Sign in to follow this  
Wraith

CLOSED recent change in update behaviour

Recommended Posts

Hi, I subscribe to Antimalware 5 and recently noticed a change in update behavior. Namely each time I manually activate an update lately, Antimalware wants me to re-start the program,(which it rarely did in the past, also yesterday it started showing the green arrows like it was auto-downloading updates and then the shield down red circle appeared, I was watching video online and immediately closed my browser and then the shield went back to normal. When I opened my browser again the download arrows came back for a couple of seconds and then stopped without downloading anything. Also, I have auto-update set for every two hours but it doesn't always attempt to update every two hours.

My system is an Intel I5 750, gigabyte motherboard, 8gb ram running Windows 7 64bit and a Lynksis router with wireless switched off my browser is Firefox 3.6.12.

I have Antimalware 5 installed in program files because the description I originally read on Emsisoft's site said it can run in 64 bit. I use several other av and rootkit etc., scanners but only Emsisoft Antimalware is set to resident scanner.

I would appreciate any insight you could offer about this behavior.

Share this post


Link to post
Share on other sites

Hi Wraith,

Basically if you will read this thread & the links inside you'll find an explanation given by the developers

In order to make it easier for you just in case here is a quote from the old forum

As far as I understood from replies by Christian Mairoll:

The red dot indicates an update where the Guard has to be auto-restarted after modifications. That usually takes few seconds but it depends on the system longer user-session; number of opened programs; currently active processes. In this case it may take much longer – some minutes

Personally I am not experiencing such problem on win 7 x64

I retested manual update a well with current beta & the stable version. All is working fine

I can watch fool screen DVD & connect to Internet having Firefox and IE active … even watching streaming video simultaneously with DVD does not break EAM' auto-updates (set to minimum interval = 30 min)

Definitely some (probaly spare) processes are interfering. My system is tweaked. A lot of native spare services are disabled; many scheduled tasks are disabled; practically all pre-installed Software either uninstalled or the services/startups are disabled as well.

Speaking about that. As you can see from on of the referred links – MBAM was a suspect for “red dot issue”. Therefore, despite you mentioned all residents of “other AVs being disabled , please disable all their services and drivers/devices installed. Reboot an observe EAM' behaviour.

As for EAM requiring restart

Is that happening despite only Signatures / or nothing was downloaded?

EAM requires restart when some executable modules were updated

It's most likely something is holding files from being properly substituted

As I can see, proper disabling all other existing AV solution suggested above would be a good test regarding this problem as well

Finally, what Firewall you are using?

The question is not about the connection, but rather about additional services that may come with it like HIPS; Program Guard, etc.

My regards

Share this post


Link to post
Share on other sites

Hi Lynx, thanks for the info. All the other av anti-rootkit etc., programs are free ones and only Avira has any running services as far as I can tell, (although it's not always easy to tell which service is for what), I used to disable all services except explorer and systray back in the xp days, (I didn't have web access for quite some time.), but now that I run various clients like Steam, Impulse etc. it seems alot more convoluted as to which service or process governs what so I tend to leave it alone. Avira personal's shield is only disabled at the taskbar level.

It appears that indeed re-start is only required after an update takes place. My firewall is Comodo free version 3.14 with defense plus and av disabled. I could be getting a little paranoid as I recently started using a network monitoring program and it shows a fair bit of small packets being up/downloaded fairly often and I can never seem to get a clear answer on various security forums as to how much packet transferring is normal for a Windows system. My security is generally super tight however and I don't use warez, torrents or anything like that and I don't generally get strange behavior so perhaps I'm overly concerned. I also scan for malware, rootkits, mbr rootkits both in the cloud and in system, and check netstat -ano for hacking and to compare pid's to running processes.

Do you know of any super comprehensive sites that list services and running processes for programs so I can clearly figure out what to disable, as it just isn't as simple as the "everything except explorer and systray days."?

Share this post


Link to post
Share on other sites

Thanks for the reply, Wraith. You are welcome

It appears that indeed re-start is only required after an update takes place.
Please read again my question about the update(s)

Unfortunately you did not answer that

My firewall is Comodo free version 3.14 with defense plus and av disabled.
Thanks for answering this particular question.

As you can see from my signature – the similar is installed here on both platforms

It means that presumably you should be fine.

