Jump to content

Warning when block rule applied in 7838

stapp

By stapp,
in Beta Community

 Share

Recommended Posts

Frank H

Frank H

Posted
Posted

Hey Pete,

Such warnings have been here the since ages and none ever complained.
EAM/EIS just tells windows to block a process from executing and this warning is what windows makes of it, we  do not control that.

 

Link to comment
Share on other sites
Frank H

Frank H

Posted
Posted

that would be funny....:P

It is obvious that such apprules are added by experienced users, so when such waning shows up, they exactly know what caused it.

I can't recall a support request from confused users related to this windows warning.

 

 

Link to comment
Share on other sites
JeremyNicoll

JeremyNicoll

Posted
Posted

I think you'll also get people who act on advice (elsewhere perhaps) and set up such a rule.  If you're not going to produce a message of your own that's accurate, then the next best thing would be to describe this misleading message in the documentation, as a consequence of a total block rule.  And preferably also mention it within the application when someone creates such a rule.

Link to comment
Share on other sites
JeremyNicoll

JeremyNicoll

Posted
Posted

Now that 7838 is in the Stable feed, I tried this.  The message I get when (a non MS) application is blocked is slightly different:

    <the-program's-full-filepath>

   Operation did not complete successfully because the file contains a virus or potentially unwanted software.

 

Has the message text been changed from that described above (in which case, thank-you, I think it is better), or is my message (under W8.1) being produced for a slightly different reason?

As discussed elsewhere I note that the block is not logged at all; I hope that does get changed.

 

 

Link to comment
Share on other sites
Frank H

Frank H

Posted
Posted

Hi,

Quote

message text been changed from that described above (in which case, thank-you, I think it is better), or is my message (under W8.1) being produced for a slightly different reason?



As explained earlier, we do not control this windows messagebox. You run W8.1  and this might be the reason for a slightly different wording.

We already planned to add  a logrecord to the forensic log in a future release.

 

Link to comment
Share on other sites
iWarren

iWarren

Posted
Posted

Glad I found this thread... I had all of these things on my mind when I first tried it out.

I was honestly, just more happy that it was blocked correctly, I didn't really mind how I was notified.

When I blocked a program that came from the Explorer taskbar, it told me the link had been removed
and asked me if I wanted to delete the item.  Which is fine... its just detecting that the program is no
longer available as it once was.

In Windows 7 (32-bit) when I block mspaint.exe like stapp did, I do get a different Windows error message.

Mine is....
  

C:\Windows\System32\mspaint.exe  

The parameter is incorrect

 

Which I still think is fine.

If we start adding EIS Alerts to everything that was blocked, it might start to become intrusive.

I will admit, in the past, I've probably set a block and forgotten about it, but I eventually remembered i'd set it
and remembered this type of behavior.

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 05/19/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...