N8MsIs0

EIS and the Registery

Recommended Posts

Good evening everyone

 

I use EIS (Emsisoft Internet Security 2015 ) . and after full scan to the system ( once with MBAM and other with EIS) i found this infections showed in the pictures below 

 

Uc2F.png

 

 

 

 

 

 

Uc1g.png

 

 

 

 

 

that made me ask the most question :  Can EIS( EAM too) protect the registery ? where is the proactive protection for the registry keys?

can it at least warn me about any change or modification in registry keys?

 

I pass the mic to you guys !

Share this post


Link to post
Share on other sites

that made me ask the most question :  Can EIS( EAM too) protect the registery?

It can.

where is the proactive protection for the registry keys?

It's part of the Behavior Blocker.

can it at least warn me about any change or modification in registry keys?

You really don't want to get an alert on every registry key change or modification. You will get literally hundreds of alerts per minute.

Just based on the screenshot you posted these registry keys belong to a PUP/Adware. A very old one at that. It also looks like the executable file those registry entries point to is long gone. Are you certain these registry entries were created while EAM/EIS was running and aren't left overs from a previous infection before you started using EAM/EIS?

  • Upvote 1

Share this post


Link to post
Share on other sites

First . thank you for your replies Fabian :lol:

 

===================================================================

 

about the MBAM picture :

 

      those registry keys created are not leftovers fabian . those keys are result from triggering some files to test EIS protection

 

and for the 2nd pic:

 

      that was a FULL scan i made to my PC  the day after posting it on .

 

==========================================================================

 

so that make me think  what if a registry infection throught the Browser ( injection ; script ......) . i dont think it would protect !?

Share this post


Link to post
Share on other sites

Something similar, this is second time this has happened to me, first time I went to My PC is Infected  part of the forum and the guys there got rid of it, came back. I'm assuming its nothing to worry about as I am sure I am not infected and Emsisoft seems to be the only AV that picks this up. Currently have them quarantined, should I just delete them?

post-30782-0-86120600-1424213948_thumb.png
Download Image

Share this post


Link to post
Share on other sites

Those entries don't have to be malicious. In fact, it is likely that a different application or even Windows components like the group policy editor created them. If your Task Manager and Registry Editor work normally, there is no need to worry about it and you can safely white list the detections or let EAM/EIS remove them.

Share this post


Link to post
Share on other sites

What sample did you use to test EIS?

i dont have them . it was a big sample at that moment. the test was about a month ago Fabian <_<

 

Those entries don't have to be malicious. In fact, it is likely that a different application or even Windows components like the group policy editor created them. If your Task Manager and Registry Editor work normally, there is no need to worry about it and you can safely white list the detections or let EAM/EIS remove them.

 

you see Fabian . the question was not about how bad the infection is . but why we can only find out after doing the Full scan . why didnt stop the infection throuth the BB

Share this post


Link to post
Share on other sites

If the registry keys were created by a Windows component like the group policy editor, the behavior blocker will not complain about those registry changes being made, because that is what the purpose of these Windows components is after all. Same is true for applications you trust. I know that Webroot products tend to create those registry values for example and so do some other applications when resetting system policies.

Without the sample though we can only speculate what happened and why. That is why if you do tests and want to ask questions about those tests later, at least keep the samples around. We have literally hundreds of millions of malicious files. If you can't tell us what you used to get certain results, it is just impossible for us to give you correct or definitive answers.

Share this post


Link to post
Share on other sites

If the registry keys were created by a Windows component like the group policy editor, the behavior blocker will not complain about those registry changes being made, because that is what the purpose of these Windows components is after all. Same is true for applications you trust. I know that Webroot products tend to create those registry values for example and so do some other applications when resetting system policies.

Without the sample though we can only speculate what happened and why. That is why if you do tests and want to ask questions about those tests later, at least keep the samples around. We have literally hundreds of millions of malicious files. If you can't tell us what you used to get certain results, it is just impossible for us to give you correct or definitive answers.

 

I never used webroot products in ma life  . my friend also uses it and look what happened :

 

 

Un8p.png

he got infected from the browser . and that make me ask where is the web protection . this layer only stops the domain is not enaf to protect the system from the browser infections .

