andrey

EAM & Zemana Antilogger

Recommended Posts

Hi All!

Several years ago this issue was already discussed.-_-

I would like to know 2 things: Is the current version of EAM and Zemana Antilogger compatible?

and is there any sense in strengthening the EAM by this program?:huh:

Of course, when there was an online armor, I would not ask such a question;)

Share this post


Link to post
Share on other sites

I had use Zemana AntiMalware/AntiLogger with Emsisoft many months already , and there is no any issue before ,

even on the Emsisoft Internet Security old version .

 

Zemana's real-time protect with Pandora technology is good , but i think it's not the best ,

however , Zemana is light and quick response , still useful .

 

As i know , Zemana are using not only one Engines to detect the Malware ,

but use plural Engines , unfortunately Zemana official refuse to talk what Engines they use .

 

But i can guess , i believe the Bitdefender & Emsisoft Engines and database is not in their list ,

so for avert Bitdefender & Emsisoft may miss something , using Zemana with Emsisoft together ,

Seems not a bad idea .

 

 

Share this post


Link to post
Share on other sites

A lot of people use Emsisoft Anti-Malware and Zemana Anti-Malware together, and while it usually seems to work fine, keep in mind that we don't officially recommend running multiple anti-virus applications on the same computer.

Share this post


Link to post
Share on other sites

Thanks for the answer!

I understand that 2 security programs on one machine are not very good!-_-
But I was referring to Antilogger(!), not to AntiMalware.

After all, these programs have slightly different tasks and functions!


An antilogger is more of a behavior blocker, not an antivirus application!

Or I'm wrong?:huh:

Share this post


Link to post
Share on other sites
10 hours ago, andrey said:

An antilogger is more of a behavior blocker, not an antivirus application!

I thought it was an anti-keylogger (although it looks like they added more protection features over the years). Either way, I don't think it provides any protection that the Behavior Blocker in Emsisoft Anti-Malware doesn't already provide.

  • Like 1

Share this post


Link to post
Share on other sites
On 10/25/2017 at 8:24 PM, andrey said:

Thanks for the answer!

I understand that 2 security programs on one machine are not very good!-_-
But I was referring to Antilogger(!), not to AntiMalware.

After all, these programs have slightly different tasks and functions!


An antilogger is more of a behavior blocker, not an antivirus application!

Or I'm wrong?:huh:

Seems Zemana Anti-Logger v2 and above doesn't have the  HIPS module anymore, like it was  in v1.9:  https://www.wilderssecurity.com/threads/zemana-antilogger-tests.388457/

So now it looks like to be ZAM with added basic anti-logger module.

So to me, it doesn't doing better that what does Emsisoft AM is capable of. 

  • Like 1

Share this post


Link to post
Share on other sites

Hi!

Many thanks for the clarification!

And I did not know that Zemana Antilogger 2.1 is not at all the product that was before!:o

It would be my big mistake to install Zemana, but you stopped me in time!

Thank you! Of course, the protection of the EAM is absolutely enough!:)

Share this post


Link to post
Share on other sites

@andrey

 

Take a look for this video :

 

 

Even Emsisoft did pretty well , but Zemana isn't unuseful ,

in this video test , you can saw that there is no one can have 100% detect for the Malware .

 

In the old version for EIS (Emsisoft Internet Security ) had a WFP (Windows Filtering Platform) driver ,

they may have a compatibility issue with Malwarebytes ( Malwarebytes also had a WFP) ,

(however it never happen on me)

 

And now seems EAM ( Emsisoft AntiMalware) had no WFP anymore ,

should be ok to install with other security tool or program . :) 

Share this post


Link to post
Share on other sites

Thank you, Kevin! watched the video.

It's good. And I do not doubt the possibility of working together EAM, MBAM & Zemana:)

But that's not the point! And in that (as explained GT500 and Umbra), that Zeman Antilogger in the latest version does not already have those functions of proactive protection and behavioral analysis, as it was before<_<

Therefore, there is no sense in using the Antilogger together with the EAM.

Share this post


Link to post
Share on other sites
11 hours ago, KevinYu0504 said:

In the old version for EIS (Emsisoft Internet Security ) had a WFP (Windows Filtering Platform) driver ,

they may have a compatibility issue with Malwarebytes ( Malwarebytes also had a WFP) ,

(however it never happen on me)

I was recently told that the WFP issues were primarily on Windows Vista, so anyone using Windows 7 or newer shouldn't have had problems. ;)

  • Like 1

Share this post


Link to post
Share on other sites

Yes, you can do that. Even in cases where the two WFP drivers were an issue, MBAM only used its WFP driver as part of its real-time protection, so to my knowledge even if you had a premium license key the driver wouldn't run on startup if MBAM was configured not to run on startup.

As for using MBAM as just a freeware scanner, that should have never been a problem.

Share this post


Link to post
Share on other sites
On 2017/10/27 at 8:37 AM, GT500 said:

I was recently told that the WFP issues were primarily on Windows Vista, so anyone using Windows 7 or newer shouldn't have had problems. ;)

Cool ,

thanks for telling ;)

Share this post


Link to post
Share on other sites
On 2017/10/27 at 12:20 AM, andrey said:

But that's not the point! And in that (as explained GT500 and Umbra), that Zeman Antilogger in the latest version does not already have those functions of proactive protection and behavioral analysis, as it was before<_<

Therefore, there is no sense in using the Antilogger together with the EAM.

