hjlbx

QUESTION - Behavior Blocker/AMN Alerts and Internet Explorer

Recommended Posts

Hello,

 

I have Paranoid Mode enabled which I now know disables various whitelists.  Consequently, a greater number of AMN alerts appear.  Although I still have not quite figured out the Behavior Blocker - AMN "connection."

 

Some of the alerts will disappear before the file is confirmed as "Safe."  In other words they will fade-out while displaying "...in progress" at the bottom of the alert.

 

In any case, I am seeing more than a few Behavior Blocker and AMN alerts for both

 

 

(x86)\Internet Explorer\iexplore.exe

 

and

 

Internet Explorer\iexplore.exe

 

 

With the number of alerts I am encountering, plus how they are behaving, is it perhaps an issue that I need to report?

 

Thanks,

 

hjlbx

 

 

Here are a few entries taken from the Behavior Blocker log:

 

 

1/15/2015 8:02:58 PM 5748 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 8:02:27 PM 5952 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 8:02:26 PM 5028 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/15/2015 7:49:30 PM 896 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:45:31 PM 6792 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:39:18 PM 0 C:\Program Files (x86)\Internet Explorer\iexplore.exe App rule updated  
1/15/2015 7:39:18 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by community. Rule created Behavior.TrojanDownloader 
1/15/2015 7:39:12 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by user Behavior.Spyware 
1/15/2015 7:38:28 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by user Behavior.Spyware 
1/15/2015 7:34:31 PM 4308 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:31:02 PM 5912 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:29:37 PM 5420 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange   
1/15/2015 7:22:15 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:21:44 PM 6552 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:21:43 PM 5912 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector  
1/15/2015 7:16:23 PM 6344 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange  
1/15/2015 5:48:38 PM 3300 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange  
1/15/2015 5:45:57 PM 3644 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:45:51 PM 3432 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/15/2015 5:43:23 PM 4708 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:37:26 PM 1476 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:32:00 PM 4624 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:28:35 PM 5672 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:28:34 PM 4712 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/15/2015 6:38:18 AM 5736 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 6:38:17 AM 5624 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/14/2015 11:12:15 PM 3556 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/14/2015 11:12:14 PM 3884 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector

Share this post


Link to post
Share on other sites

Hi hjlbx,

What is AMN short for?

 

I don't have any behavior blocker notifications regarding IE when paranoid mode is activated. Do you have any toolbars, etc. installed?

Share this post


Link to post
Share on other sites

Hello Charyb,

 

I only use LastPass toolbar.

 

AMN = Anti-Malware Network, which is Emsisoft's cloud verification service.

 

You can check it out here:  http://isthisfilesafe.com

 

The site is often busy and you will receive a Runtime Error...so just try to access the site repeatedly...you'll get to it eventually.

 

Emsisoft is also switching servers to fix problems...so that may cause some access delay, but in the long run it's worth any inconvenience.

 

hjlbx

Share this post


Link to post
Share on other sites

Using paranoid mode is a really stupid idea. Don't do it. We will remove it in one of the next releases. Other than that, your log looks normal for a Paranoid Mode log. It is obvious that the browser changes its own settings. Code Injection is used for protected mode as well as by the Flash sandbox. Spyware and download behavior are caused by the asynchronous start up of Internet Explorer. It starts downloading stuff before showing it's GUI so it triggers a lot of the rules designed to look out for processes that download files in the background without any feedback to the user.

Share this post


Link to post
Share on other sites

Hello Fabian,

 

"Using paranoid mode is a really stupid idea."

 

All right!, ...I'll stop messing about with it.   :)  Just curious.

 

As always, illuminating.

 

Thanks,

 

hjlbx

Share this post


Link to post
Share on other sites

In general we will most likely remove most of the behavior blocker options from the behavior blocker tab in one of the next releases. In the very few circumstances where users running EAM or EIS were infected with malware it turned out that users were messing with these settings and would have been fully protected if they kept the defaults enabled.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.