 

My final conclusion is:

 

the idea of putting firewall + AV in one product is great .

 

the firewall of EIS looks like windows firewall , only monitor out/in connections . not like OA which has more options , more control of packets, blocking computers options, monitering network options ; IP attack prevention , registry protection, HIPS, ports control options ...etc . and this options i cannot find in EIS firewall

 

the web surfing still needs much development . you can easily get infected through browser injections and EIS will do nothing. only you can find out after the full scan of the system

 

the 2 good things i found is the BB and the cloud protection . and of course the BD engine

 

what i m trying to say is  its very earlier to take EIS as a premium protection because it needs much developpment and i hope that will happened very soon

Share this post


Link to post
Share on other sites

I never used webroot products in ma life  . my friend also uses it and look what happened :

Bunch of inactive malware in the browser cache. Nothing anyone should be concerned about.

more control of packets,

EIS has a lot more detailed options when it comes to packet filtering compared to OA.

monitering network options

OA doesn't perform network monitoring at all.

IP attack prevention

OA has no IP attack prevention at all.

registry protection, HIPS,

Which were left out on purpose and will likely never be integrated as the behavior blocker is far superior for average users.

the web surfing still needs much development . you can easily get infected through browser injections and EIS will do nothing.

Neither will OA.

EIS is not supposed to be EAM with OA. If you want EAM with OA you can get EAM with OA. We have no intentions to make EIS more like EAM with OA either. You clearly want a product that offers a lot more control than what we think the average home user wants. So sticking to EAM and OA will definitely deliver a far superior experience for you than EIS ever will.

Share this post


Link to post
Share on other sites

Bunch of inactive malware in the browser cache. Nothing anyone should be concerned about.

 

 you kidding right ?. you see trojan and you say its alright its just inactive malware . oh really . if  inactive trojan as you say can pass EIS like this .then what you think active trojan will do Fabian ? ah tell me . admit it . EIS is terrible when it comes to web surfing and registry protection   <_<


EIS has a lot more detailed options when it comes to packet filtering compared to OA.
 

not like what OA has . not really <_<

 

OA doesn't perform network monitoring at all.
 

IT  can detect em  .what you think firewalls do Fabian !!!!!!!! ^_^<_<

 

OA has no IP attack prevention at all.
 

that what makes OA ona best Firewalls in the field . It not necessery to find a section on it named " IP attack prevention " . its in its programming   !!!!!!!!!!!!!!!!!!!!!!

 

Which were left out on purpose and will likely never be integrated as the behavior blocker is far superior for average users.
 

this is the point i agree with you . Hips is only for advanced users i know . its like what i said Fabian . BB is ona 2 best things in EIS ^_^

 

Neither will OA.
 

none of emsisoft products have a good web surfing . duh . <_<  . every other AV has it . not emsi . cmon guys dont make tell you that most EIs users use WOT+ traffic light to cover it :o

 

EIS is not supposed to be EAM with OA. If you want EAM with OA you can get EAM with OA. We have no intentions to make EIS more like EAM with OA either. You clearly want a product that offers a lot more control than what we think the average home user wants. So sticking to EAM and OA will definitely deliver a far superior experience for you than EIS ever will.

 

so you are telling me that EIS is only for beginners and the advanced and average users should use OA+EAM . thats not cool Fabian . because i know products for all those  3 categories at the same time.

 EIS firewall supose has the best of OA ( not the HIPS) with ability to switch between automatic /manual protection which we all know that OA is a manual protection

​and the existance of manay protection layers and options  in one piece product  is good thing . at least shows how much powerful the product is . ya know ;)

Share this post


Link to post
Share on other sites

Obviously, you know more about the inner workings of our own firewall then our developers.

Your screen shots, are not definitive proof of anything, other than something was detected.

Without the actual files, in question, we can not give a definitive answer as to whether those detections are malicious. JS and iframe are not malicious themselves, it is what they do that defines a script as malicious or not. The act of hiding a link in not by itself malicious, honey pots make use of hidden links, that only web crawlers will see and follow.

Share this post


Link to post
Share on other sites

Obviously, you know more about the inner workings of our own firewall then our developers.

