Emsisoft Anti Malware 12,2,07060 will not update

[buteman]

I reinstalled the latest version Emsisoft on my laptop and it will not update.Software is out of date!

I get the warning (could not connect to the update server, Please check your internet connection and proxy settings.} i don't have any proxy server as far as I know and have no problem connecting to the internet.

Anyone know how to fix this warning.

I have seen on another thread that you cant run Emsisoft and Eset on the same computer. I have been running both for years with no problems.

Any help appreciated.

Buteman

 

[GT500]

Lets try getting a diagnostic log. You can download the batch file for generating the log from this link, and there are instructions for running it at this link. Please be sure that you don't use the download link in the instructions, as it is out of date.

When it's done, it will open a log in Notepad (as explained in the instructions). Please save this log somewhere easy to find, such as on your Desktop or in your Documents folder, and then send it to me in a Private Message so that I can take a look at it.

Important: Don't post the log publicly. It contains a copy of your a2settings.ini file, which contains encrypted license information. If someone were to figure out how to break that encryption, then someone else could use your license key.

[buteman]

Thanks GT500 message sent. Hope it works Ok.

[buteman]

GT500 Please ignore last Post Sent it from my desktop and not from the laptop concerned.

Have had so many problems with the laptop that i mainly use the desktop now.

Found out my main problem was with Eset.Smart Security, It seems it had a corrupt DNS address on it which stopped me using any Browsers.

I have deleted Eset now and things are almost back to normal but still have the same problem with Emsisoft updates.

I have sent you the proper file from the suspect Laptop.

I have has to reset Laptop 3 times and Assume that Eset was my problem all along.

[buteman]

While waiting and if any Eset Smart security users on here could check this out for me.

This is what I found.

Web  Access protection.

Personal Firewall.

Advanced.

Zones and edit.

DNS Server 199.85.126.20,fec0:0:0:fff::1, 199.85.126.20,fec0:0:0:fff::2, 199.85.126.20,fec0:0:0:fff::3,

The problem is I don't know if that is there normal DNS or not. It looks suspect to me.

 

Please remove this if it is inappropriate for the form. I did send it to Eset but never got an answer.

 

It  has been confirmed that those DNS Settings are ok. They are Genuine Norton Connectsafe DNS Servers. So that sorts ot that problem.

[Ken1943]

The first address is ipv4 and that "stuff" after it is the ipv6 address

x.x.x.x ipv4

fec0:0:0:fff::3  ipv6

Fun isn't it !

[buteman]

Something new I have learned today.Never to old to learn I suppose.

Thought that i would give it a go and try it.

[GT500]

199.85.126.20 is owned by Symantec Corporation (the makers of Norton)

fec0:0:0:fff::1 I'm not sure about (might be an IPv6 equivalent of the above IPv4 address).

The rest appear to be duplicates of the above, with the last digit of the IPv6 address being slightly different.

[buteman]

Had an idea that did not work. I had to download everything in safe mode including Emsisoft as normal mode would not work because of the Eset problem.

So deleted Emsisoft and then downloaded it again in normal mode but have the same problem.

So a fresh install so hope it does not make any difference to the outcome.

[GT500]

I don't see anything in the log that explains the issue. You seem to be able to connect to our update servers, and there doesn't appear to be any other security software running on your system (Malwarebytes Anti-Malware is installed but not running). Lets try getting a log from Fiddler, and see what it shows about the update attempt.

Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below:

1. After installing Fiddler, please open it from the Start Menu.
2. Launch Emsisoft Anti-Malware.
3. Click on Settings in the menu at the top.
4. Click on Privacy in the menu at the top.
5. Turn off the option that says Use SSL encryption for all server communication (this is necessary for Fiddler to be able to record the update process).
6. Click on Updates in the menu at the top
7. Click on the Proxy settings button on the right side, in the middle.
8. Check the box that says Use proxy.
9. Enter localhost in the Server field, and then enter 8888 in the Port field.
10. Click OK.
11. Click the Update now button above the Proxy settings button.
12. After the update fails, go back to Fiddler, and  to File, then Save, and select All Sessions (please save it on your desktop).
13. Please send me the Fiddler log in a Private Message (do not post it in a reply).
    

Note that you may need to ZIP the log to be able to attach it to a Private Message. If you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

[GT500]

The Fiddler log shows an error mapping the Machine Key generated for your computer to your license key, but it also shows the update process proceeding normally after trying again to check for updates. Is the problem still occurring?

[buteman]

GT500 So Far so good. Rebooted and still working.

What should I do with the SLL encryption  just leave  it unticked and carry on with the proxy server.

Is there anything else that I have to do or can we class this problem as resolved.

By the way there is a new update For fiddler now.

