norton737

a-squared Anti-Malware 5.0 - Beta discussion

Recommended Posts

Just done a reinstall of 4.5 and clicked on the Emsisoft news link and this alert popped up (picture below).

Upgraded to 5 click on the same link and no pop-up, even with all surf protection settings on Alert

Browser=Firefox 3.6, no other security software, Windows 7 32Bit

A bit disconcerting when the main news page brings up an alert about malware distribution!

I`m fine because i realise what it`s about, others may be alarmed by it though.

Just a FYI

Cheers,

Mattchu

p.s. Sorry should have been a C not a c :rolleyes::D

Share this post


Link to post
Share on other sites

Upgraded to 5 click on the same link and no pop-up, even with all surf protection settings on Alert

Please be sure to reboot after installing the upgrade. Otherwise the Behavior Blocker may not be active.

Share this post


Link to post
Share on other sites

Still having the high CPU load (up to 40 percent) if surf protection and/or behaviour blocker is active. Version 5.0.0.32 is the latest, right?

Share this post


Link to post
Share on other sites

Greetings all

Some issues with Anti-Malware beta 5

{Windows 7 Home Premium x64, all recent patches; currently a2Start v 5.0.0.32, a2service v 5.0.0.16}

1st the issue with Windows Security Center as I reported in

http://support.emsisoft.com/topic/1569-a2-not-detected-by-windows-security-centre/page__pid__8109__st__0entry8109

were fixed.

I am mentioning this because at that time Avira was not uninstalled but properly shutdown.

All issues reported below were tested with Avira left and then uninstalled, which made no difference

1) Driver / files leftovers

When uninstalling Anti-Malware the OnExecution Driver (or currently a-squared Malware_IDS utility driver) can be left behind

Uninstallation was performed via Add/Remove;

It seems like the driver will be uninstalled if the service stopped and disabled

The base folder has leftovers after uninstall too

The driver is not active and can be disabled / uninstalled but it does create some problems

That is definitely not the user who has to discover that and figure that out

1_1-OnExecutionScanDriver_Leftover.jpg1_2-Malware_IDS_UtilityDriver_c.jpg

1_3-A_M_Beta5_Uninstall_leftovers.jpg

2) Setting up Scheduled Scan

The default setting is 12:00PM Daily

Any attempt to change it whether the time (say to 8:PM) / or set Weekly / or to interval

displays the error about wrong value and the suggestion to press Escape, which change it back to the default 12:00PM

2-Scheduler_Invalid_Input_c.jpg

3) Connection & IE8:

Stressing - below describes the situation when IE8 64 is the default browser

There are no problems whatsoever with Firefox and it seems like IE8 32bit is working fine as well

After reboot there is huge delay until user can start IE8

After that system reporting that there are problems with connection.

There is no such problem – the laptop connected to the same router XP Pro is on and you can use the connection.

If I wait for ~3-5 min or more all will be fine ... "it fixes itself" (???)

… but the user impatiently clicking and creating dozen of instances of IE that should be closed after IE eventually “wakes up”

No respective rules are created / there are no Alerts

At the same time when IE8 comes back from “nirvana” it will periodically hang

The only way is to kill all sessions via Task Manager

None of the options changed in A-M would help: disabling startup/ surf protection/ etc.

The only thing that seems to work are:

a) disable startup / stop & disable the the service/ disable the driver > Reboot

B ) complete uninstall of A-M / manually uninstall Driver ( if present) / delete the folder leftover / clean the registry > Reboot

3_1-IE8_StoppedWorking_c.jpg3_2-Tab_recovered_c.jpg

4) Manual Update

can hang forever. There is no timeout. The log file will show the failure but you have to close the Application and start the update again

4_1-Update_Hanging_c.jpg4_2-Manual_updateError_c.jpg

My regards

p.s. I had to use ImageHost since having problem with global quota for some reason (?)... total size of the images is just 734KB

Share this post


Link to post
Share on other sites

I am having problem with the new public beta.

