RodPaulo

Emsisoft Anti-Malware only 96.9% detection

Recommended Posts

Hello RodPaulo!

Over the last three months, we gradually rolled out new infrastructure for our behavior blocker as part of the monthly feature updates. We decided to introduce this new tech gradually as to avoid headaches when switching everything at once. In addition, just the infrastructure on its own had major benefits like fixing several long-standing compatibility issues with products like Kaspersky, Avast, AVG and some other products, that rendered systems unusable as no process could be started on systems running both EAM and their product in real-time.

The rollout itself was pretty smooth and we didn't see anything unusual in our telemetry or continuous daily testing either. However, it turned out that there was a rare race condition with certain malware obfuscators that caused some 32-bit processes to not be monitored correctly on Windows 10 64-bit systems. AV-C did report the issue to us as part of their normal report at the end of March and we fixed and released it as an update during the 2018.3 lifecycle very shortly after, but by then we already had racked up a couple of misses in the April test period as well.

You may also be interested in the AV-C business test series factsheet they just published, available here: https://www.av-comparatives.org/wp-content/uploads/2018/05/avc_biz_2018_03_factsheet_en.pdf

  • Thanks 2

Share this post


Link to post
Share on other sites
3 hours ago, David Biggar said:

Hello RodPaulo!

Over the last three months, we gradually rolled out new infrastructure for our behavior blocker as part of the monthly feature updates. We decided to introduce this new tech gradually as to avoid headaches when switching everything at once. In addition, just the infrastructure on its own had major benefits like fixing several long-standing compatibility issues with products like Kaspersky, Avast, AVG and some other products, that rendered systems unusable as no process could be started on systems running both EAM and their product in real-time.

The rollout itself was pretty smooth and we didn't see anything unusual in our telemetry or continuous daily testing either. However, it turned out that there was a rare race condition with certain malware obfuscators that caused some 32-bit processes to not be monitored correctly on Windows 10 64-bit systems. AV-C did report the issue to us as part of their normal report at the end of March and we fixed and released it as an update during the 2018.3 lifecycle very shortly after, but by then we already had racked up a couple of misses in the April test period as well.

You may also be interested in the AV-C business test series factsheet they just published, available here: https://www.av-comparatives.org/wp-content/uploads/2018/05/avc_biz_2018_03_factsheet_en.pdf

Hello David.

Thanks for the answer.
I went through this incompatibility with a Kaspersky product last November. I look forward to the next result and hope to continue to see a product of excellence in which the protection of behavior is highlighted, which allows me to create specific rules for some programs in a simple and effective way.

Thank you
Paulo Rodrigues

Share this post


Link to post
Share on other sites
11 hours ago, David Biggar said:

fixing several long-standing compatibility issues with products like Kaspersky, Avast, AVG and some other products,

Is EMSI focusing in the right direction??? 

The group of users using 2 or more antimalware simultaneously is insignificant ( Kaspersky, Avast, AVG   all have a detection rate over 99% by themselves) . All antimalware solution have some sort of HIPS or behavior blocker , so running EMSI on top of this is unnecessary expense and asking for trouble.

 

 

Share this post


Link to post
Share on other sites

... while unfortunately they seem to be sacrificing compatibility with security solutions dealing with separate aspects that they no longer provide. Referring here to the incompatibility with Comodo Firewall (so firewall, HIPS, sandboxing, monitoring of connections and program behavior, all of which being features no longer provided by Emsisoft) introduced by this version that supposedly fixed compatibility problems with those other security solutions that offer overlapping features.

Way I see it, especially since they decided to no longer include those features (long ago, with the elimination of Online Armor), thorough testing to ensure compatibility with programs that do offer them should be mandatory. And I mean internal testing, before anything even gets to the beta channel, not pushing it even on stable as they did with 2018.3. (At least there's delayed, where they didn't push it (yet), but...)

Share this post


Link to post
Share on other sites

andone, good points, but that was and is not our main focus, being rather a side-benefit of the new infrastructure. It was a good moment to point out the improvement!

Cavalary, as you know, the issue with Comodo is known and is being worked on. It of course isn't possible to test with everything, popular or not, and if our internal and beta testing don't show any issues, we move forward. Sometimes things (like this) get past testing. We don't like it either, and try to fix it.

Changes that positively affect several things can also negatively affect a few others. That happened this time, unnoticed until the stable releases - referring both to the AV-C scores and Comodo incompatibility.

Share this post


Link to post
Share on other sites

Hey, you pointed me to the discussions here, of course I'll be saying the same things I've been telling you...

And this is one heck of a major issue, and like I said, testing with security software that offers the features you don't (anymore) should be a priority (likely second only to testing on all currently supported Windows versions, including 32/64 bit and different patching approaches), to ensure people who want the whole package can mix and match.

(Meanwhile, I'm still browsing awkwardly to avoid the other issue, quite critical if I may add.)

Share this post


Link to post
Share on other sites

Cavalary, it's just a matter of topic. In the Comodo topic, discussing Comodo makes sense. Spreading the discussion across multiple topics makes it harder for visitors to get information, as search results will come up with unrelated topics. Incidentally, I may be posting something there fairly soon.

I'm going to lock this thread for now, since there's really nothing for me to add to the original question, and I've clarified that our focus wasn't on compatibility, but rather it was a nice side-effect of other changes.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.