Recommended Posts

How has this improved from last year?

Quote

What we changed in 2018.7 is that we enhanced the OnExecution scan in a way that allows third-party programs and the Windows operating system to access our scanner technology too. Microsoft created specific interfaces called IOfficeAntivirus and AMSI that are used by most modern browsers, script interpreters, and Office programs to make sure the documents that are downloaded and opened do not contain any malware.

Taken from

https://blog.emsisoft.com/en/31683/new-in-2018-7-improved-file-guard-performance/

Share this post


Link to post
Share on other sites
On 11/30/2019 at 10:11 AM, JeremyNicoll said:

For example, what?   How could we test this?

just download the eicar virus testfile

http://www.eicar.org/download/eicar.com.txt

after download, IE/EDGE/CHROME (not supported by FF) calls EAM and the the browser deletes the file when tagged as malicious by EAM. 
EAM will show a notification and adds a record to forensics.

 

Share this post


Link to post
Share on other sites
1 hour ago, Frank H said:

just download the eicar virus testfile

http://www.eicar.org/download/eicar.com.txt

after download, IE/EDGE/CHROME (not supported by FF) calls EAM and the the browser deletes the file when tagged as malicious by EAM. 
EAM will show a notification and adds a record to forensics.

 

Win10 1909

Confirmed as working in Vivaldi (Vivaldi deletes the file and entry shows in Forensics) 

However I can download the file Sandboxied without Vivaldi deleting it :)

Share this post


Link to post
Share on other sites

Hmm, I tried that link to download the test file using Chrome (and the newer EAM 9864 beta).

First time: the EAM alert says the file is downloaded but dangerous, so I clicked the Quarantine button.  The log tells me both things occurred, but when I then go to the Quarantine display, it is empty.

I repeated that; the test file definitely does get downloaded - I can see it in my \Downloads folder, and it vanishes from there again when I click the Quarantine option in the alert... but again, it's not in the Quarantine display.

C:\Program Files\Emsisoft Internet Security\Quarantine     contains two files, with recent timestamps, so presumably those are the quarantined objects.  Why does EAM not show them?

 

Share this post


Link to post
Share on other sites

Jeremy, your example shows behavior that always was there, as you have *not* set your FileGuard scanlevel to 'Default'.

Please note that this only works smoothly when you have set EAM File Guard  to scanlevel 'Default', as it doesn't scan files while being saved by the browser.

 

 

 

 

 

Share this post


Link to post
Share on other sites

> Jeremy, your example shows behavior that always was there, as you have *not* set your FileGuard scanlevel to 'Default'.

True, it's "thorough".      But EAM knows how I have Fileguard set.   Whether the alert I got came from the new IOfficeAntivirus/AMSI interface or not, the alert did offer me a Quarantine option and I did choose it.   The files did go into the    C:\Program Files\Emsisoft Internet Security\Quarantine     folder.

I don't see why  how often Fileguard scans files  has anything to do with why the files in Quarantine  are not listed in the Quarantine dialog pane.

Share this post


Link to post
Share on other sites

@stapp    I think it's because EIS auto-updated in-place to EAM, without creating a new folder for itself. 

(Similarly I used to use a 32-bit version of Firefox - though I'm on a 64-bit version of Windows - so Firefox was then installed under C:\Program Files (x86)\.   When Mozilla finally produced a 64-bit version and it auto-updated, it did so inside the same folder as before so my 64-bit Firefox is also in a subfolder of C:\Program Files (x86)\.)

 

Share this post


Link to post
Share on other sites

The Migration from EIS to EAM was done in the same folder where EIS was installed.

This was required to not make the migration complicated/impossible by moving stuff to another folder or forcing a re-installation.

 

 

 

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.