Caravaggio

Behaviour Blocker Problem

Recommended Posts

Hi: Today i installed Windows 10 Home on my old desktop PC. I updated from Windows 8.1 to see how it works with this ensemble, everything went fine. Except that , after a new EAM install , i had a message with a2hooks.dll error and behaviour blocker was not functioning, it was right in settings but only Smart Screen showed a message .

I performed one of those recovery options, so i could install Win 10 again and EAM as well with a new installer. And now a2hooks.dll error message is gone , but in Event Viewer i can see a lot of Error messages for "EAM Error updating Security_product_state_on" or so, BB doesnt show alerts.

I dont know what might have occurred during installation, thank you in advance :)

 

Share this post


Link to post
Share on other sites

If you download and open the following file, and then double-click on the bb_test batch file in the folder that opens, do you see a notification from our Behavior Blocker? Or do you just see a black window that says Test finished and Press any key to continue?
https://www.gt500.org/emsisoft/bb_test.zip

Share this post


Link to post
Share on other sites

You'll need to allow it in Smart Screen. The Behavior Blocker won't pick up the attempt to create a file in a profile folder if SmartScreen didn't allow the batch file to run.

When you see the Smart Screen popup, there should be something you can click that says something like "More info", and then there should be a button along the lines of "allow" or "run anyway" so that you can run the batch file.

Share this post


Link to post
Share on other sites

I've been trying to test this on Windows 10 x64, and if I extract the batch file from the ZIP archive and then run it then it works fine and triggers the Behavior Blocker as expected. If I open the ZIP archive using Microsoft Edge, and then try to run the batch file without extracting it, then Windows Explorer seems to freeze and the Command Prompt never opens.

When you click the above link, and open it, can you copy the bb_test batch file to your Desktop or something, and then try to open it? Does it work right from there?

And after posting that I realized that SmartScreen had opened in the background, and was blocking the batch file from opening. When I switched to Edge and then back to Windows Explorer, it appeared, and I was able to run the batch file and saw the Behavior Blocker notification as expected.

Share this post


Link to post
Share on other sites
  1. Open Emsisoft Anti-Malware.
  2. Click on Logs.
  3. In the menu at the top, make sure you are on Forensics.
  4. Find the scan log in the list, and double-click on it to open it.
  5. Click on File and then Save As to save it on your desktop.
  6. Attach the scan log you saved on your desktop to a reply.

Share this post


Link to post
Share on other sites

I was looking into Event Viewer , and now i remember that after Windows installation i made a mistake and deleted one User Account, possibly a Windows one (S-1-5-21) but because i though it was an old User account from W8.1 that i used to start session. And then the error, and thats why i made system restore, i couldnt remember this detail before, dont know if its of interest.

 

Share this post


Link to post
Share on other sites

There are a number of default Windows user accounts that have SID's that begin with "S-1-5-21", so it's hard to say which account it was. The Emsisoft Anti-Malware service (a2service.exe) runs under the SYSTEM account, I would believe the EPP (Emsisoft Protection Platform) driver also runs under the SYSTEM account, and the other parts of Emsisoft Anti-Malware (a2guard.exe and a2start.exe) run under the logged in user's account. As long as the Administrator and SYSTEM accounts are intact and usable, then Emsisoft Anti-Malware should have no problems.

That being said, the System Restore can break anti-virus software, and it is sometimes necessary to reinstall anti-virus software after using the System Restore. Have you tried uninstalling Emsisoft Anti-Malware, restarting the computer twice, and then reinstalling it? You can download a fresh copy of our installer (doing so before installing is always recommended) from the following link:
http://dl.emsisoft.com/EmsisoftAntiMalwareSetup.exe

Share this post


Link to post
Share on other sites

i reinstalled again , as you suggested me , but  i tried again with that batch file and no alerts from BBlocker. I think i should install windows again, and then if any error occurs ill let you know. Thank you!

Share this post


Link to post
Share on other sites

I installed other programs and Behavior Blocker shows a message or alert during installation as usual. Could it be that only with that particular file , BB_test,  it doesnt or Smart Screen shows a message first?

Share this post


Link to post
Share on other sites

It's possible that Smart Screen (or something else) is preventing the bb_test batch file from running, or perhaps Windows Defender is deleting it.

Share this post


Link to post
Share on other sites

I did a clean install of Windows 10, and i deactivated Smart Screen filter for  apps and files , then W10 showed a message before running BB_test, i checked "dont show this message again etc" and then there was an alert from EAM for this file BB_test.

I activated Smart Screen filter for apps and archives again in W Defender Security Center and this time EAM still alerts when running BB_test , unlike before. So i think its working fine for me now. 

btw, happy new year for everyone! 

 

 

Share this post


Link to post
Share on other sites

In this case it sounds like Windows Defender. Normally Windows 10 turns off Windows Defender when another Anti-Virus is installed and turned on, however with recent changes to EAM we have made it possible to prevent that from happening by turning off the Security Center Integration in EAM so that Windows can't determine if EAM is turned on.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.