Behavior Blocker Protection Question

[itman]

I recently upgraded to Win 10. One of the first things I did afterwards was to enable advanced EPM protection in IE11 x64 to take advantage of the AppContainer protection.

 

Using Process Explorer, I noticed that EAM's behavior blocker hook is not injected into the AppContainer instance of IE11. Thinking this might be an AppContainer permissions issue similar to that I encounter with Eset that I also use, I uninstalled EAM and reinstalled. Still no hook injection into the AppContainer instance of IE11.

 

Due to the lack of EAM's hook, I am concluding that the behavior blocker is non-functional in the AppContainer instance of IE11. As such, I have no behavior blocker protection. Is this a correct assumption? Also why is the hook not being injected?

 

Also another related question. Since upgrading to Win 10, I am getting virtually no alerts from EAM's Surf Protection. I went to a site I use, www.jrcigars.com, which I used to receive numerous privacy alerts in Win 7and now receive nothing. I can't believe that Win 10's Smart Screen filter has improved that much. Or more likely, Surf Protection also does not function within an AppContainer instance of IE11.

[Ken1943]

I doubt that you can compare Win 7 with Win 10 in any possible way. Win 10 is a different animal and that is why security

programs have problems with Win 7. There was a big bump when Win 7 came out. Some security programs made the switch

without problems and some drove me nuts.

[GT500]

Due to the lack of EAM's hook, I am concluding that the behavior blocker is non-functional in the AppContainer instance of IE11. As such, I have no behavior blocker protection. Is this a correct assumption? Also why is the hook not being injected?

Yes, however IE would have been automatically allowed anyway. The only thing I would be concerned about is that it's possible the Surf Protection may not function under these conditions so you may want to create a rule to block a legitimate site in the Surf Protection settings in order to test this (be sure to remove the rule after testing). Note that you will need to close IE and then reopen it after creating the rule if you have already visited the site you add the block rule for.

[itman]

Yes, however IE would have been automatically allowed anyway. The only thing I would be concerned about is that it's possible the Surf Protection may not function under these conditions so you may want to create a rule to block a legitimate site in the Surf Protection settings in order to test this (be sure to remove the rule after testing). Note that you will need to close IE and then reopen it after creating the rule if you have already visited the site you add the block rule for.

Using your suggestion, I created an alert rule in Surf Protection for the above mentioned web site. Unfortunately, no alert when accessing the web site which confirms my suspicion that Surf Protection is not fuctional in an AppContainer instance of IE11. I will also conclude that neither is the behavior blocker functional.

 

This not a big deal for me since I also use Eset which does work in an AppContainer instance of IE11. I additionally use EMET which does inject its hook into an AppContainer instance of IE11.

 

Hopefully, Emsisoft will fix this in the near future.

[GT500]

OK, I've let our QA Manager know about this.