Sign in to follow this  
marko

File Guard Disabled on boot

Recommended Posts

Hello

 

My EAM updated to v9 via auto update last week (currently using v9.0.0.4122) and every time I start my pc (netbook running XP Home SP3 fully patched) the File Guard seems to be disabled.  I'm not running any other security software other than Online Armor v7.0.0.1866.

 

The EAM icon in the system tray is shown as 'orange' and if I right-click the icon, and select Protection Status from the right-click menu, I have the option to Enable File Guard.  If I enable it and then reboot, it doesn't remember the setting and it's shown as disabled again, yet if I then open the gui by selecting Security Overview from the right-click menu (without Enabling the File Guard from this menu), when the gui opens, File Guard is shown has a tick next to it in the Protection pane on the main Overview screen, and the icon then changes colour to green.

 

Is this a bug or are my settings corrupted somehow ?

 

Other than this, I really like the new verson - you've done a great job here.

 

Regards

Marko

 

 

Share this post


Link to post
Share on other sites

Hello again

 

Just to update this thread and give it a bump in the absence of a reply, I'm still having this problem.

 

I've just turned my machine on the icon was orange, then EAM did an auto-update of signatures and the icon turned green with File Guard enabled.

 

I then rebooted my machine, and EAM icon is orange again and the right-click menu suggests that File Guard is Disabled.  Again, if I launch the gui, the Overview screen shows File Guard as enabled and the icon turns green when the gui opens.

 

I noticed someone else was having a similar issue on the EAM v9 beta thread at Wilders.

 

Are you aware of this issue ?

 

Marko

Share this post


Link to post
Share on other sites

Hello Marko,

 

Can you try to download and execute the Eicar test file to see if the File Guard is functional at all on your system?
 
If it isn't, can you please open up a command prompt as administrator (Start, type in cmd into the search field, right click cmd under Programs, select "Run as administrator") and run the following command:
fltmc
Check whether a2acc is listed as a filter. If not, what happens when you try to load it using the following command:
fltmc load a2acc
Thanks clear.png.

Share this post


Link to post
Share on other sites

Hi Fabian

 

Thanks for replying.

 

Ok - a couple of things.

 

1. I tried downloading the eicar zip file using Firefox and save it to my desktop - it looked like it downloaded the file as it was shown in the 'Show all downloads' window in Firefox, but I guess it must have been quarantined by EAM because the file wasn't on the desktop and the 'Open Containing Folder' option in the downloads windows was greyed out.  There was no popup window from EAM at all.

 

2. So I then I downloaded the same file using IE8 - this time, I got a popup window from EAM asking me to restart my pc to clean the quarantined object and on reboot, it removed it.

 

When the machine had rebooted, the icon was green and File Guard was enabled.

 

When I then shut down the machine (hard reboot), and then turned it on again, I have an orange EAM icon and the right-click menu suggests that File Guard is disabled.  I've then run cmd (via Run command as I'm using XP as an admin account) and it shows 4 instances of a2acc.

 

So it looks as if the File Guard is active, but the icon and right-click menu doesn't think it is ?

 

Regards

Marko

Share this post


Link to post
Share on other sites

I have this same issue. Win 7 64. I downloaded the same file and EAM quickly quarantined it after enabling file guard and

after a reboot without enabling file guard.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.