HoggyDog

Emsisoft Internet Security Infected with Trojan

Recommended Posts

Concerned about Emsisoft's low test scores on recent comparative tests, I decided to try Bitdefender, the only non-whitelist-based AV suite to consistently score 100% detection.

Imagine my surprise when Bitdefender reported that one of the EIS program files was infected with a trojan! At first I thought that this was Bitdefender's slimy way of unethically disparaging a competitive AV suite, but it was not- Bitdefender did not detect anything wrong with EIS on either of my other 2 computers running EIS (disabled) and Bitdefender. So I have now uninstalled EIS on this machine.

I'm attaching a screenshot of the Bitdefender detection report window because I had thought that Emsisoft was supposed to be self-protecting and you might want to know about this since it would seem that the self-protection failed in this case.

EmsisoftTrojanWTF.png
Download Image

Share this post


Link to post
Share on other sites

Assuming you didn't delete the infected file, can you upload it to VirusTotal to find out if lots of a/v software thinks it's infected?    Maybe it's not, it could just be a False Positive.

Share this post


Link to post
Share on other sites
1 hour ago, HoggyDog said:

Imagine my surprise when Bitdefender reported that one of the EIS program files was infected with a trojan! At first I thought that this was Bitdefender's slimy way of unethically disparaging a competitive AV suite, but it was not- Bitdefender did not detect anything wrong with EIS on either of my other 2 computers running EIS (disabled) and Bitdefender. So I have now uninstalled EIS on this machine.

 My first assumption would be that BitDefender's software didn't like Emsisoft Anti-Malware opening hooks to their running processes. Without being able to see a copy of the file that was detected, I can't be certain. If something like this happens again, then upload the file to VirusTotal and post the link to the analysis for us to review.

 

1 hour ago, HoggyDog said:

Concerned about Emsisoft's low test scores on recent comparative tests, I decided to try Bitdefender, the only non-whitelist-based AV suite to consistently score 100% detection.

We use BitDefender's scan engine and database. The only reason they score higher in testing is because their equivalent of a behavior blocker just automatically blocks things whereas ours will ask if a file is unknown, and thus we get a lower score and everything else EAM/EIS would block is labeled "user decision".

Share this post


Link to post
Share on other sites
On 6/30/2017 at 6:05 PM, GT500 said:

...The only reason they score higher in testing is because their equivalent of a behavior blocker just automatically blocks things whereas ours will ask if a file is unknown, and thus we get a lower score and everything else EAM/EIS would block is labeled "user decision".

Warning: Thread HiJack

This is always been a bone of contention on Wilders in AV-Comparatives Test Result threads.

There are always the naysayers:"Hey yez, but others did just as well with similar FPs without User Interventions Yoh."

The question boils down to "What is it about EMIS/EMAM that causes it to operate this way?"

Is it merely a "fail-safe" for avoiding FPs or something more fundamental in the structure/operation/design/philosophy of EMIS/EMAM ??

Share this post


Link to post
Share on other sites
On 7/9/2017 at 0:36 PM, HAWKI said:

Is it merely a "fail-safe" for avoiding FPs or something more fundamental in the structure/operation/design/philosophy of EMIS/EMAM ??

It's design philosophy more than anything else. While computers can make decisions, automating decisions in ambiguous cases like this is not easy. For instance, we know that specific types of behavior are used by malicious software, however there are often many legitimate uses for the same behavior, so how to we tell the difference between legitimate software and malicious software? We use a number of mechanisms to do so (such as whitelisting/blacklisting digital signatures, our Anti-Malware Network, VirusTotal's API, etc) however there are a vast number of legitimate programs out there that are not digitally signed and which we don't see in order to whitelist them before our software accidentally blocks them, so rather than do so we give the user a choice of whether or not they feel a program exhibiting potentially malicious behavior is legitimate or not.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.