
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\bcdedit.exe
 
Not Excluded : C:\Program Files\NeoSmart Technologies\iReboot
 
--
 
Question:
 
If you exclude the folder "C:\Program Files\NeoSmart Technologies\iReboot" in the Exclusions tab, why does OA still block iReboot processes...? 
 
Ain't it suppose to be that the whole folder and everything in it get's automatically allowed? 
 
In iReboot ver1.0.x exclusions were in place for "C:\Program Files\NeoSmart Technologies\iReboot" but still there was an error of bcdedit.exe. 
 
 
When I upgraded iReboot to ver1.1.1 there was no error of the same kind. Exclusions for "C:\Program Files\NeoSmart Technologies\iReboot" were still in place and so as the rule set:
 

in "Firewall",
 
Status: Allowed
ICMP: Allowed
RAW : Allowed
Program: iReboot.exe
Program Name : iReboot
 
Status: Allowed
ICMP: Allowed
RAW : Allowed
Program: bcdedit.exe
Program Name : Boot Configuration Data Editor
 
Excluded: "C:\Program Files\NeoSmart Technologies\iReboot"
 
in "Programs", ("Allowed" but not necessarily "Trusted")
 
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
Allowed > C:\Program Files\NeoSmart Technologies\iReboot\bcdedit.exe
 
NOTE: iRebootd.exe is not included (it maybe because "C:\Program Files\NeoSmart Technologies\iReboot" is excluded that there was no pop-up or any kind in reference to iRebootd.exe)
 
 
 
So what is the best rule in OA for iReboot...? 
 
Also since you have to Allow > TCP Outbound for iReboot to run, how can it be controlled as to not call home or connec to any site other than local loopback IP 127.0.0.1...?
 
 
10r7sye.png
 
 
I do appreciate the help and again please have patience on this long post. I really wanna make this one work well. 
 
And by the way there was no pop-up of any sort for EAM. 
 
Thanks. 

Share this post


Link to post
Share on other sites

I'd like to attach this photo(edited) so it would not cause confusion. I  marked the partitions with the Avira_OA and EAM_OA in it. 

 

vh6sd2.png

 

Thanks for the patience. 

Share this post


Link to post
Share on other sites

Assuming that all NeoSmart applications on your system are in subfolders of C:\Program Files\NeoSmart Technologies, then may I ask if you have tried adding that folder to the exclusions rather than just adding each folder individually?

Share this post


Link to post
Share on other sites

Assuming that all NeoSmart applications on your system are in subfolders of C:\Program Files\NeoSmart Technologies, then may I ask if you have tried adding that folder to the exclusions rather than just adding each folder individually?

 

Hello GT500,

 

I tried that the first time I had installed EAM/OA and got the bcdedit.exe error the first time. I thought that it was EasyBCD that is being blocked or somewhat conflicting with EAM and OA. In OA I placed the exclusions and also allowed iReboot / Easybcd.exe in the firewall. 

 

It was only when I had to exit/re-start iReboot everytime I was to boot to the other partitions that I had the inkling that it might be iReboot that's conflicting and not EasyBCD. When I checked both folders has "bcdedit.exe". Even when I removed the exclusions for,

 

C:\Program Files\NeoSmart Technologies\iReboot

 

still had the error. There was also no pop-ups(still at iReboot ver1.0).  I upgraded to iReboot 1.1.1 from 1.0 and it disappeared. 

No errors of the same kind but pop-ups occurred specifically for iReboot. 

Share this post


Link to post
Share on other sites

If you removed the exclusion, then Online Armor will monitor any executables running out of that folder. You can make sure that an executable is marked as Trusted and Allowed in the Programs list to prevent notifications from being displayed by Online Armor for that application.

Share this post


Link to post
Share on other sites

May I ask again if,

 


 

So what is the best rule in OA for iReboot...? 
 
Also since you have to Allow > TCP Outbound for iReboot to run, how can it be controlled as to not call home or connec to any site other than local loopback IP 127.0.0.1...?

 

Personally I do not want to exclude something which is not a security application like that Avira, Malwarebytes..etc. So I am asking what maybe the correct/safe rule for iReboot.

 

Thanks and will wait for your reply.

 

 

Share this post


Link to post
Share on other sites

I don't know of any reason why you should be concerned about iReboot having Internet access. Exclusions should be perfectly safe for that application, however you can mark it as Allowed and Trusted on the Programs list and Blocked on the Firewall list, which should achieve what you are wanting.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.