Jump to content

QUESTION - Behavior Blocker/AMN Alerts and Internet Explorer


hjlbx
 Share

Recommended Posts

Hello,

 

I have Paranoid Mode enabled which I now know disables various whitelists.  Consequently, a greater number of AMN alerts appear.  Although I still have not quite figured out the Behavior Blocker - AMN "connection."

 

Some of the alerts will disappear before the file is confirmed as "Safe."  In other words they will fade-out while displaying "...in progress" at the bottom of the alert.

 

In any case, I am seeing more than a few Behavior Blocker and AMN alerts for both

 

 

(x86)\Internet Explorer\iexplore.exe

 

and

 

Internet Explorer\iexplore.exe

 

 

With the number of alerts I am encountering, plus how they are behaving, is it perhaps an issue that I need to report?

 

Thanks,

 

hjlbx

 

 

Here are a few entries taken from the Behavior Blocker log:

 

 

1/15/2015 8:02:58 PM 5748 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 8:02:27 PM 5952 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 8:02:26 PM 5028 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/15/2015 7:49:30 PM 896 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:45:31 PM 6792 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:39:18 PM 0 C:\Program Files (x86)\Internet Explorer\iexplore.exe App rule updated  
1/15/2015 7:39:18 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by community. Rule created Behavior.TrojanDownloader 
1/15/2015 7:39:12 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by user Behavior.Spyware 
1/15/2015 7:38:28 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by user Behavior.Spyware 
1/15/2015 7:34:31 PM 4308 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:31:02 PM 5912 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:29:37 PM 5420 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange   
1/15/2015 7:22:15 PM 1828 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:21:44 PM 6552 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 7:21:43 PM 5912 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector  
1/15/2015 7:16:23 PM 6344 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange  
1/15/2015 5:48:38 PM 3300 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange  
1/15/2015 5:45:57 PM 3644 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:45:51 PM 3432 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/15/2015 5:43:23 PM 4708 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:37:26 PM 1476 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:32:00 PM 4624 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:28:35 PM 5672 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 5:28:34 PM 4712 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/15/2015 6:38:18 AM 5736 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/15/2015 6:38:17 AM 5624 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector 
1/14/2015 11:12:15 PM 3556 C:\Program Files (x86)\Internet Explorer\iexplore.exe Allowed by rule Behavior.BrowserSettingsChange 
1/14/2015 11:12:14 PM 3884 C:\Program Files\Internet Explorer\iexplore.exe         Allowed by rule Behavior.CodeInjector

Link to comment
Share on other sites

Hello Charyb,

 

I only use LastPass toolbar.

 

AMN = Anti-Malware Network, which is Emsisoft's cloud verification service.

 

You can check it out here:  http://isthisfilesafe.com

 

The site is often busy and you will receive a Runtime Error...so just try to access the site repeatedly...you'll get to it eventually.

 

Emsisoft is also switching servers to fix problems...so that may cause some access delay, but in the long run it's worth any inconvenience.

 

hjlbx

Link to comment
Share on other sites

Using paranoid mode is a really stupid idea. Don't do it. We will remove it in one of the next releases. Other than that, your log looks normal for a Paranoid Mode log. It is obvious that the browser changes its own settings. Code Injection is used for protected mode as well as by the Flash sandbox. Spyware and download behavior are caused by the asynchronous start up of Internet Explorer. It starts downloading stuff before showing it's GUI so it triggers a lot of the rules designed to look out for processes that download files in the background without any feedback to the user.

Link to comment
Share on other sites

In general we will most likely remove most of the behavior blocker options from the behavior blocker tab in one of the next releases. In the very few circumstances where users running EAM or EIS were infected with malware it turned out that users were messing with these settings and would have been fully protected if they kept the defaults enabled.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...