The problem concerns the service www.imagevenue.com AM 5.0 does not

recognize him or wrong recognize and gallery displaying the window

Milon

times asking for permission to connect (attachment no.1 Trying to

connect

to host was probably dangerous detected. Possible that this is a

party,

which spreads malicious software (eg: adware, spyware, trojans,

viruses-recommended by AM: block).

beztytuu0.th.jpg

It does not help to add a permanent rule to the exception, with each

new

page automatically pops up window, which can not be close, hide,

delete,

but on every must click "accept".(attachment no.2).

beztytuu2bn.th.jpg

I think it is a part

of

who shortcomings will be quickly repaired. The problem was also reported

in

version 4.5

Please fix this now pernamently.

Share this post


Link to post
Share on other sites

ok ive been noticing this for a few days now, but can someone tell me if there is a program update EVERY day? cuz it seems at some point in the day, after a signature update i get a popup right after saying i have restart A2 to load new modules.

Share this post


Link to post
Share on other sites

I am having problem with the new public beta.

The problem concerns the service www.imagevenue.com AM 5.0 does not

recognize him or wrong recognize and gallery displaying the window

Milon

times asking for permission to connect (attachment no.1 Trying to

connect

to host was probably dangerous detected.

What language version of Windows do you use?

Share this post


Link to post
Share on other sites

When uninstalling Anti-Malware the OnExecution Driver (or currently a-squared Malware_IDS utility driver) can be left behind

Uninstallation was performed via Add/Remove;

It seems like the driver will be uninstalled if the service stopped and disabled

The base folder has leftovers after uninstall too

This won't change. The installer only removes files it installed. Every other way will cause havoc. I saw plenty of people installing into c:\windows or c:\program files. If the uninstaller would remove all files from there it would essentially trash the system. So yes, if you install version 4.5, update to 5.0 and uninstall there will be leftovers and we won't do anything about it.

The default setting is 12:00PM Daily

Any attempt to change it whether the time (say to 8:PM) / or set Weekly / or to interval

displays the error about wrong value and the suggestion to press Escape, which change it back to the default 12:00PM

I forwarded it to the correct developers.

Share this post


Link to post
Share on other sites
... So yes, if you install version 4.5, update to 5.0 and uninstall there will be leftovers and we won't do anything about it

Thank you for reply, Fabian

If I understood you correctly that is just temporary until the stable v5 Installer released.

As for IE8 question is it advisable at the moment to use 32bit version and/or Firefox?

Does the problem indeed exist re: 64bit IE8?

I'm asking since I am not always having access to that system.

My regards

Share this post


Link to post
Share on other sites

There were program updates almost every day for about a week now. You can take a look at them here as well:

http://www.emsisoft.com/a2/changelog/personalbeta/

the changelog all seems to show signature updates, signature updates shuldnt have me needing to restart A2 every time? i just had another update that required an A2 restart a minute ago as well, just seems strange.

Share this post


Link to post
Share on other sites

You didn't look very closely then. Just to name a few ...

2010-03-03 16:31:

 Guard module (Host blocker) (revised)
 Host blocker module

2010-03-02 15:42:

 File guard module (x86) (revised)
 File guard protection module for x86 systems - 1.0.408.0

2010-03-02 15:41:

 File guard module (x64) (revised)
 File guard protection module for x64 systems - 1.0.408.0

2010-03-02 15:41:

 File guard module (revised)
 File guard protection module - 1.0.408.0

2010-03-01 19:40:

 Security Setup Wizard 5.0 BETA (revised)
 Tool to setup the security configuration - 5.0.0.19

2010-03-01 19:39:

 Anti-Malware 5.0 BETA (revised)
 Main application including scanner and configuration - 5.0.0.32

2010-03-01 19:38:

 Scanner Module
 Scanner redirector for backward compatibility - 5.0.0.1

2010-03-01 19:37:

 Protection Guard 5.0 BETA (revised)
 Background guard with file guard, behavior blocker and surf protection - 5.0.0.20

2010-03-01 19:36:

 Service (revised)
 Service application for non admin support - 5.0.0.16

2010-03-01 19:35:

 WSC module (revised)
 Windows Security Center module - 5.0.0.1

I will ask the GUI team to take a look at it though.

