Katsuro

Emsisoft blocking EyeMD?

Recommended Posts

Posting this here because I'm not sure where to go or how to approach this issue. Client of mine uses a program called EyeMD which is server/client EMR software based on MSSQL. For some reason Emsisoft appears to be blocking this program. No matter what exclusion I add I can't get the software to work. Even disabling Emsisoft does not get it to work and the only time it will work is when I uninstall Emsisoft. Not sure why the disable doesn't work but removing Emsisoft does. Made sure there was exclusions in both file blocker and behavior blocker but it doesn't work. I do not see anything in Emsisoft's logs either that indicate that it is blocking this software but I can only come to the conclusion that it is blocking it since it works perfectly fine when Emsisoft is removed.

If you need logs or any additional information I'll gladly post it here.

Share this post


Link to post
Share on other sites

Have you added the folders the EyeMD software runs out of to the exclusions (both for Scanning and Monitoring) in Emsisoft Anti-Malware, and then restarted the computer?

Note that if it's Windows 8.1 or Windows 10 that the computer may need to be restarted by right-clicking on the Start button, going to Shut down or sign out, and selecting Restart from that menu in order to bypass Fast Startup.

Share this post


Link to post
Share on other sites

Thanks for the response Arthur.

Just to give a total breakdown of what I have done. As you know the last time I posted we had removed Emsisoft from the computer and the EyeMD software worked fine. After reading your post I have done the following.

1. Tested to make sure EyeMD still functioned before the reinstall of Emsisoft and it was functioning correctly and it was indeed still working.
2. Attempted to reinstall Emsisoft. It said there was remaining files from the previous install so it needed to restart the computer before it could proceed so I told it to restart the computer.
3. Re-ran the Emsisoft installer and it installed without a hitch. I licensed it once again.
4. Attempted to run EyeMD and found that it was no longer working again.
5. Opened Emsisoft and added all EyeMD executables to the Behavior Blocker (as Trusted). Then went into Scanning and Monitoring and added the folders there. I have attached screenshots of that.
6. Rebooted the computer and just for the fun of it I disabled Fast Startup. We typically try to do this in all of our environments.
7. Opened EyeMD and it was unable to open once again.
8. Uninstalled Emsisoft. After Emsisoft was uninstalled I opened EyeMD and it opened just fine.

Just to reiterate this is happening on all workstations in their office. Wanted to mention that to eliminate any suspicion of a computer specific issue and these workstations are Windows 10 as well. I'm curious if the customer has a Windows 7 workstation to maybe see if there was some weird reaction with Emsisoft and Windows 10. If you think that may be a possibility I can certainly look into checking if there is a Windows 7 workstation we can test Emsisoft/EyeMD on. 

The one thing I find interesting is Emsisoft is also installed on their server (Server 2008 R2) and EyeMD opens just fine and runs without any rules in behavior blocker or the exclusions of the file guard (for both scanning and monitoring). I don't know if Emsisoft is just having some sort of problem with the way the software is connecting over the LAN to the server vs the EyeMD opening locally on the server and just connecting to localhost (or it's own LAN IP). 

The EyeMD software "opens" fine on these workstations but it's hinting at some sort of connection issue when it's getting blocked or when I say it isn't working.

2019-02-06 14_51_40-Window.png
Download Image

2019-02-06 14_54_56-Window.png
Download Image

Share this post


Link to post
Share on other sites

Exclusions for folders need to end in a \ (backslash), otherwise the contents of the folder won't be excluded.

If adding the backslash to the end of the path doesn't help, then let me know if turning off the Surf Protection in Emsisoft Anti-Malware and restarting the computer helps.

Share this post


Link to post
Share on other sites

Here, if one used the "Add folder" buttons in the Settings dialog, the result does end in a slash.   There's no option that I see to edit an entry eg to add a slash... you have to use the right button file/folder in one list, program/folder in the other.

It's not obvious how one would add a symbolic value either as the "Add Folder" option opens a folder chooser, with nowhere one could type an environment variable's name.   maybe you could do that in the 'add file' option?  

Also, environment variables' values (when part of paths etc) don't end in slashes so even if there is a way to specify something symbolic as the Settings dialog claims, it wouldn't work. 

Share this post


Link to post
Share on other sites
On 2/7/2019 at 3:35 PM, JeremyNicoll said:

There's no option that I see to edit an entry eg to add a slash...

Click on an entry in the exclusions, and you can enter anything you want to. If you click in the empty white space outside of the exclusions list, then it will save the changes.

Share this post


Link to post
Share on other sites

Ah.  I think at some stage I may have found that clicking an entry (in the Surf Protection settings) doesn't do anything and never tried it in the Exclusions settings.   I suppose the reason one can't just type changes in the former is to ensure that the action decision etc end up correctly formatted/set.

Share this post


Link to post
Share on other sites
On 2/9/2019 at 8:03 AM, JeremyNicoll said:

I suppose the reason one can't just type changes in the former is to ensure that the action decision etc end up correctly formatted/set.

There's also the fact that they were designed at different times, and I'm not sure if anyone considered it necessary to redo the existing Surf Protection Host Rules to function like the newer scanning/monitoring exclusions.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.