I do have the Defense+ active as a matter of fact on XP & on several Win 7 x64

comodoexclusions.th.png that's what is excluded on both platforms

I don't use warez, torrents or anything like that and I don't generally get strange behavior so perhaps I'm overly concerned.
Not using “warez” is just morally correct … not using torrents – doesn't make sense at all – you can use it – bit torrent is just the best fastest & most reliable protocol
...only Avira has any running services as far as I can tell....
Avira as a secondary on-demand only scanner is installed on one win7 x64 where full EAM is in place & on every and each Win 7 x64 system I am looking after as a main or on-demand AV solution & there are no problems whatsoever.

As for what is disabled precisely I can post later if you want, since Win 7 currently is not available here … I do not use win7 as a working system

...Do you know of any super comprehensive sites that list services and running processes for programs so I can clearly figure out what to disable
Sure , here is the main page of the site

Find Win 7 x64 & go slowly one by one testing for a while after every amendment made … do not rush it, please

SevenForums & few similar places are very good as a whole. You can find out what scheduled tasks can be dismissed since unfortunately Scheduler cannot be disabled completely as on XP without ill effects (insanity)

Cheers!

Share this post


Link to post
Share on other sites

Hi again, Antimalware is only requesting a re-start after downloading definitions I think. Maybe executables were updated to be honest I don't remember. By the way I noticed in your screenshot that Manutu exe. was excluded, I just went into program files to check for these files, (the Antimalware files are already excluded), but I don't seem to have a Mamutu exe. at all, I thought Mamutu was the behavior blocker included in Antimalware 5. I have a behavior blocker listed in Antimalware's settings but no Mamutu specifically, does it not run in 64 bit or something?

As for torrents maybe I misunderstood something as the only time I've encountered torrents that I know of was in conjunction with warez distribution programs that have you uploading the files you download to others. Thanks for your patience with my somewhat broken knowledge lol!

Share this post


Link to post
Share on other sites
Antimalware is only requesting a re-start after downloading definitions I think. Maybe executables were updated to be honest I don't remember.
If that is only definitions (signatures) - that is not right behaviour for sure & I hope the developers will address the problem

As for "maybe executables"... well, nothing can be said unless we have more info

By the way I noticed in your screenshot that Manutu exe. was excluded, I just went into program files to check for these files, (the Antimalware files are already excluded), but I don't seem to have a Mamutu exe. at all, I thought Mamutu was the behavior blocker included in Antimalware 5.
Correct, the image was taken from XP where I have EAM Free & Mamutu as a Behavioural Blocker .

EAM full which includes the Bhavioural Blocker is on Win7, see my signature

As for torrents maybe I misunderstood something as the only time I've encountered torrents that I know of was in conjunction with warez distribution programs that have you uploading the files you download to others...
There is a common misunderstanding indeed, because of an improper & very damaging "propaganda" regarding that.

Most of legit sites have torrents downloads

That's the only way, for example, I do download Linux distributions (takes less than 5 minutes for ~700MB ISO);

Open Office downloads using µTorrent Client is here in no time;

Exchanging my projects data via private torrents; etc.

Cheers!

Share this post


Link to post
Share on other sites

Hey again Lynx, some info for you,(and dev's), regarding updates, just a minute ago I did an update and there was a 1660kb update that came in, the listed info stated only signatures were updated. When I tried to close the window I was told that "Antimalware must be re-started to load the updated modules" and the red dot appeared for a second. So it seems I am being prompted for re-start even when the update consists of signatures only. Hopefully one of the developer's can shed some light on this issue.

Share this post


Link to post
Share on other sites

Hi again Wraith,

Yes, the latest update was

latestupdate131110930pm.th.png as you posted but there were no requests for restart neither on XP nor on win 7

Can you please attach the content of the folder with versions column as below (sorted by date)

versionsexample.th.png Keep in mind – that is just an example. I have EAM beta on Win 7. It may take 2 screenshots.

My regards

Share this post


Link to post
Share on other sites

Good morning, Wraith

I looked through the versions & sizes & I cannot see the difference compare to what I have for the stable version

Let's hope the developers will reply.

In addition You can raise the Support Ticket referring to this thread, so the developers can see the description and info provided

I would rather refrain myself and will not suggest re-installation at the moment until their response.

but what you can do – you may try beta. It's working with no issues currently on Win 7 here

(guard/ service … are different). So you may try.

If the developers will require some additional info or test for the stable – it's easy to revert back

My regards

P.S. Something to add just in case

I am not using “Protect the PC even...” option. There were some issues which were fixed in beta & in stable (see changelog)

I am not sure whether that may have any effect in your case, but probably worth trying that as well. If you'll consider that - Reboot after unchecking the option

Share this post


Link to post
Share on other sites

Thanks for the suggestions Lynx, I'll try switching off the "protect pc even", option. One other thing I forgot to mention is when auto-updating, Antimalware is no longer displaying the message that it updated and using new signatures like it used to,(though it's still checked off in options). Guess I'll raise that support ticket too.

