cma6j

Protection from ransomware

Recommended Posts

Thomas wrote an impressive article on Emsisoft protection from ransomware but did not explain how to achieve that.

I use Emsisoft anti-malware for weekly scans only. For protection, would I have to run the program at all times and if so, what is minimal protection I need to run?

 Fileguard will slow down the computer too much; Surf protection will slow down browsing.

What does Behavior Blocker do and what are the correct settings?

How much RAM and computer slowdown if one runs Emisisoft Anti-Malware with Behavior Blocker?

 Also, if one does run Emsisoft, is there are conflict with a firewall such as System Suite?

Share this post


Link to post
Share on other sites

I'm not staff, but it is best that you run Emsisoft with all protections on. It should not slow down normal operations too much.

The Behavior Blocker essentially monitors all applications for suspicious behaviors and blocks them if it sees one. You can only configure which applications the BB keep watch of - which is best to leave at default in conjunction with the Anti-Malware Network.

EAM does not have a firewall so it will not conflict with other firewalls, but EIS has one and thus will conflict with other firewalls.

Hope this helps :)

Share this post


Link to post
Share on other sites

Also, Emsisoft Anti Malware can runs alongside with other antivirus as well, but we are not guarantee if this will work on your system. However, if you want to run it alongside with your antivirus you might want to set exclusions for both of them, or else issues will arrive. I never try this, so i'm not so sure if Emsisoft BB will conflict antivirus zero day protection components. 

Share this post


Link to post
Share on other sites

Thanks to Sintharius and Jerky for the replies. It was unclear with EAM if I should set an "Allow" exclusion for my combined firewall/anti-virus System Suite. The file name loaded seems to be "mxtask2.exe"

 If I do set that exclusion, is it done in Behavior Blocker or in Application Rules?

Assuming that  I run EAM real time, is it then safe to keep the extrenal drive connected to the system?

Share this post


Link to post
Share on other sites

Hi there,

Are you using Avanquest's System Suite?

Exclusions should be done in Application Rules.

About external drives, the safest way is to always disconnect them after backups. In any case if EAM failed to stop malware (which is unlikely) then your backup would be safe.

Share this post


Link to post
Share on other sites

I use Avanquest's System Suite. You are saying that I should add a rule for Mxtask2.exe in Application Rules? Unfortunately, there was no "Allow" option, only "Monitor", which I don't want to do since I know that the file is OK.

 My take away from Thomas' post on ransom ware was that if one runs EAM, it is safe to leave an external drive connected; otherwise , why would run use EAM for anything other than for weekly scans? 

Share this post


Link to post
Share on other sites

You can right click on the entry of the file in Application Rules, select Edit rule. Under Behavior Blocker select All allowed, that should change the status of the application to All allowed in the Behavior Blocker.

By the way, I cannot find any article related to ransomware written by anyone named Thomas here. :D

Share this post


Link to post
Share on other sites

To create and exclusion you should follow the procedure outlines here:

 

https://helpdesk.emsisoft.com/Knowledgebase/Article/View/114/0/how-can-i-exclude-a-program-from-an-emsisoft-product

 

What Sintharius explained creates an all allowed rule. The difference may seem minor, but essentially EAM will still watch applications and may cause incompatibilities with an application if an "All allowed" rule is created, while an exclusion created the way explained in said helpdesk article will make sure EAM won't even watch that process, so it is impossible for it to interfere with it.

Share this post


Link to post
Share on other sites

I was referring to Thomas Ott, proprietor of Emsisoft, and his recent blog on ransom ware.

Fabian, I like your approach to excluding System Suites A-V/firewall from being watched as I don't want SS to be monitored at all. I clicked on "Manage White List" in File Guard but nothing happened, probably because I have not activated FG.

 So I will ask this queston: is anyone using EAM with another AV/Firewall suite running at the same time: any problems?

Share this post


Link to post
Share on other sites

Hi cma6j,

 

Thanks for the credits but this must be a mistake, I've never written a blog post on ransomware.  

 

I'm just an ordinary happiness enforcer here at Emsisoft  :)

Share this post


Link to post
Share on other sites

Also, Emsisoft Anti Malware can runs alongside with other antivirus as well, but we are not guarantee if this will work on your system. However, if you want to run it alongside with your antivirus you might want to set exclusions for both of them, or else issues will arrive. I never try this, so i'm not so sure if Emsisoft BB will conflict antivirus zero day protection components. 

I must agree with jerky but IMHO running Emsisoft Anti Malware by itself will protect you. I do believe in layer protection as I have a Trojan Scanner for On Demand and another security software for On Demand. I use these as second opinions.

Share this post


Link to post
Share on other sites

Since I don't use File Guard, I gave been trying to figure out how to use Application Rules to exclude System Suite's "MxTask2.exe" but Application Rules will still monitor System Suite.

SS is smarter than EAM: SS automatically added "a2service.exe" to the SS "Application Allow" list.

Share this post


Link to post
Share on other sites

Since I don't use File Guard, I gave been trying to figure out how to use Application Rules to exclude System Suite's "MxTask2.exe" but Application Rules will still monitor System Suite.

SS is smarter than EAM: SS automatically added "a2service.exe" to the SS "Application Allow" list.

Just enable the File Guard, make the exclusions and disable the File Guard again. The exclusions will still work. I will file a bug report with the EAM GUI team to make sure this small issue is fixed, as the option should be available whether the File Guard is enabled or not.

Share this post


Link to post
Share on other sites

Just enable the File Guard, make the exclusions and disable the File Guard again. The exclusions will still work. I will file a bug report with the EAM GUI team to make sure this small issue is fixed, as the option should be available whether the File Guard is enabled or not.

Thanks, Fabian, ingenious solution, I will try it.

 

The executable that runs real-time protection should be a2guard.exe.

May I ask why are you not using File Guard?

File Guard will slow my system too much.

Share this post


Link to post
Share on other sites

Fabian:

 Having made the exclusion for SS executable in File Guard, so far I have not seen a conflict between EAM and SS A-V. What would be a sign of conflicts?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.