Your screen shots, are not definitive proof of anything, other than something was detected.

Without the actual files, in question, we can not give a definitive answer as to whether those detections are malicious. JS and iframe are not malicious themselves, it is what they do that defines a script as malicious or not. The act of hiding a link in not by itself malicious, honey pots make use of hidden links, that only web crawlers will see and follow.

hi, well i just wanted to ask if EAM is able to detect those JS on the fly because some times when i make a full scan i find those files left which mean that something was going to be done, i know that those files are harmless as they are in passive mode, but when surfing.. will eam detect those?

and well i do agree with fabian abut reg protection, however if you want a program that warns you about every single "ant" that pass through you may use private firewall or comodo firewall those will warn you every single time someone raise their hand.

PST: well may be i understand N8MsIs0 complain, some others AV like eset are able to detect those scripts when they are loading in the browser may be that is what he wanted to say... (and my question also, does eam detect those /on loading?/ )

am not pretending to blame on anyone, i am just a quite curious

Share this post


Link to post
Share on other sites

PST: well may be i understand N8MsIs0 complain, some others AV like eset are able to detect those scripts when they are loading in the browser may be that is what he wanted to say... (and my question also, does eam detect those /on loading?/ )

Depends on the browser and your File Guard settings. When you put the File Guard in Thorough mode and disable the extension filter, those files will be detected as well.
  • Upvote 1

Share this post


Link to post
Share on other sites

Depends on the browser and your File Guard settings. When you put the File Guard in Thorough mode and disable the extension filter, those files will be detected as well.

jajaja thanks may be that would be the answer he was looking for xD

Share this post


Link to post
Share on other sites

Obviously, you know more about the inner workings of our own firewall then our developers.

:lol:  . look around you . I m behind your back  :ph34r: . :P  .

 

Your screen shots, are not definitive proof of anything, other than something was detected.

Without the actual files, in question, we can not give a definitive answer as to whether those detections are malicious. JS and iframe are not malicious themselves, it is what they do that

defines a script as malicious or not. The act of hiding a link in not by itself malicious, honey pots make use of hidden links, that only web crawlers will see and follow.

 

:D . اhiding links in ma pic . so no one can know the name of ma friends pc name . duh <_<  kevin . and like i said . the word trojan its self is dangerous . and you know that so dont deny it . cmon you are  emsisoft employee . :P  . and also like i said above . if this what you are saying " JS and iframe are not malicious"  can pass EIS . then somthing wrong KEV . and also EIS detect em as a high risk ;). so ....ya got the pic KAV :lol:

Share this post


Link to post
Share on other sites

hi, well i just wanted to ask if EAM is able to detect those JS on the fly because some times when i make a full scan i find those files left which mean that something was going to be done, i know that those files are harmless as they are in passive mode, but when surfing.. will eam detect those?

and well i do agree with fabian abut reg protection, however if you want a program that warns you about every single "ant" that pass through you may use private firewall or comodo firewall those will warn you every single time someone raise their hand.

PST: well may be i understand N8MsIs0 complain, some others AV like eset are able to detect those scripts when they are loading in the browser may be that is what he wanted to say... (and my question also, does eam detect those /on loading?/ )

am not pretending to blame on anyone, i am just a quite curious

 

I m not blaming any one Gri . there is very diffrence between showing point of view and complaining . the complainer says driectly : " your products is suck and i want ma money back " . I didnt say that .

 

I agree with you when you talked about EIS detection . everyone one wants their AV to detect malicious files before the PC get infected no metter how the level the risk is  , low or high .  and in this case . EIS telling me that after full scan . not at the moment when the file try ta infect PC .

 

I want you to understand and Fabian and KEV . that i m not telling that EIS should be like CCLEANER . no . I m telling you that . those ma observations and i hope EIS get more developement  . thats all

Share this post


Link to post
Share on other sites

Depends on the browser and your File Guard settings. When you put the File Guard in Thorough mode and disable the extension filter, those files will be detected as well.

 

Fabian . I did that and i got infected . i did put EIS in paranoide mode and options and i got infected . ;)<_< <_< <_< <_< <_< <_< <_< <_< <_< <_<

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.