Regards

Share this post


Link to post
Share on other sites
... One other thing I forgot to mention is when auto-updating, Antimalware is no longer displaying the message that it updated and using new signatures like it used to...
That's a new one.

What are the settings in Configuration > Popups Tab?

Cheers!

Share this post


Link to post
Share on other sites

Hi, the settings in "configuration popups tab" are update messages are on and set to display for 10 seconds, restart alerts are set to on and application restart alert set to off. By the way I raised that support ticket lets hope there is a response, this is getting worrisome.

Share this post


Link to post
Share on other sites

Just thought I'd add that I disabled the "protect pc even" option and rebooted my pc, (it, Windows that is, complained for a second about my Networx network monitor), and then restarted normally. Then, Antimalware started with red dot for a couple of seconds and then did an update displaying a generic update complete popup message at the end (not a "new sig's in use" update). Bear in mind that I had just taken my computer off sleep 20 minutes or so before that and it had appeared to update then but without popup message,(I opened the program to check it.).

Share this post


Link to post
Share on other sites

Hi Wraith

Honestly, that was not very clear message (don't get I wrong please… I'm a bit tired ;) )

So, lets do it a bit slowly. There were two issues:

1) the message about restarting after every manual Update

Is it working now by the rules?

The “red dot” appearing for a few seconds as far as I know & according to the explanation given by Christian Mairoll should be fine.

2) The 2nd issue that you requested later was a pop-up after an auto-update.

Are saying you are not getting those?

What about the question above re: the settings (Popup Tab)?

You should get that one after reboot & subsequent update (around 30 seconds or earlier after the Reboot)

As for the Sleep Mode ...it depends on timing. You stated you've set 2 hours interval

In addition I am not completely sure how that is implemented in relation to sleep/hibernation meaning – whether the interval counter starts over after waking up or EAM has to be auto-updated straight away irrespectively after “wake-up” similar to reboot

I hope that the developers will explain that.

Cheers!

Share this post


Link to post
Share on other sites

Hi Lynx, essentially all I am saying is that when starting my pc today, Antimalware appeared to download updates, without any message popup appearing afterwards, then a very short time later,(seemingly too short a time for there to be new updates), I unchecked the "protect pc even if no user is logged on", and rebooted. Upon reboot Antimalware attempted an auto-update after which the popup did appear with the generic "updates have been installed" versus the one that lists the number of signatures now protecting, you know, the usual one.

I just was noting that A: the update popup appeared again and B: that it seemed strange to me that there was another update so soon, though I assume the generic message,(ie; non-signature listing) is in reference to a BB update,(but there was no request to resatart the program) . Basically I'm getting suspicious of Antimalware's performance now. Sorry if I was unclear.

Share this post


Link to post
Share on other sites

I am not sure, why you are “suspicious of Antimalware's performance now”?

As for

...Upon reboot Antimalware attempted an auto-update after which the popup did appear with the generic "updates have been installed" versus the one that lists the number of signatures now protecting, you know, the usual one.
Again, the pop-up message is kinda “secondary” compare to the main issue you've raised re: restart after every Manual Update.

That would be nice to know current situation after the said amendments – that was my point, when I was saying - “not clear”

Definitely the pop-up message has to be investigated as well. I personally do not remember having the pop-up without stating the number of signatures … stressing! ---> when there were indeed signatures being downloaded as a part of auto-update after Reboot or any scheduled auto-update

I will keep an eye on it as as soon as Win 7 & will be available

Cheers!

Share this post


Link to post
Share on other sites

Hey Lynx, as it stands at the moment, I am not being asked to re-start the program after a manual download. Perhaps that "protect pc even" setting was bugging out on my system.

Sorry about the suspicion comment, I've just been reading about how malignant and sneaky malware is these days and how it corrupts the programs we use to protect ourselves and how there seems to be absolutely no way to know if your computer is truly safe and it bugs me, that's all. I know Antimalware has the best detection rates, that's why I subscribed to it.

regards

Share this post


Link to post
Share on other sites
... as it stands at the moment, I am not being asked to re-start the program after a manual download. Perhaps that "protect pc even" setting was bugging out on my system...
Thanks for the confirmation, Wraith

I'm glad that it helped. Cheers!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.