stapp 121 Report post Posted April 13, 2017 EAM 7353 on Win 10 Pro 64 bit build 1703. What is this Mem Compression just shown as verifying? Download Image Share this post Link to post Share on other sites
Frank H 84 Report post Posted April 13, 2017 Hi stapp, could you provide debuglogs, covering a reboot + opening the Behavior Blocker monitor screen ? thanks Share this post Link to post Share on other sites
stapp 121 Report post Posted April 13, 2017 Machine was off so I turned it on, opened BB page and collected debug logs. When I zipped the logs I noticed a2service log was still showing info from before I turned off the PC (started machine at 19.44) That's when I realised that build 1703 had enabled fast startup again on my machine Perhaps that may explain something?. I will shut down and boot again and see if it still happens. a2guard_20170413194445(1576).zip Share this post Link to post Share on other sites
stapp 121 Report post Posted April 13, 2017 So I have got the logs for after I disabled fast startup again, shutdown, turned on, and then opened BB screen Still verifying. a2start_20170413201747(5420).zip Share this post Link to post Share on other sites
stapp 121 Report post Posted April 19, 2017 Anyone able to reproduce this? Share this post Link to post Share on other sites
Guest Tempus Report post Posted April 19, 2017 Hi stapp Yes I can reproduce the issue. Windows 10 Home 64 bit version 1703, OS build 15063.138 Emsisoft Internet security version : 2017.3.1.7353 Reproduced stapp's issue by following the method from " Frank H " ... activated Debug logging /restarted the system/ Opened Emsisoft, went to the behavior blocker screen, waited for a while before I disabled the debug logger. No other security software besides Emsisoft is running on the system... ( Paragon backup and Recovery is used, but only on demand) Debug Logs.zip Download Image Share this post Link to post Share on other sites
Pilis 3 Report post Posted April 19, 2017 This is the process which shows the amount of memory which has been compressed through the memory compression feature introduced in Windows 10. Originally this compressed memory (stored in "compression stores") was located in the "System"-process’s working set. With Win 10 1607 (Anniversary Update) this compressed memory has been split up into a separate process called "Memory Compression" to account for the general confusion why the "System"-process has been so "memory-greedy" compared to Win 8.1. This process is hidden in the default Task Manager. But you can for example show it with an elevated PowerShell (Get-Process -Name "Memory Compression") or using Process Explorer: Download Image I'm still on 1607 and for me EAM also hides this process in the Behavior Blocker window. Since you are already on 1703 (Creators Update) it looks like there maybe have been some changes to this process and the exception Emsisoft created doesn't work anymore. Since there is no real executable for this process I guess there's no easy way to actually create hashes of it. Which most probably is the reason why the reputation keeps staying on "Verifying...". Cloud lookups won't work if they don't know the hash of the process. Maybe Microsoft has only changed the name? (from "Memory Compression" to "MemCompression" like your screenshots say) Can you show us the output of "Get-Process -Name "Memory Compression"? (or "Get-Process -Name "MemCompression" respectively) It has always been called "MemCompression". Only third-party tools like Process Explorer or Process Hacker have named it "Memory Compression". (Source) So that's not the issue. Still Emsisoft simply needs to hide it again. Share this post Link to post Share on other sites
Guest Tempus Report post Posted April 19, 2017 I think you got it right Pilis..... but nevertheless i booted up in a elevated Powershell and here is what i got : Download Image Share this post Link to post Share on other sites
Peter2150 43 Report post Posted April 20, 2017 For security I'd disable powershell. It is used by a lot nasty stuff Share this post Link to post Share on other sites
stapp 121 Report post Posted April 20, 2017 True Peter, but we are talking about Emsi seeing MemCompression in the creators build. Share this post Link to post Share on other sites
Pilis 3 Report post Posted May 1, 2017 Still valid with 2017.4.0.7424. (I know it's a very minor issue, just mentioning.) Share this post Link to post Share on other sites
Frank H 84 Report post Posted May 1, 2017 The memcompression display issue has not been fixed in 2017.4 yet. The fix will be included in next beta release. Share this post Link to post Share on other sites
stapp 121 Report post Posted May 12, 2017 Still happening in beta 7484 Share this post Link to post Share on other sites
stapp 121 Report post Posted May 25, 2017 MOemCompression in now hidden in the build 7538 BB list, so I guess that is the fix Share this post Link to post Share on other sites
Frank H 84 Report post Posted May 25, 2017 Hi stapp, yes, this has been fixed too in 7538 Share this post Link to post Share on other sites
stapp 121 Report post Posted June 26, 2017 Should I see MemCompression in BB list using build 7640? (because I do..it's listed as good) Share this post Link to post Share on other sites
Frank H 84 Report post Posted June 26, 2017 Nope it should be hidden. On my W10 it's hidden. what is your windows version ? Share this post Link to post Share on other sites
stapp 121 Report post Posted June 26, 2017 Win 10 Pro, latest build of 1703 Creators Update. If you want a screenshot it will have to be later after dinner. Share this post Link to post Share on other sites
Frank H 84 Report post Posted June 26, 2017 no need stapp, confirmed on w10 16181 Share this post Link to post Share on other sites
stapp 121 Report post Posted June 26, 2017 Just for info Frank, my build number of 1703 is 15063.413 Share this post Link to post Share on other sites
stapp 121 Report post Posted August 1, 2017 Memcompression still appears in BB list on Win 10, two of the right-click options are not clickable for it anyway (wonder what would happen if I did a block rule for it ) Share this post Link to post Share on other sites
stapp 121 Report post Posted August 25, 2017 Mem compression still appears in BB list on beta 7904 on Windows 10 pro 64 bit 1703 (15063.540) Share this post Link to post Share on other sites
Frank H 84 Report post Posted August 25, 2017 thanks stapp, we are aware. Due to the holidays season, we had other more important issues and new features to fix with limited occupation. Share this post Link to post Share on other sites
stapp 121 Report post Posted August 25, 2017 OK Frank, I understand I'll remind you again after the next beta Share this post Link to post Share on other sites
Frank H 84 Report post Posted August 25, 2017 There is no need to remind me it's a low prio issue and will be fixed one day. Share this post Link to post Share on other sites
Frank H 84 Report post Posted November 22, 2017 fyi: Issue is fixed in the upcoming beta. Share this post Link to post Share on other sites
stapp 121 Report post Posted November 25, 2017 On 22/11/2017 at 9:10 PM, Frank H said: fyi: Issue is fixed in the upcoming beta. Confirmed as fixed in build 8219 Share this post Link to post Share on other sites
Frank H 84 Report post Posted November 25, 2017 thanks stapp Share this post Link to post Share on other sites
