MJmusicguy

EAM SP working inconsistently since update today

Recommended Posts

First off  I use 

https://vivaldi.com as a browser 2nd after every major update i like to go to sites i know have FP dections to mske sure its working 

like https://musicbrainz.org will often triger a alert because it uses archive content it didnt   only one

the video in this post on my blog usually does because i have privacy risks on 

https://itstotallylife.com/in-the-studio-with-utada-hikaru/ it did but only once 

I know this sounds silly but I am concerned 

 

 

Share this post


Link to post
Share on other sites

I would believe we're now using IOfficeAntiVirus to block malicious websites in browsers that support it. Each browser handles IOfficeAntiVirus differently, and this may simply be how Chromium and/or Vivaldi handles it (only checking the URL once and caching the Anti-Virus software's response).

Share this post


Link to post
Share on other sites

Hi @GT500 I am not sure that is the case  not sure when IOfficeAntiVirus  was implemented exactly but EAM was actually behaving as expected prior to release of 2018.9 and some events are not even being displayed or logged  if this is indead a bug its a serious one  i feel like i want to revert to 2018.8 

" we also made some changes to stop Chrome incorrectly flagging our software as incompatible – without making any compromises on the level of protection provided to you." 

 I strongly believe whatever method was used has broken proper detection for me  for the record i had no issues in Vivaldi even 2.0 before EAM update  please take this into consideration and try to reproduce this issue 

Share this post


Link to post
Share on other sites

We made changes to our Surf Protection in version 2018.9 that allowed it to be compatible with Google Chrome 69 and newer, and Microsoft Edge, which I'm pretty certain was implementing blocking of malicious websites via IOfficeAntiVirus. That is why behavior changed with the 2018.9 release.

As I said, I believe this is simply how Chromium handles IOfficeAntiVirus.

Vivaldi does the same with downloads detected by EAM. It downloads the file, passes it to EAM via IOfficeAntiVirus, and then if it's detected it silently deletes the file and won't allow it to be redownloaded. If you remove it from the download manager, it still won't allow the file to be redownloaded, as it caches the scan results from EAM.

Share this post


Link to post
Share on other sites

Noted but the links o gave are all host based detentions  but can we make sure that is whats happening and if it  is we need a  way of letting users know  because otherwise protection is questioned  as no long is even created plus i clear all browser data on exit and still have the issue 

Share this post


Link to post
Share on other sites

I verified that blocking isn't using IOfficeAntiVirus, but rather WFP (Windows Filtering Platform), so we're more than likely still filtering DNS requests and since some browsers cache those you often need to close and reopen your browser when you test as it won't try to look up the IP address of a domain name again if it was already blocked.

As for logging, there are some known issues with things not appearing in the logs, and our developers are looking into it.

Also, keep in mind that Vivaldi uses Google Safe Browsing (which they call "Google Phishing and Malware Protection" in the settings), which can block things independently of Emsisoft Anti-Malware.

Share this post


Link to post
Share on other sites

@GT500 I hear what your saying but again im not sure whats happening all i can tell you  is that nothing has changed on my system  accept 2018.9 and all detection was as expect now it is not and now that you have  said we still use Windows Filtering Platform that makes me more concerned as the behavior should not have changed from yesterday to today  I beta test and do support for software as well though not in the malware field i like to think my 7 years of experience has taught me something and this doesn't feel right  in version .9

Share this post


Link to post
Share on other sites
2 hours ago, MJmusicguy said:

we still use Windows Filtering Platform

We weren't using Windows Filtering Platform before 2018.9. We used another method of filtering DNS requests, however that older system no longer works with Google Chrome 69 and newer, and also doesn't work with Microsoft Edge or any other programs running in AppContainers.

If you want to get us debug logs, then feel free to do so. Also, if you could give more detail on the exact steps to reproduce the issue, and a description of what you expect to see and what you are actually seeing, then I can pass it on to the QA team.

Share this post


Link to post
Share on other sites

Here are my steps as follows using the latest 63 bit version  of Vivaldi

1, my Vivaldi is set to only remember history and cookies  per session   (this is one reason why your theory may be wrong) 

2. Privacy risks in eam  are set to block and notify

3. go  musicbrainz.com it will block a archive url close browser re open no detection no log ( you can clear all data if you like it will still behave the same)

I know these are FP but i worry how a true incident would turn out if this is a bug and it remains 

if you still need logs i can get them for you 

 

Share this post


Link to post
Share on other sites
On 10/6/2018 at 10:34 AM, MJmusicguy said:

1, my Vivaldi is set to only remember history and cookies  per session   (this is one reason why your theory may be wrong) 

Chromium will only cache DNS for a single session anyway, so if this persists after you exit and reopen Vivaldi then something else is going on.

 

On 10/6/2018 at 10:34 AM, MJmusicguy said:

2. Privacy risks in eam  are set to block and notify

Does it happen with Privacy Risks set to default (Don't block)?

Share this post


Link to post
Share on other sites

Hopefully we'll have another fix available soon for some networking related issues, and if the issue is still ongoing after that then we can collect some debug information.

Share this post


Link to post
Share on other sites

Yes. There's a network slowdown issue right now. It effects those trying to load files over Windows Networking more than others, however it can effect other things as well. There's also an issue on 32-bit Windows 7 (and possibly Windows 8 and 10 as well) that causes EAM and sometimes even Windows to freeze. I won't know for certain what all is in the beta until it's ready for public release, however I know the networking issue is rather important.

Share this post


Link to post
Share on other sites

If you just want to test and see if Surf Protection is working, then you can use the following test addresses:

malwaretest.emsisoft.com
phishingtest.emsisoft.com
privacytest.emsisoft.com
puptest.emsisoft.com

image.png
Download Image

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.