Guest Tempus

Behavior Blocker alerts and me =)

Recommended Posts

Guest Tempus

Hi Emsisoft

Yesterday, I received a behavior blocker alert, stating that a non digitally signed and unknown file were trying to install invisibly. I took a search of the file using the Sha and Md5 on virustotal, but they couldn't give me any useful information at the time. Some more research led me to that the file, was a file from " Acer" , and as I use a Acer gaming Laptop at the moment, then it  all gave  more sense.  (Acer use some of their own software like " Acer care center ") But anyway, it all ended up with that I followed Emsisoft's recommendations to Quarantine the file. I chose that decision because if it was a false positive then I would always be able to take the file out of the quarantine. But the file was not saved to the quarantine, how can that be ?  I think that for an average user the Behavior alerts, can most often be the toughest kind of alerts to do a qualified decisions about, to either block or run a certain file. I would think that many users dont know what to do with the Sha or MD5 informations. Don't get me wrong, I really like that those information is accessible, but I would really like some more user friendly guidance when a behavior alert pops up. Unfortunately I don't have any suggestion for a solution...only a wish for a more easy decision interface for those kinds of alerts.

Best Regards Tempus =)

 

 

2017-03-30_15-32-06.png
Download Image

Share this post


Link to post
Share on other sites

I get the same popup behavior alert everytime I update my NVDIA drivers. I do a clean install everytime. Also everytime I click Allow Always. No idea why a driver installer component from a large company would be flagged.

But, I don't mind, just one click to always allow.

Just remembered. Same thing with anything from Futuremark, 3DMark. That one has to be put into exceptions. Seems it's the system info service that Emisoft doesn't like. But it's a necessary component of 3DMark.

Again, easily resolved with allowing the program and other components (3DMark.exe for example), also adding an exemption for the whole folder in Programs files and program data.

And Steam games. All game directories are in exemptions as they always popup otherwise.

But, a lot of false positives is better than not enough, and it's easy to add the folder with the Steam games (all games for each directory and drive). not to be checked in real time. Scans are fine, no changes necessary.

Edited by Gawg
Extra info added

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.