Share this post


Link to post
Share on other sites

what is difference this is a mistake in the program, rather than language.

Yes, but eastern European language versions tend to use Unicode which makes quite a difference when it comes to loading and saving settings which is most likely to cause the problem you experience.

Share this post


Link to post
Share on other sites

ye the past 3 regular updates have ALL required a program restart, so either the dev's are working like crazy putting out program updates or there's somethin else going wrong with sig updates.

Share this post


Link to post
Share on other sites

ok ive been noticing this for a few days now, but can someone tell me if there is a program update EVERY day? cuz it seems at some point in the day, after a signature update i get a popup right after saying i have restart A2 to load new modules.

There were program updates almost every day for about a week now. ...
ye the past 3 regular updates have ALL required a program restart, so either the dev's are working like crazy putting out program updates or there's somethin else going wrong with sig updates.

Hi Firzen771,

Following this conversation I can confirm that there were no requests for any restarts unless there were modules delivered as Fabian pointed

My test system is win7 Home Premium x64

Sorry for this annoying question again ;), but what OS are you running for testing beta?

Despite some really minor issues I am having currently (some may or may not relate to a2 v5 directly - that has to be investigated) and therefore performing several uninstallations / re-installings / changing the setting to notify about Program restart or doing it silently I can confirm for sure that just receiving the signatures will not trigger A-M's restart here

Cheers!

Share this post


Link to post
Share on other sites

No recent problems with the beta here, not to serious at least. I still notice a fairly big CPU spike every now and again and most of the time when I am on the internet but I am not sure if this is directly related to a2 or not.

Share this post


Link to post
Share on other sites

Help on here is just as bad as opening a support ticket, I was convinced I was communicating with a bot. Until all bugs are fixed I am abandoning Emisoft even at the expense of having purchased a license, You guys need to learn about customer satisfaction if you ever want to make a profit.

Share this post


Link to post
Share on other sites
Help on here is just as bad as opening a support ticket, I was convinced I was communicating with a bot. Until all bugs are fixed I am abandoning Emisoft even at the expense of having purchased a license, You guys need to learn about customer satisfaction if you ever want to make a profit.

Hi marcEmarc, welcome to the forum

Please consider - that it is a beta testing in the 1st place.

I hope you've read all notes by EMSI developers about beta testing even prior to public release.

You can find similar advices regarding any beta testing by any Software whether that's security related or not... there can be problems and that is never advisable to run betas on your working PC

As for the support here or via the ticket - there were no problems so far. There could be some understandable delays, but not more than that

I hope you will understand and accept that

It's just your 2nd post here in the forum

You first post does not provide much info:

Not sure if this has been mentioned I cannot find the answer but beta 5.0 has screwed the right click

The Right-Click works fine here, for example, on Win 7 Home Premium x64

At the same time if you want to test the new beta product you have to be very experienced (probably you are) when running two AV solutions (Vipre in your case) or better uninstall the other one properly and test the beta

My regards

P.S. as a matter of fact Vipre had (has) compatibility issues with other security products regardless (not the betas) as it was reported in our old forum and in other sources out there. You have to know how to set up several security for "mutual coexisting" and even that may not always be a workable solution as in Vipre case. Almost every Security have a special list of absolutely incompatible Software.

Share this post


Link to post
Share on other sites

I am having problem with the new public beta.

The problem concerns the service www.imagevenue.com AM 5.0 does not

recognize him or wrong recognize and gallery displaying the window

Milon

times asking for permission to connect ...

... Please fix this now pernamently.

