Jump to content

Recommended Posts

Hi , I'm Running EAM recent version with 1 year licenses (Windows 7 ultimate 32 bit..RAM 3 Gb)..and it's doing great  & smoothly ...

I just want to ask...when i open "eventvwr-windowslog-security" there is warning that say "audit failure"

 

Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

File Name:    \Device\HarddiskVolume2\Program Files\EAM\a2hooks32.dll    

 

 

What is means exactly...thx alot

sorry for my Bad English

Link to post
Share on other sites
On 7/15/2017 at 8:30 AM, Christianto said:

Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

File Name:    \Device\HarddiskVolume2\Program Files\EAM\a2hooks32.dll 

a2hooks32.dll is the 32-bit DLL file that Emsisoft Anti-Malware injects into other running processes (specifically 32-bit processes, as we have a 64-bit version for 64-bit processes on 64-bit versions of Windows) and this allows the Behavior Blocker to open hooks to those running processes so that it has access to their memory, and can monitor their behavior. If there's a problem with this DLL file, and it can't be loaded, then the Behavior Blocker won't be able to monitor running processes and you will not see Behavior Blocker alerts or Anti-Malware Network notifications (when the safety of a running program is being verified). If you're still seeing alerts and notifications from the Behavior Blocker, then everything is working fine. ;)

Link to post
Share on other sites
42 minutes ago, GT500 said:

a2hooks32.dll is the 32-bit DLL file that Emsisoft Anti-Malware injects into other running processes (specifically 32-bit processes, as we have a 64-bit version for 64-bit processes on 64-bit versions of Windows) and this allows the Behavior Blocker to open hooks to those running processes so that it has access to their memory, and can monitor their behavior. If there's a problem with this DLL file, and it can't be loaded, then the Behavior Blocker won't be able to monitor running processes and you will not see Behavior Blocker alerts or Anti-Malware Network notifications (when the safety of a running program is being verified). If you're still seeing alerts and notifications from the Behavior Blocker, then everything is working fine. ;)

 

emsisoftPrintscreen.png

Link to post
Share on other sites

The easiest way to test the Behavior Blocker is to run a batch file that contains the code from BatchGotAdmin. Here's a quick (and harmless) batch file that you can run to see if you get an alert from the Behavior Blocker (do not select "Allow always" in the alert, or it will lose any value for testing):
https://www.gt500.org/emsisoft/bb_test.zip

Download the above ZIP archive, open it, and double-click on the batch file inside to run it.

When you run it, you should see a notification on the right side of the screen that Emsisoft Anti-Malware is verifying its safety with the Anti-Malware Network. Once it has verified that there is not enough information to determine the safety of the file, an alert should be displayed by the Behavior Blocker asking you what to do with it. If you select "Allow once" then the alert will close, and Windows will ask you if you want to allow the Windows Command Processor to make changes to your computer (don't worry, all it does is reopen the test batch file and display a message that says "Test finished" and "Press any key to continue"). If you select "Block once" it will prevent the test batch file from asking for administrative rights, and it will close without displaying a message. If you select to quarantine the test batch file, then it will be deleted and a backup copy will be saved in the Quarantine.

Here's a picture that shows what the alert should look like:

bb_test_batch_file_alert.png

 

Link to post
Share on other sites
11 hours ago, Christianto said:

Thx sir.... so i think my EAM is ok... 

Correct, that's exactly what you should see if the Behavior Blocker is working. The batch file attempts to elevate its permissions, the Behavior Blocker catches it, and warns you about it. ;)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...