Yes , indeed , as i know , Zemana remove the HIPS from new version 2.X ,

But the real-time protect still working .

 

Here is a link for EIRCA test , you can just try this link to test Zemana's real-time .

and you will see Zemana real-time is still working even there is no HIPS .

https://secure.eicar.org/eicar.com.txt 

usually all the securtiy  program will reaction immediately .

 

In my experience , Zemana still had few times jump out the warring windows and block the suspicious file ,

and EAM do not . 

And that means Zemana still had their exclusive detection technology ,

I don't feel using them together is unuseful .

Share this post


Link to post
Share on other sites
6 minutes ago, JeremyNicoll said:

@KevinYu0504  Maybe though the reason that EAM didn't report a suspicious file was because Zemana already had?  Have you ever seen both products report something?

 

Yes , but never see it on my real PC , i am a pretty careful user , so never happen on my system ;)

 

But the video i shared on top , in the test ,

you can see some of Malware or Ransomware had be detected by EAM and Zemana both in same time .

Share this post


Link to post
Share on other sites

> But the video i shared on top , in the test ,   you can see some of Malware or Ransomware had be detected by EAM and Zemana both in same time .

OK.  I gave up on the video because I couldn't follow what was going on - a combination of things happening far too fast, not knowing what all the settings were on each program (and not being able to read stuff in a language I don't know).   

Even so, for different types of thing being detected, I would have thought that where EAM has hooks in other processes, if Zemana also has hooks, there's quite a chance that if either product intercepts something that the other product wouldn't get to see the same thing.  After all you'd expect that the normal behaviour of a product that intercepts something is NOT to pass the intercepted thing on to the next part of a process... else what use is it?    Or do you run such tests in a 'report but don't block anything' mode?  

Share this post


Link to post
Share on other sites
23 minutes ago, JeremyNicoll said:

> But the video i shared on top , in the test ,   you can see some of Malware or Ransomware had be detected by EAM and Zemana both in same time .

OK.  I gave up on the video because I couldn't follow what was going on - a combination of things happening far too fast, not knowing what all the settings were on each program (and not being able to read stuff in a language I don't know).   

Even so, for different types of thing being detected, I would have thought that where EAM has hooks in other processes, if Zemana also has hooks, there's quite a chance that if either product intercepts something that the other product wouldn't get to see the same thing.  After all you'd expect that the normal behaviour of a product that intercepts something is NOT to pass the intercepted thing on to the next part of a process... else what use is it?    Or do you run such tests in a 'report but don't block anything' mode?  

Oh...i am not profession about this ,

But i think you might be right .

 

All i am trying to say , just want to tell him, the Zemana had using different database and Engines ,

in some rare situation , Emsi and Bitdefender they may both miss some malware or Ransomware  or BitcoinMiner ,

but other security program maybe won't , so use them both together can make sure to improve the detection probability .

 

:thumbs:

 

Share this post


Link to post
Share on other sites
On 10/28/2017 at 6:33 AM, KevinYu0504 said:

In my experience , Zemana still had few times jump out the warring windows and block the suspicious file ,

and EAM do not . 

And that means Zemana still had their exclusive detection technology ,

I don't feel using them together is unuseful .

This probably has more to do with filesystem filter driver altitude than anything else. Basically Microsoft assigns a number to every filesystem filter driver, and the drivers with the lower numbers are allowed to filter filesystem access before the drivers with the higher numbers, meaning that any Anti-Virus filesystem drivers that have lower numbers than ours will have access to a malicious file for scanning first, and if their software removes the file before it gets passed to Emsisoft Anti-Malware for scanning then Emsisoft Anti-Malware won't detect it (since it's already gone).

You'll probably notice that our current driver (epp.sys) isn't on that list. I'm not certain if the list is simply out of date or not, however our epp.sys driver is only a couple of years old, so it stands to reason that drivers that have been around longer will have lower altitudes and thus be able to filter filesystem access before our driver.

  • Like 1

Share this post


Link to post
Share on other sites
10 hours ago, GT500 said:

This probably has more to do with filesystem filter driver altitude than anything else. Basically Microsoft assigns a number to every filesystem filter driver, and the drivers with the lower numbers are allowed to filter filesystem access before the drivers with the higher numbers, meaning that any Anti-Virus filesystem drivers that have lower numbers than ours will have access to a malicious file for scanning first, and if their software removes the file before it gets passed to Emsisoft Anti-Malware for scanning then Emsisoft Anti-Malware won't detect it (since it's already gone).

You'll probably notice that our current driver (epp.sys) isn't on that list. I'm not certain if the list is simply out of date or not, however our epp.sys driver is only a couple of years old, so it stands to reason that drivers that have been around longer will have lower altitudes and thus be able to filter filesystem access before our driver.

 

Thanks for your great explanation , i am full understand ,

I am pretty grateful :)

 

 

Zemana sometimes had a very few alert alert with their Pandora technology is enable ,

(usually pop with a orange windows and note " suspicious " , not red)

fortunately exclude them is easy ~

 

 

-------------------------

 

The Emsisoft are still the best antivirus(antimalware) software in my personal list :wub:

Share this post


Link to post
Share on other sites
14 hours ago, KevinYu0504 said:

Thanks for your great explanation , i am full understand ,

I am pretty grateful :)

You're welcome. ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.