Hi, embugbetrep-

In addition to what Fabian has said, all detections made by the Surf Protection module are based on the list available at HpHosts, which EMSI use under license.

The detection you use for illustration is listed by hphosts. However, the top level domain is not listed.

It is the responsibility of the owner of the sites that are listed to contact HpHosts and request that they be removed from the list, not EMSI's.

Share this post


Link to post
Share on other sites

Hi,

Still having start-up issues with the latest beta. It installs okay, but then on restart, the system hangs whilst trying to start my programs (NIS2010, PrevX and A2). I had turned the File Guard off (only Behavior Blocker and Surf Protection were active). The system is totally unresponsive to any mouse-clicks and even CTRL, ALT + Delete took 3 minutes to respond. I am on Win7 64bit. I have had to uninstall A2 to even send this post!

Regards,

Neil

Share this post


Link to post
Share on other sites

Hello guys,

Just tested AM v5 beta on windows xp.Everything seems working fine.Some old known bug fixed including the Quarantine problems in chinese system.

And my finding as follows

Translation should keep update.These messages still shown in english.

Share this post


Link to post
Share on other sites

Hi

I had an issue with a false positive from a2 antimalware beta version 5.0.0.32

I have the Trusteer Rapport toolbar (from http://www.trusteer.com) installed on my computer as recommended by several of my banks to help prevent phishing etc.

It uses kernel level anti-DNS-spoofing and anti-keylogger protection and injects code/DLL into browsers to prevent hijack attempts. I had an issue that a2 changed my allow in the popup to block which caused Rapport to crash and my keyboard to stop working! Every letter I tried to type failed, instead on the screen I got: abcd (as in each letter I pressed showed the next letter in the alphabet). A PC restart solved the keyboard issue, temporarily, but when I next started my browser the same occurred.

I have now resolved this by excluding the Rapport service executable from a2 protection.

Any further advice?

Share this post


Link to post
Share on other sites

Hi,

Im currently having problems with the windows taskbar. I have Windows 7. When A2 is installed tasks buttons doesnt work when clicked. When A2 is uninstalled they suddenly start to work. An image is worth a thousand words. See below.

51377439.png

Thanks in advance

Share this post


Link to post
Share on other sites

The problem you describe was fixed in the past and was caused by the Explorer integration. So if you are 100% sure you rebooted after updating I will forward it to the developers for an additional review. Additionally it would be helpful if you could again install 5.0, reboot and deactivate the Explorer integration within the Anti-Malware configuration to see if the problem disappears.

Share this post


Link to post
Share on other sites

The problem you describe was fixed in the past and was caused by the Explorer integration. So if you are 100% sure you rebooted after updating I will forward it to the developers for an additional review. Additionally it would be helpful if you could again install 5.0, reboot and deactivate the Explorer integration within the Anti-Malware configuration to see if the problem disappears.

Problem is resolved if I deactivate Explorer integration. Upon reactivation and reboot problem appears again. Also, currently using 5.0.

Share this post


Link to post
Share on other sites

Greetings all,

I would like to elaborate a bit on #3 “Connection & IE8: ” item posted by me above

{Windows 7 Home Premium x64, all recent patches; currently a2Start v 5.0.0.32, a2service v 5.0.0.16}

============ March 6-7

1) due to lack of time for investigating a problem I have to admit that I was wrong about

... There are no problems whatsoever with Firefox and it seems like IE8 32bit is working fine
IE 32 bit suffers the same issue. I just made it the default one.

Firefox is suffering from the same symptoms if installed and set as default browser , but very rare. The symptoms for IE is 100% replicable here , the Fox “survives” in most cases for the reasons I could not explain yet.

