JoeP

EAM not blocking/scanning?

Recommended Posts

Hello Joe,

Thank you for providing this feedback. Regarding your first post, any chance you could attach the files that caused the ESET alerts so I can test them? Because no security solution monitors the system at exactly the same time/location, it is possible our software would simply have shown the same alert had ESET not already blocked it, however I don't want to make that claim without first testing it myself.

 

As for the second post, from what I can see everything detected was located in archives. This doesn't mean real time protection didn't monitor correctly, it just means that these files/archives were not modified.

 

If you have any further question about this, please let me know.

Share this post


Link to post
Share on other sites

As a general note:

File system filter drivers, which are the base for every on-access scanner, are organised in layers. Each driver is located at a certain altitude, which is assigned by Microsoft. The current assignment can be seen here:

https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/allocated-altitudes

This means, all requests pass through all layers in a fixed order and are only passed on further if the filter allows it. The moment a driver decides to block the access (which is the case here with ESET blocking access to the malware file), drivers above or below that driver will not see the request and therefore won't scan the file. This is working as intended.

Also keep in mind that the defaults of ESET and Emsisoft differ. By default, we only scan files when they are written to or executed, while ESET also scans when a file is merely opened for reading. You can set the EAM File Guard to "Thorough" to get the same behaviour. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.