Jump to content

Behaviour Blocker Notifications


Recommended Posts

Is there any setting that adds the actual type of suspicious behaviour (e.g. "Code Inject" or "Direct Disk Access") in nice *black* *capitals* (not trendy grey, please!) to the toaster notification produced by the Behaviour Blocker?

Often there are programs that legitimately use e.g. direct disk access to check licensing, etc., and knowing the exact type of behaviour detected will help in accepting it or blocking it immediately.

Also, should those legitimate program executable behaviours be reported as a false postive, or does the false positive classification not apply to behaviour blocker detections that are resolved by a rule allowing the behaviour?

Link to comment
Share on other sites

On 12/10/2017 at 2:09 PM, Insert Real Name said:

Is there any setting that adds the actual type of suspicious behaviour (e.g. "Code Inject" or "Direct Disk Access") in nice *black* *capitals* (not trendy grey, please!) to the toaster notification produced by the Behaviour Blocker?

Currently there's no way to customize colors/fonts/etc. in the UI or notifications. If you'd like more detailed alerts rather than notifications, you can open Emsisoft Anti-Malware, click on Protection, click on Behavior Blocker in the lower of the two menus at the top, and change the setting at the bottom for Suspicious programs to Alert so that it shows full alerts and gives you a chance to decide what to do rather than automatically taking action if you don't notice what the notification is for in time.

 

On 12/10/2017 at 2:09 PM, Insert Real Name said:

Also, should those legitimate program executable behaviours be reported as a false postive, or does the false positive classification not apply to behaviour blocker detections that are resolved by a rule allowing the behaviour?

We don't consider Behavior Blocker action to be false positives, since the Behavior Blocker takes action in any case where the safety of a program can't automatically be determined.

Link to comment
Share on other sites

O.K., thanks very much for the explanations. I had set the Behaviour Blocker to auto-resolve, since I could always click on the toaster alert to allow/deny the Behaviour Blocker's decision, but the full Behaviour Blocker alert gives more information and more choices.

I've noticed that EAM classifies some programs using the Windows 7 standard file chooser dialogs (e.g. the latest version of DVDStyler) to be "Code Injectors". No doubt these programs may be doing that (perhaps the Windows API they use to handle file chooser dialogs are the origin), but an indication of their code injecting targets in the full alert dialog details section would be very welcome to help make a decision.

Maybe there should be a general preference choice: "Display more details in alerts"?

Link to comment
Share on other sites

We generally recommend taking the alerts on a "do I trust this application/publisher" basis. We don't like to give too many details about what is triggering the Behavior Blocker to make it harder for malware creators to figure out when and why alerts are triggered.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...