hjlbx

How Exactly Does the AMN Work in EIS?

Recommended Posts

Hello,

 

I tried to find an answer on this forum, in the Security Knowledge articles as well as on-line.  No dice.

 

I am trying to understand the process of how the BB and AMN work within EIS.

 

What I see is that certain app actions monitored by the BB (for example IE - change browser settings or inject code) trigger an AMN verification.  And these AMN verifications occur on my system on a fairly regular basis.

 

What I can't quite figure out is why this would happen if an existing BB allow rule already exists for those actions.  I do not have Paranoid Mode enabled, so I am just curious about the multiple AMN queries.

 

Are periodic checks with AMN, just to verify that an app or its rule have not been re-classified, part of EIS' functionality?

 

I simply want to understand so as not to think there is an issue when, in fact, EIS is working as intended.

Share this post


Link to post
Share on other sites

Hello,

 

I did find the answer to part of my question.  It can be found on opt-in pane for the Anti-Malware Network (and also in the Privacy Policy}.

 

Paraphrase:  "Whenever EAM/EIS detects suspicious activity it will query the Anti-Malware Network..."

 

Since legitimate app behavior - such as IE - is within the actions monitored by the Behavior Blocker there is an AMN query.

 

 

However, I assume there is a distinction between apps from Trusted vendors that are digitally signed and those apps that are from unrecognized vendors and may or may not be signed.

 

In the case of unrecognized vendors and/or digitally unsigned apps there is also an AMN query to verify what the larger Emsi user community has done with the app - allow or block.    If allow, then what rules did they apply.  Is this not correct?

Share this post


Link to post
Share on other sites

The Emsisoft Anti-Malware Network should not be queried for a behavior that you have defined a rule for. If it is on your system, that is a bug and I would appreciate it if you could report it as such through the Tester channels.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.