2) The problem is definitely related to the very 1st attempt to auto-update by a2 after the Reboot

See attached logs and the image (I photoshoped / “moved” the sysTray part in order to make the image smaller)

IE8_Hanging_combo_1.jpg (see When_IE_hanging.txt)

a) the hanging seems to occur while a2 tries to establish connection 1st time after the Reboot

b ) there is no indication yet in the Firewall log. And that is taking a long time.

c) then the connection is established ; you can see the firewall event & the green arrow indicating the update / the update ended / you can visit update log already but the browsers remains unresponsive

d) The firewall still indicating the connection to the server and that can last a minute or more despite the update already ended.

e) currently the interval is set as 30 min for the auto-update. It seems like none of the subsequent updates will cause the browser to hang.

Some difference between the reaction of different browsers – the image is showing that the Fox is already available where IE on at the background is still hanging

Its image on the background is dimmed

FoxOn_IE_Haning.jpg

============== March 8

Today the first auto-update did not arrive at all. I waited for ~5min. IE was not working

I started Manual Update that was unsuccessful as well

NoAuto_NoManualUpdate_NoIE.jpg (see extract_ConnectionError.txt)

Then I stopped the service. IE came alive.

I started the service and then restarted a2 manually. Next auto-update was fine.

My regards

Share this post


Link to post
Share on other sites

on the x64 vista machine, with the latest public beta, surf protection works, filebrowsing remains fast, but high cpu usage of process a-2service is back if either surf protection or ids is turned on.

Yep. up to even 40% on my pc, that is a bit high for my taste for an "idle" machine. :D

Share this post


Link to post
Share on other sites

Yep. up to even 40% on my pc, that is a bit high for my taste for an "idle" machine. :D

In that case you have one application in the background that is causing a lot of IDS events. Teamspeak 3 with activated application scanner is one example. You may want to run Process Monitor for a while and record all activities to see which file is causing the excessive amount of events. You can save the log and send it to [email protected] as well if you want me to take a look at it.

Share this post


Link to post
Share on other sites

Since I wanted do test further "the 1st auto-update & IE hanging" as reported above,

I uncheckhed the the respective option "Enable AutoUpdate"

It turned out - that the setting cannot be altered on the the respective Tab. It's not picked up by a2

The only way is using "turn off" link on the main GUI Screen

{edit} No, that did not work.

The indication was on "in read", but after the reboot it's back "On" again and that was an auto-update

(probably that will stay "Off" during the session. but that's not what I am testing now)

My regards

Share this post


Link to post
Share on other sites

I have experienced system freezes when manually updating A2. Sometimes this happened when I updated after turning the system on, sometimes it happened after the system had been on for several hours (and previous updates had been successful).

What happens is that I right-click the Notification Area icon, select Update Now and the Update window opens. The Window shows 'Downloading update information' and the copyright icon spins away in the lower left corner. After about 10 or 20 seconds, the computer becomes unresponsive. The mouse pointer can be moved around the screen, but ctrl+alt+del does not work, nothing can be selected, Start menu will not respond, no right-click menus appear etc etc.

Other programs resident include Logitech Setpoint 5.20.40, Logitech G Series Key Profiler (Release32), Windows Blinds 7.

Share this post


Link to post
Share on other sites

I have experienced system freezes when manually updating A2. Sometimes this happened when I updated after turning the system on, sometimes it happened after the system had been on for several hours (and previous updates had been successful).

Auto-Updates don't work with A-squared Beta 5.0?-

Win 7(32), PCtools Plus FireWall, MBAM & AntiVir free on-demand.

I had similar system freeze problems with 4.5... "auto-updates" (update arrows would go forever, and then system freeze when I tried anything/Unresolved post), and decided to give 5.0... a try yesterday?

It seemed that downloads/browsing (FireFox 3.6) were a little faster, but 1hr auto-updates never did work (couldn't kick them off with a manual update, like I commonly have to with 4.5/Unresolved post?)?-

I tried adjusting 5.0 update time settings, and it crashed with a warning/report box!?

Share this post


Link to post
Share on other sites

When I try to download the eicar.com testfile with Firefox, A2 warns me, but after I block the operation in A2, Firefox still pops up a save file dialog. Saving the file then fails...