[GT500]

22 hours ago, buteman said:

What should I do with the SLL encryption  just leave  it unticked and carry on with the proxy server.

You can turn the proxy server option off, as it is no longer necessary.

As for the SSL option, I would be curious to know if the issue only happens while it is turned on. If that is the case, then our developers may want to see some debug logs to try to find out why.

[buteman]

When I turn on SSL it will not allow updates. With host file on or off.

[GT500]

Would you be willing to send us debug logs for the update issue? If so, then here's what to do:

1. Open Emsisoft Anti-Malware from the icon on your desktop.
2. In the 4 little gray boxes at the bottom, move your mouse into the one that says Support, and click anywhere in that gray box.
3. At the bottom, turn on the option that says Enable advanced debug logging.
4. Either click on Overview in the menu at the top, or close the Emsisoft Anti-Malware window.
5. Reproduce the issue you are having (enable the option to use SSL in Emsisoft Anti-Malware, and then try checking for updates).
6. Once you have reproduced the issue, open Emsisoft Anti-Malware again, and click on the gray box for Support again.
7. Click on the button that says Send an email.
8. Select the logs in the left that show today's dates.
9. Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message).
10. If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time).
11. Click on Send now at the bottom once you are ready to send the logs.
    

Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.

Please note that if you have a lot of debugs logs, then you should not send all of them. There is a size limit, and currently there is no error if the message is rejected due to the size being too large. Normally we only need one copy of the 4 or 5 different logs that have been saved after the time you reproduced the issue (the list shows what time each log was saved). Those logs have the following names:

• Security Center
• Protection Service
• Real-Time Protection
• Firewall
• Logs database (contains the logs you can view in Emsisoft Anti-Malware by clicking on Logs at the top of the window).
  

[buteman]

Think I made a complete mess of sending details GT500. Will try again later.

 

Ok tried sending it again and it would not send with SSL enabled so had to disable it to send e-mail.

In the list you asked ne to send there was no firewall on list to send.

So have to think that maybe this method has not worked.

[GT500]

The firewall is only applicable for Emsisoft Internet Security. I simply forgot to remove it from the instructions before posting them.

It looks like David replied to you when you sent your logs, so I'll let him run through any further debugging that he thinks is appropriate.

[buteman]

Ok reset the laptop once again doing a factory reset.. Downloaded Emsisoft Anti Malware again and the same problem it will not update with SSL enabled.

No big deal i can disable SSL run the update then enable SSL again. Just wondered if there were any updates that might fix my problem.

Now Eset was not installed at the time so we can rule out Eset being the cause. Just thought that I would mention that in case others have the same problem and have Eset installed and think that is what is causing the problem.

[GT500]

I'd be interested in what Fiddler says about the connection to our update servers when the SSL option is turned on, and Fiddler is configured to "Decrypt HTTPS traffic". Fiddler is a proxy, and here's instructions on how to configure EAM to use Fiddler:

1. Launch Emsisoft Anti-Malware.
2. Click on Settings in the menu at the top.
3. Click on Updates in the menu at the top
4. Click on the Proxy settings button on the right side, in the middle.
5. Check the box that says Use proxy.
6. Enter localhost in the Server field, and then enter 8888 in the Port field.
7. Click OK.
   

Make sure that the option to use SSL is turned on in EAM as well.

After that, you will need to open Fiddler and enable the option to decrypt HTTPS traffic. When you open Fiddler just go to the Tools menu, select Telerik Fiddler Options, and switch to the HTTPS tab in the dialog that pops up to access the HTTPS options.

Once you have both EAM and Fiddler configured, keep Fiddler running (it will only capture traffic when running), and switch back to EAM and check for updates. The HTTPS communication will appear in Fiddler, and you can see a list showing each connection on the left. Analyzing the traffic is a bit more difficult than it needs to be (you click on an entry in the list, then on the right switch to the Inspectors tab, and then I generally switch to the Raw view for both request and response so that I can read them in plain-text). If you want me to take a look at the Fiddler capture for you, then just save the session and send it to me in a Private Message (do not post saved Fiddler sessions publicly, as they contain personal information, including your license key).

Note that you may have to ZIP the saved Fiddler session file before you can attach it to a Private Message. If you don't have 7-Zip or WinRar then you can right-click on the file, go to Send to, and select Compressed (zipped) folder to easily ZIP a file for uploading/attaching.

[buteman]

Tried that on January the 13th did it not work. Do you want me to try it again.

 

[GT500]

This time the procedure is a bit different. I want to try it with the option for SSL turned on in EAM to see if Fiddler records what is happening. It requires changing a setting in Fiddler so that it can decode the encrypted traffic.

