Jump to content

Emsisoft Internet Security Infected with Trojan


HoggyDog
 Share

Recommended Posts

Concerned about Emsisoft's low test scores on recent comparative tests, I decided to try Bitdefender, the only non-whitelist-based AV suite to consistently score 100% detection.

Imagine my surprise when Bitdefender reported that one of the EIS program files was infected with a trojan! At first I thought that this was Bitdefender's slimy way of unethically disparaging a competitive AV suite, but it was not- Bitdefender did not detect anything wrong with EIS on either of my other 2 computers running EIS (disabled) and Bitdefender. So I have now uninstalled EIS on this machine.

I'm attaching a screenshot of the Bitdefender detection report window because I had thought that Emsisoft was supposed to be self-protecting and you might want to know about this since it would seem that the self-protection failed in this case.

EmsisoftTrojanWTF.png

Link to comment
Share on other sites

1 hour ago, HoggyDog said:

Imagine my surprise when Bitdefender reported that one of the EIS program files was infected with a trojan! At first I thought that this was Bitdefender's slimy way of unethically disparaging a competitive AV suite, but it was not- Bitdefender did not detect anything wrong with EIS on either of my other 2 computers running EIS (disabled) and Bitdefender. So I have now uninstalled EIS on this machine.

 My first assumption would be that BitDefender's software didn't like Emsisoft Anti-Malware opening hooks to their running processes. Without being able to see a copy of the file that was detected, I can't be certain. If something like this happens again, then upload the file to VirusTotal and post the link to the analysis for us to review.

 

1 hour ago, HoggyDog said:

Concerned about Emsisoft's low test scores on recent comparative tests, I decided to try Bitdefender, the only non-whitelist-based AV suite to consistently score 100% detection.

We use BitDefender's scan engine and database. The only reason they score higher in testing is because their equivalent of a behavior blocker just automatically blocks things whereas ours will ask if a file is unknown, and thus we get a lower score and everything else EAM/EIS would block is labeled "user decision".

Link to comment
Share on other sites

  • 2 weeks later...
On 6/30/2017 at 6:05 PM, GT500 said:

...The only reason they score higher in testing is because their equivalent of a behavior blocker just automatically blocks things whereas ours will ask if a file is unknown, and thus we get a lower score and everything else EAM/EIS would block is labeled "user decision".

Warning: Thread HiJack

This is always been a bone of contention on Wilders in AV-Comparatives Test Result threads.

There are always the naysayers:"Hey yez, but others did just as well with similar FPs without User Interventions Yoh."

The question boils down to "What is it about EMIS/EMAM that causes it to operate this way?"

Is it merely a "fail-safe" for avoiding FPs or something more fundamental in the structure/operation/design/philosophy of EMIS/EMAM ??

Link to comment
Share on other sites

On 7/9/2017 at 0:36 PM, HAWKI said:

Is it merely a "fail-safe" for avoiding FPs or something more fundamental in the structure/operation/design/philosophy of EMIS/EMAM ??

It's design philosophy more than anything else. While computers can make decisions, automating decisions in ambiguous cases like this is not easy. For instance, we know that specific types of behavior are used by malicious software, however there are often many legitimate uses for the same behavior, so how to we tell the difference between legitimate software and malicious software? We use a number of mechanisms to do so (such as whitelisting/blacklisting digital signatures, our Anti-Malware Network, VirusTotal's API, etc) however there are a vast number of legitimate programs out there that are not digitally signed and which we don't see in order to whitelist them before our software accidentally blocks them, so rather than do so we give the user a choice of whether or not they feel a program exhibiting potentially malicious behavior is legitimate or not.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...