Jump to content

Behavior Blocker Protection Question


itman
 Share

Recommended Posts

I recently upgraded to Win 10. One of the first things I did afterwards was to enable advanced EPM protection in IE11 x64 to take advantage of the AppContainer protection.

 

Using Process Explorer, I noticed that EAM's behavior blocker hook is not injected into the AppContainer instance of IE11. Thinking this might be an AppContainer permissions issue similar to that I encounter with Eset that I also use, I uninstalled EAM and reinstalled. Still no hook injection into the AppContainer instance of IE11.

 

Due to the lack of EAM's hook, I am concluding that the behavior blocker is non-functional in the AppContainer instance of IE11. As such, I have no behavior blocker protection. Is this a correct assumption? Also why is the hook not being injected?

 

Also another related question. Since upgrading to Win 10, I am getting virtually no alerts from EAM's Surf Protection. I went to a site I use, www.jrcigars.com, which I used to receive numerous privacy alerts in Win 7and now receive nothing. I can't believe that Win 10's Smart Screen filter has improved that much. Or more likely, Surf Protection also does not function within an AppContainer instance of IE11.

Link to comment
Share on other sites

I doubt that you can compare Win 7 with Win 10 in any possible way. Win 10 is a different animal and that is why security

programs have problems with Win 7. There was a big bump when Win 7 came out. Some security programs made the switch

without problems and some drove me nuts.

Link to comment
Share on other sites

Due to the lack of EAM's hook, I am concluding that the behavior blocker is non-functional in the AppContainer instance of IE11. As such, I have no behavior blocker protection. Is this a correct assumption? Also why is the hook not being injected?

Yes, however IE would have been automatically allowed anyway. The only thing I would be concerned about is that it's possible the Surf Protection may not function under these conditions so you may want to create a rule to block a legitimate site in the Surf Protection settings in order to test this (be sure to remove the rule after testing). Note that you will need to close IE and then reopen it after creating the rule if you have already visited the site you add the block rule for.

Link to comment
Share on other sites

Yes, however IE would have been automatically allowed anyway. The only thing I would be concerned about is that it's possible the Surf Protection may not function under these conditions so you may want to create a rule to block a legitimate site in the Surf Protection settings in order to test this (be sure to remove the rule after testing). Note that you will need to close IE and then reopen it after creating the rule if you have already visited the site you add the block rule for.

Using your suggestion, I created an alert rule in Surf Protection for the above mentioned web site. Unfortunately, no alert when accessing the web site which confirms my suspicion that Surf Protection is not fuctional in an AppContainer instance of IE11. I will also conclude that neither is the behavior blocker functional.

 

This not a big deal for me since I also use Eset which does work in an AppContainer instance of IE11. I additionally use EMET which does inject its hook into an AppContainer instance of IE11.

 

Hopefully, Emsisoft will fix this in the near future.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...