Jump to content

EIS_Application Rules set as "Always Block" does not work

malik4477

By malik4477,
in Other Emsisoft products

 Share

Recommended Posts

malik4477

malik4477

Posted
Posted
Hello,

 

I have set a certain program "WsChrome.exe" of Wondershare Filmora when I run Filmora.exe but it still runs. See image attached. I do not know if EIS really blocks it or not but Process Hacker shows that it is still running. From I I understand and know WsChrome.exe should be blocked and NOR RUNNING at all. 

 

1001910WsChrome2.png

 

Using EIS version 12.0.1.6859

 

 

Please help :(

 

Link to comment
Share on other sites
malik4477

malik4477

Posted
  • Author
Posted
Hi GT500, 
 

If WsChrome.exe was running before EIS had finished starting, then EIS would not stop it from running.
 
Also, make sure that there are no exclusions that could prevent "WsChrome.exe" (or things in its folder) from being monitored. 
-- No WsChrome.exe is NOT running before EIS starts. WSChrome.exe is being triggered when you start Filmora.exe. It isn't an autorun. There are no exclusions to the Filmora folder as I place block rules there especially for outgoing/incoming connections.
 
See image when Filmora is not running.
 
6123162ph.png
 
See image when Filmora is executed. 
 
8335311ph3.png
 
EIS only blocks WsChrome.exe  when you manually double-click WsChrome.exe to run it. 
 
9706854ws.png
Link to comment
Share on other sites
JeremyNicoll

JeremyNicoll

Posted
Posted

> I'll ask someone to be certain, however I am thinking that our Behavior Blocker will only block programs from running that are launched by Windows Explorer

 

Goodness!  I hope that's not the case.  It would mean that an innocuous script could load a malware .exe and that wouldn't be blocked.

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

Goodness!  I hope that's not the case.  It would mean that an innocuous script could load a malware .exe and that wouldn't be blocked.

Don't worry, there's a difference between the option in the Application Rules to prevent an application from running, and the normal protection functions of the Behavior Blocker. ;)

Link to comment
Share on other sites
GT500

GT500

Posted
Posted

I have been told that this issue is not reproducible with our latest beta version. Can you try switching to the Beta update feed, and let me know if that resolves the issue?

  • Open Emsisoft Internet Security.
  • Click on Settings in the menu at the top.
  • Click on Updates in the menu at the top.
  • On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list.
  • Click on the Update now button on the right side.
Link to comment
Share on other sites
  • 3 weeks later...
malik4477

malik4477

Posted
  • Author
Posted

Sorry for the very late reply I was hospitalized. So EIS does not block it..tsk..tsk..I recently checked in my Win 7 partition with EAM and it too has the same behavior. Will check out the beta. 
 

I have posted previously of this behavior and it's becoming an on-off issue with Emsisoft.....

Link to comment
Share on other sites
JeremyNicoll

JeremyNicoll

Posted
Posted
On ‎25‎/‎11‎/‎2016 at 10:14 AM, GT500 said:

Don't worry, there's a difference between the option in the Application Rules to prevent an application from running, and the normal protection functions of the Behavior Blocker. ;)

Do you mean: the former may prevent xyz.exe from executing at all, while the latter determines what xyz.exe can do once it is executing?  

If so, what's the difference between an app rule that stops pqr.exe from executing, and a BB rule that prevents xyz.exe from starting pqr.exe (if one can define that?)?  

Link to comment
Share on other sites
GT500

GT500

Posted
Posted
5 hours ago, malik76 said:

Sorry for the very late reply I was hospitalized. So EIS does not block it..tsk..tsk..I recently checked in my Win 7 partition with EAM and it too has the same behavior. Will check out the beta. 

It was published as a stable update on November 30th;)

 

4 hours ago, JeremyNicoll said:

Do you mean: the former may prevent xyz.exe from executing at all, while the latter determines what xyz.exe can do once it is executing?  

The primary function of the Behavior Blocker is to monitor for potentially malicious behavior, and alert the user to give them the option to allow/block/quarantine the application that the alert was for. While we do technically have a feature to block an application from running at all, it isn't the primary function of the Behavior Blocker, and there are times when it does not take effect (such as when an application that is to be blocked from running is already running).

I was incorrect about the Behavior Blocker only preventing applications from running if they are launched from Windows Explorer (this may have been an old limitation that was overcome over the years, or perhaps just a memory lapse on my part). I apologize for the confusion.

Link to comment
Share on other sites
JeremyNicoll

JeremyNicoll

Posted
Posted

GT500 said: "I was incorrect about the Behavior Blocker only preventing applications from running if they are launched from Windows Explorer (this may have been an old limitation that was overcome over the years, or perhaps just a memory lapse on my part). I apologize for the confusion".

I'm glad that you were wrong (!) in this case.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 05/28/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...