Jaimie

Emsisoft blocks Spotlight update

Recommended Posts

Hi,

since I have installed Emsisoft Anti Malware I no longer receive updated Spotlight images for the lockscreen.
The same old pictures are used.
How did I check the root cause?
I deleted all spotlight images in the directory first.
Then set lockscreen setting from "windows spothlight" to a picture - worked.
Then set lockscreen setting to "Windows Spotlight" - no image appears.
Disabled EMSISOFT "surf protection" - new images appear. Of course I can't keep this setting.


As far as I understood spotlight images are based on daily images presented by the Bing search engine, so obviously this is blocked by EMSISOFT.
However... Bing.com itself is working perfectly well.

Any help aprecciated

Jaimie

Windows 10 Pro 64Bit, Emsisoft Anti Malware Licenced 36 months, latest update 53minutes ago

Share this post


Link to post
Share on other sites

Is there anything in the Surf Protection logs that might show what is being blocked? Just open Emsisoft Anti-Malware, click on Logs, and select Surf Protection from the menu at the top. There will be a button in the lower-left to Export the log and save it somewhere so that you can attach it to a post for me to review if you'd like.

Share this post


Link to post
Share on other sites

Interestingly, Surf Protection does not log anything, but I figured out something else...
If I deactivate surf protection, the directory which shall store the objects for the spotlight, I hope I looked up the right one, is populated by data, however spotlight doesn't display it. It defaults back to the last shown picture I had used.
 

Clipboard01.jpg
Download Image

Share this post


Link to post
Share on other sites

We need to know what address Windows is loading the content from. That way it can be whitelisted.

Share this post


Link to post
Share on other sites

I used the "resmon" to figure out which process starts acting on the network when I enable Spotlight.
It seems to be "BackgroundTransferHost.exe" transferring the pictures, however it does not always connects to the same address.
Sometimes it was 2.22.12.14, sometimes 104.124.128.119 - no fixed IP or hostname I could uadd to the whitelist :o:(.

As this drives me nuts, I also installed Emsisoft on my laptop.
Same WIndows W10 Pro Version (not german but english OS language ).
Here the spotlight is not being blocked by surf protection.

 


 

Share this post


Link to post
Share on other sites
On 2/11/2017 at 9:31 AM, Jaimie said:

Sometimes it was 2.22.12.14, sometimes 104.124.128.119 ...

Those are Akamai CDN addresses. Microsoft uses Akamai to host most of their content online since it's much cheaper than paying for the bandwidth themselves. The issue is that whatever domain name resolves to those IP addresses is in one of EAM's blocklists for the Surf Protection. I tried doing some reverse DNS lookups and checking on Shodan, but I wasn't able to find anything that was in our default Host Rules. The only Microsoft address that appears to be in our Host Rules at the moment is rad.microsoft.com, however this is a "Privacy risk" host, and these are not blocked by default. Did you turn on the option to block "Privacy risks" in the Surf Protection settings?

 

On 2/11/2017 at 9:31 AM, Jaimie said:

As this drives me nuts, I also installed Emsisoft on my laptop.
Same WIndows W10 Pro Version (not german but english OS language ).
Here the spotlight is not being blocked by surf protection.

Here are the most likely possibilities for why that is happening:

  • The Surf Protection was manually configured to block "Privacy risks" (this is set to "Don't block" by default).
  • The domain that is being resolved when Spotlight tries to load the graphics is in your custom Host Rules.

Share this post


Link to post
Share on other sites

Hi,

just checked it - Privacy Risks is set to "Don't block" and I did not set any custom host rules :o(
Interesting again... I Installed it on another PC (german OS ), same behavior like the other PC with german OS - Spotlight is blocked.


 

 

 

Share this post


Link to post
Share on other sites

Interesting. I wonder if it is specific to German language versions of Windows 10. I'll ask some of our German team members, and see if they have seen anything like this.

Share this post


Link to post
Share on other sites

I was told by at least one of our German employees that this did not happen in their testing on German editions of Windows 10. It's possible that there were other differences than just just the language. Perhaps they were different editions (Home, Professional, etc). It's also possible that one of them had been modified by the manufacturer to load the images from a different address.

Share this post


Link to post
Share on other sites

Good morning,

since three days the pictures are no longer blocked. It works now!
As nobody did install or change anything to the PC, I assume  an update must have solved this.

Share this post


Link to post
Share on other sites
On 2/24/2017 at 2:05 AM, Jaimie said:

...I assume  an update must have solved this

That is more than likely the case. If it happens again, then let me know, and we can get some debug logs and see if they explain what is going on.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.