[buteman]

Unfortunately I cannot follow the directions  as it is a bit complicated for me. Got this and not sure if any good or not. If not just delete

 

...

Edited February 15, 2017 by GT500
Removed excerpt from Fiddler log.

[GT500]

I've removed the excerpt from the Fiddler log. I don't think there was anything in it that was bad to post here, but just in case it's best for it to not be publicly viewable.

If you go to File and then Save you can select to save all sessions, and the file you save can be zipped and sent to me in a Private Message (hover the mouse over my name to see the option to send me a message).

[GT500]

I didn't see anything from EAM in either of the Fiddler session files you sent me. Would you like to schedule a time for me to remotely connect to your computer and see if I can collect some debug information?

[buteman]

Did not think it would nothing showed when I tried to run the update. I tried it a few times and could see no reaction.

As I can update it manually by disabling SSL temporarily I will not bother about the remote connection but do appreciate all the help given.

Now i may have fixed my Eset problem as I followed a link to a few others that were having the SSL problem with Eset.

It worked out that some of them had Adguard on their computers which was stopping SSL from working and they were told to run the latest beta version of Adguard as that sorted the problem.

I have never used it before so downloaded it on Firefox add ons and there was no difference so downloaded the Beta version and could then use I/E and edge again..

Unfortunately it did not help with Emsisoft update obviously helps with browser problems. That should give you something to think about why should that have worked when nothing else did.

[buteman]

Should have said with SSL enabled I get the pop up Could not connect to the update server. Please check your internet connection and proxy settings. That is probably why it does not show.

[GT500]

Actually that makes even less sense. If you didn't have Adguard installed, then installing the Adguard beta should not have helped. But Adguard has a way of intercepting secure connections so that it can decrypt them which works the same way that Fiddler's option to decrypt HTTPS traffic works. They essentially use a "man in the middle attack" to trick the browser into thinking that it is making a secure connection to them instead of to the website you are trying to connect to, which allows them to decrypt all of the traffic before forwarding it on to the website you were trying to connect to.

If Adguard somehow fixes secure connections on your computer, then that could indicate that there is an issue with validating SSL certificates on your computer. Do you have all of the latest Windows Updates installed?

[buteman]

Now that is the Question do I have all the windows updates installed. I would probably say no but Microsoft updates disagree. I run the updates and it says up to date.Is there a way to check. I ran the troubleshooter in control panel Windows Updates . And it changed a few things but still nothing to download. there are 5 updates on it from the 3rd of Feb and two were for Flash and removal tool.

I think I downloaded them from the internet Cumulative Update for w10 Version 1607 (Kb3213968)- (KB2538243)- (KB2467173)

I have Give me updates for other Microsoft products ticked. That seems to be that so not sure if fully updated or not.

 

[GT500]

I think 1607 is still the latest major revision to Windows 10, so you more than likely have recent enough updates installed.

The only other thing I can think is something is preventing Windows from contacting Certificate Authorities to verify the authenticity of SSL certificates, which would break SSL/TLS secured connections in any programs that use Windows API's for secure connections.

Can you try right-clicking on the Start button, clicking on Command prompt (Admin), typing in the following, and then pressing Enter on your keyboard?

sfc /scannow

That will run the System File Checker, and have it verify that there are no problems with Windows System Files.

[buteman]

Have tried that a few times with nothing being found but not since the last update. So running it again now.

No nothing found so that looks Ok.

[GT500]

If nothing was found, then chances are the system files are all OK (or at least they match the verification data that the System File Checker has available to it).

[buteman]

GT500

Just wondering if they found anything to help with my Update problem or does it take a while for them to sift through the results.

[GT500]

Our QA team thinks it's a problem in Windows, and not an error that we can fix. The only real clue in the logs was the following:

Exception:

ClassName = EIdSocketError

Message   = Socket Error # 10054

Connection reset by peer.

It means that our update server closed the connection unexpectedly, however it would only do that if something about the connection wasn't right. It's possible that something else could be terminating the connection, however I can't be certain about that. Since it only happens with encrypted HTTPS communication, then it would be an issue with SSL/TLS support in Windows. It could also be your router or Internet service provider is interfering with the connection somehow.

We know that the correct IP addresses are being returned by DNS, since the diagnostic log showed that, so Emsisoft Anti-Malware is connecting to the correct servers. About the only thing I can think of right now is to try getting a packet capture from Wireshark, and analyzing it to see what might be broken in the connection that is causing it to get dropped like that. Either that or blindly try some of the repairs in Windows Repair (All In One) and see if one of them fixes it (maybe repair #7 "Repair Internet Explorer" would do it), however I can't know for certain that it would work without knowing exactly what is broken.

[buteman]

Could not do the power down trick as the battery on this laptop is inside the case.

