Magic_The

Emsisoft Internet Security 11 (latest build) takes about 14 seconds to resume its protection once disabled.

Recommended Posts

Hey there, once I click "disable all components" and then "enable all" it takes up to 14 seconds to resume the protection again (I have win 8.1 pro) I just have noticed it, it wasnt in the previous builds.

 

Its a huge delay, because once I download some malware, it will inject before the emsisoft can react.

Share this post


Link to post
Share on other sites

Lets get a log from FRST, and see if it shows the cause of the issue. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move the download to your desktop):

For 32-bit (x86) editions of Windows:

For 64-bit (x64) editions of Windows:Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.
  • Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select Run as administrator).
  • When the tool opens click Yes for the disclaimer in order to continue using FRST.
  • Press the Scan button.
  • When the scan is done, it will save a log as a Text Document named FRST in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there).
  • Please attach the FRST log file to a reply using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  • The first time the FRST tool is run it saves another log (a Text Document named Addition - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply.

Share this post


Link to post
Share on other sites

Lets get a log from FRST, and see if it shows the cause of the issue. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move the download to your desktop):

For 32-bit (x86) editions of Windows:

For 64-bit (x64) editions of Windows:Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.
  • Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select Run as administrator).
  • When the tool opens click Yes for the disclaimer in order to continue using FRST.
  • Press the Scan button.
  • When the scan is done, it will save a log as a Text Document named FRST in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there).
  • Please attach the FRST log file to a reply using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  • The first time the FRST tool is run it saves another log (a Text Document named Addition - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply.

 

 

 

Hey GT500, I think the problem is solved, I have reinstalled the product and installed again and the problem has gone, but here is what you have asked:

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

You have a copy of dllhost.exe running in the logs, but I don't see a loadpoint for it. FRST doesn't show what DLL dllhost.exe is executing, so if we want to find out then we'll have to use a program such as Process Explorer. You can get Process Explorer from this link. When you extract it from the downloaded ZIP archive and run it, you can click on the top of the left column (where it says "Processes") to sort by file name, and then look for dllhost.exe and just hold the mouse over it for a moment to see a tooltip that shows the full command that was used to launch dllhost.exe.

When the tooltip is open showing the information we need, just press the Print Screen button on your keyboard (may be abbreviated as PrtScn or something similar) to take a screenshot. Basically it copies a picture of everything on your screen, and you can open Microsoft Pain (in the Start Menu under Accessories) and paste the screenshot so that you can save it. When you save it, PNG (Portable Network Graphics) format is preferred for readability. You can attach the file you save to a reply (feel free to edit it if there is anything you don't want other people to see in the screenshot, as all that matters is that I can read the information about dllhost.exe).

Share this post


Link to post
Share on other sites

Arthur, are you aware that Task Manager (in W8 anyway, dunno about W7) has a command-line column that can be turned on now?  Having said

that I just looked at a sample dllhost.exe entry in task manager (started from right-click on the taskbar - I don't usually have it running because I

use ProcessHacker instead) and it displayed an empty command line, as indeed did Process Hacker itself.   Ah... both PH and TM need to run

elevated to get that level of detail..  

 

To start TM elevated I opened an elevated command prompt (from the Start menu) then typed in:  taskmgr.exe      Then one can turn on display

of the command-line column in the usual way - right-click on column titles and pick the columns you want to see.   That's maybe easier for some

users than downloading a new application...

 

PH (which I use in preference to ProcessExplorer as it seems to show more and be under continuous development) has a 'Hacker' menu (which is

what it calls its 'File' menu), and in there if you choose 'Show details for all Processes' it relaunches itself elevated.

Share this post


Link to post
Share on other sites

Arthur, are you aware that Task Manager (in W8 anyway, dunno about W7) has a command-line column that can be turned on now?

Windows 7 also has something similar, however it was probably easier to download and run Process Explorer than to sift through all of the settings in the Task Manager.

post-18745-0-26122400-1460632673_thumb.p
Download Image

 

Hey Arthur, do you mean this? >

Yes, that had the information I was looking for. It's a DCOM related process, and I am not finding anything showing it related to malware (in fact it's usually ignored by most experts from what I can see).

Do you have exclusions for Emsisoft Internet Security configured in Zemena's software? It's possible that hooks opened to our processes are causing the issue.

Share this post


Link to post
Share on other sites

Windows 7 also has something similar, however it was probably easier to download and run Process Explorer than to sift through all of the settings in the Task Manager.

attachicon.giftask_manager_process_list_columns.png

 

Yes, that had the information I was looking for. It's a DCOM related process, and I am not finding anything showing it related to malware (in fact it's usually ignored by most experts from what I can see).

Do you have exclusions for Emsisoft Internet Security configured in Zemena's software? It's possible that hooks opened to our processes are causing the issue.

 

 

No, I only allowed everything in Emsisoft for Zemana.

Share this post


Link to post
Share on other sites

It might be worth adding an exclusion in Zemena's software as well, just to see if that helps.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.