Don't know whether this is wrong OA/A2 interaction again (I'm running their Win7 x64 beta, released to testers today).

Can anyone without the Online Armor Firewall post here what happens when saving eicar.com with Firefox (3.6)?

Share this post


Link to post
Share on other sites
...Can anyone without the Online Armor Firewall post here what happens when saving eicar.com with Firefox (3.6)?...
Hi XIII,

I performed some tests on win7 x64 with Eicar.com download, the Fox 3.6

and the new “onAccess” feature (opiton #1) set. No other security that can interfere.

When I try to download the eicar.com testfile with Firefox, A2 warns me, but after I block the operation in A2, Firefox still pops up a save file dialog...

1st, by “blocking”, I think, you meant “Quarantine” setting.

Going_2Quarantine.jpg There is no such option as blocking when downloading.

Quarantine_chosen_Then_FoxDialogue.jpg Yes, when Quarantine was chosen the dialogue still appears.

... Saving the file then fails...

Quarantine_chosen_Part_Quarantined.jpg Yes .. and the “part[ial]” file will be quarantined

That's basically should answer your question (I hope)

My regards

P.S.

I performed further experiments with Allowing; Executing; Copying; Looking into the Logs; Exporting logs.

There are number of issues. Some of them should be quite confusing for the user.

(double alerts; double quarantining; alerts about execution just on right click (???); exporting wrong Log – quarantine instead of IDS ...etc.)

I have all info & logs documented , but that is out of scope of answering to your question , plus that will take time for me to put all together. I don't have time currently for doing that unfortunately.

But mainly it works fine – those issues if addressed will not be difficult to fix

Share this post


Link to post
Share on other sites

Hi!Updated my version to the latest beta.2 things i have to tell.:)

1.Why the scanner shows wrong graphical progress?I'm starting a scan and it shows 100% right away.And this issue is not since yesterday.The last several versions has it.->screenshot11dw.th.png

2.I have downloaded malware file from here-> spa-world.us/descarga/verpostal.exe (taken from MDL) and the real time scanner doesn't catch it.When i try to scan it manually, then everything's fine-> 53927578.th.png

My OS: Windows 7x86

Security products: FW-ZA free;On demand:MBAM;Real time:a-squared 5.

Share this post


Link to post
Share on other sites

1.Why the scanner shows wrong graphical progress?I'm starting a scan and it shows 100% right away.And this issue is not since yesterday.The last several versions has it.->screenshot11dw.th.png

The progress bar is calculated on directory count. Otherwise we would have to count every file first which can take a considerable amount of time. So if you only scan 1 folder it will instantly jump to 100%. This is a known issue of our scan engine. It will be fixed with the next major update of our scan engine within the next months.

2.I have downloaded malware file from here-> spa-world.us/descarga/verpostal.exe (taken from MDL) and the real time scanner doesn't catch it.When i try to scan it manually, then everything's fine-> 53927578.th.png

Depending on your File Guard settings this behavior is normal. Per default files are only scanned when executed. If you want to scan files as well when they are downloaded you will have to change the File Guard settings accordingly. Using any other mode than the default File Guard mode will slow down your system considerably.

Share this post


Link to post
Share on other sites

I tried all modes.Same issue appears.

After restart everything looks alright!Continue with testing...:)

Now a-squared do not start in the tray.Heh.Switching back to 4.5.

Share this post


Link to post
Share on other sites

Everything seems to be running well here. 32bit xp pro. A2 5.0.033. Online armor and geswall running. Occasionaly I'll get a BSOD which gives me a generic driver issue error. Currently running 50k with firefox running. Updater, both manuel and auto are working great.

Share this post


Link to post
Share on other sites
I have all info & logs documented , but that is out of scope of answering to your question , plus that will take time for me to put all together. I don't have time currently for doing that unfortunately.

Are you planning to deliver this info to emsisoft?

That would be great!

And thanks for looking into this!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.