C Dive was fime. sfc /scannow was ok.

I did get it to search for problems and it found a few so I had it repair them.

No difference showing except laptop maybe running a bit quicker.

.

 

 

Tweaking.com - Windows Repair - Pre-Scan.txt

Tweaking.com - Windows Repair - Repair Repair Reparse Points Log.txt

[buteman]

Also I googled this and of course as I am not very wise on the running of computers I would have to refrain from attempting to find the cause.

I suppose the best plan would be to just leave it and update it with SSL switched off.

My problem is it was my best line of defence in notifying me of bad web sites etc and and do not seem to get any warnings now. Maybe because of the lack of use. I don't know.

Like you I think probably a router fault but they say no.

Exception:

ClassName = EIdSocketError

Message   = Socket Error # 10054

Connection reset by peer.

[GT500]

After running through the various steps in tabs at the top of the Windows Repair (All In One) window, did you try running any of the separate fixes? I don't expect most of them will help, however there is a "Repair Internet Explorer" fix that may help.

[buteman]

Went back in and repaired everything in the box including I/E but still no difference.

[GT500]

In that case I'd say that whatever is wrong is something that Windows Repair (All In One) can't fix. It's also sounding more and more likely that it isn't an issue with your computer.

[buteman]

The only thing it could not fix was an  app for Edge.So not sure if that could cause the problem. probably doubtful.

Now the Laptop came with McAfee installed and I downloaded the removal tool and that removed it completely even from the registry.

Why I brought that up was I noticed a small icon from Intel on my screen,[ Must have been looking to see what intel does ] and the was a small Intel icon on the screen with what looked like an icon of Mcafee on it it and I think the wording on it was Intel partnered with McAfee.

Googled it this morning and it comes up with this. https://www.mcafee.com/uk/partners.aspx

I don't suppose intel could still have McAfee host file on it or something like that. Clutching at straws here but thought that I would mention it just in case.

[GT500]

21 hours ago, buteman said:

Why I brought that up was I noticed a small icon from Intel on my screen,[ Must have been looking to see what intel does ] and the was a small Intel icon on the screen with what looked like an icon of Mcafee on it it and I think the wording on it was Intel partnered with McAfee.

Intel owns McAfee, and is slowly changing the name to "Intel Security" (it may take them a few years to completely get there, since they don't want to lose customers by suddenly changing the company/product names).

Intel also makes a lot of hardware that comes in computers that use their processors, and thus their driver and management software tends to be on those computers as well.

[buteman]

I have been searching for Socket error # 10054 and almost all posts point to remote connections. Would that mean Emsisoft support connecting to my computer or a different thing entirely.

Socket Error # 10054

[buteman]

[There is a "Repair Internet Explorer" fix that may help.]

I ran that and no difference. Tried resetting it 3 or 4 times no difference But!

Yesterday I had Internet explorer opened and there were so many adds on it that I downloaded Adblock Plus to get rid of them.

It did not help Emsisoft but Eset is now working properly for the first time in 2 months. I put it down to the Adblock download but I suppose it could have been an update from Eset.

So looks that you may well have been correct GT500 saying it might be an Internet Explorer problem.

[GT500]

On 3/7/2017 at 3:44 AM, buteman said:

Would that mean Emsisoft support connecting to my computer or a different thing entirely.

We never connect to your computer without permission. We don't even build remote access into our software, and would require you to download and run a remote access tool before we could connect.

[buteman]

Sorry GT500 I was on about when they did connect to my computer with my permission would that be the cause of the  # 10054 error.

I just said everything I have googled for 10054 error points to an remote connection. So just interested to see if it was that which caused the error or some other connection.

Can I ignore that Error or does it still need to be fixed.

[GT500]

Is it possible that by "remote connection" that they were not talking about remote access software, but rather that the connection is being terminated by the remote server (which I would believe is what the error code means)?

[buteman]

Ok GT500. Not got a clue as to what remote server is so will do a bit of googling to see what I can find.

Now I get that problem when trying to update Emsisoft. cannot connect to the update server but when I disable SSL I can connect. I suppose there is a difference between update server and remote server.

[buteman]

Sorry GT500 tried to remove the last bit but not sure how.

[GT500]

Do you want to remove the screenshot, or part of your post?

 

19 hours ago, buteman said:

Now I get that problem when trying to update Emsisoft. cannot connect to the update server but when I disable SSL I can connect. I suppose there is a difference between update server and remote server

The term "remote server" just refers to a server somewhere on the Internet that a software is trying to connect to in order to send or receive data. In this case, that would be our update server.

[buteman]

Would like to have removed the screenshot. But remove all if easier.

 

[GT500]

Done.

You weren't able to see the screenshot, were you?