ParhaM

Q about Emsisoft browser extension

Recommended Posts

Hi.
so i just saw something strange, there is a phishing site that Emsisoft do detect it as phishing at VT but in my system the site is not blocked by Emsisoft
my extension at least it says it's up-to-date
software database is also up to date.

it's been an hour that i'm keep checking the URL it is still not detected on my system ..
i thought Emsisoft extension get it's database real-time from cloud or somewhat like that? so this kind of difference or delay is kinda strange?

Regards,

  • Like 1

Share this post


Link to post
Share on other sites

The extension catches results so that it doesn't have to request them again. The VirusTotal results are also sometimes out of date.

  • Like 1

Share this post


Link to post
Share on other sites
On 5/16/2020 at 1:08 PM, GT500 said:

The extension catches results so that it doesn't have to request them again. The VirusTotal results are also sometimes out of date.

this response did not really answered the question here
but thanks for the response


yet the problem is not solved i even did a fresh reinstall of my windows cause i was playing with so much AVs during last months so i wanted to be sure that there is something wrong here  Update: it solved, it seems it was not detected by Emsisoft and VT was wrong about the URL getting blocked by Emsisoft.

Question, you've mentioned that extension catches results. that we already know, but where it does catch the results and how it getting updates? is it with software getting update every hour? or it's like checking real-time Emsisoft cloud database or somewhat like that? that's 1 Q, another Q, i have submitted a phishing URL to Emsisoft today and it seems you added it to the database but it getting detect and blocked by Emsisoft web protection(as malicious host) not the extension, so it seems there is a difference here that i'd like to know about if possible?

Thanks!


Update: more things i've noticed with the Emsisoft extension, in chrome i've tested when you visit a website for example and you want to report that website to Emsisoft, well you click on the extension icon and click the blue text that telling you to report the website, when you click on it the text changes to "Site reported. Thank you!". so everything is how supposed to be but the problem is that the text and the link will not refresh to what it was and by that i mean the text that telling you to report the website. it just remains as "Site reported. Thank you!" no matter how much you wait an hour or 2 ( i went to 2 hours so far. ), the text only refresh when you restart chrome. so this is chrome problem.
now there is some kind of the same problem in Mozilla Firefox, but the difference is that when you click to report the website you're visiting, in Firefox actually nothing happens and the text will not even change to "Site reported. Thank you!" and it's like it just doesn't work no matter how many times you click on it, it just does not work.🤔

  • Like 1

Share this post


Link to post
Share on other sites
On 5/17/2020 at 1:38 AM, Mr.Pr said:

Question, you've mentioned that extension catches results. that we already know, but where it does catch the results and how it getting updates? is it with software getting update every hour? or it's like checking real-time Emsisoft cloud database or somewhat like that? that's 1 Q, another Q, i have submitted a phishing URL to Emsisoft today and it seems you added it to the database but it getting detect and blocked by Emsisoft web protection(as malicious host) not the extension, so it seems there is a difference here that i'd like to know about if possible?

the explaination that i've found in the other topics of the same forum answered the Q completely, i'll copy/paste it for those who might have the same question in the future:
 

Quote

 

Web Protection works by monitoring network traffic for DNS requests and IP addresses connections are opened to, and blocking them if the remote host is in our database. The database is stored in files in the Emsisoft Anti-Malware folder, and is updated when Emsisoft Anti-Malware checks for updates (once an hour by default).

Emsisoft Browser Security will hash part of the URL (I would believe just the domain name) of a visited website, and send the hash to our servers. If the hash matches one for known malicious hosts in our database then a list of all known malicious addresses at that domain are returned to Emsisoft Browser Security by our servers. The extension then determines on its own whether or not the page at that domain you're trying to visit is malicious, and blocks it accordingly. The results are then cached so that the extension doesn't need to request data about that domain again from our servers. This is done to ensure data about exactly what web pages you are visiting are never sent to our servers, and to minimize the number of times the extension has to ask us about the domains the web pages you visit are at in order to make it impossible to effectively track your browsing habits from the extension.

 

 

as for the extension problems in Firefox it seems that Emsisoft developers are already aware of that and it is not that much of a deal that they feel it is needed to be fixed yet ( after 3 years if i'm not wrong? )

  • Like 1

Share this post


Link to post
Share on other sites
On 5/17/2020 at 6:18 PM, Mr.Pr said:

the explaination that i've found in the other topics of the same forum answered the Q completely, i'll copy/paste it for those who might have the same question in the future:

That explanation is still correct, and is more than likely the reason why you didn't see the phishing host you reported blocked by the extension (assuming it had already cached a result for that domain).

 

On 5/17/2020 at 6:18 PM, Mr.Pr said:

as for the extension problems in Firefox it seems that Emsisoft developers are already aware of that and it is not that much of a deal that they feel it is needed to be fixed yet ( after 3 years if i'm not wrong? )

It's correct that we already know about the issues in Firefox. Unfortunately I haven't been given any explanation as to why it hasn't been fixed yet.

Share this post


Link to post
Share on other sites
16 hours ago, JeremyNicoll said:

It's more likely that EAM doesn't explicitly consider the /test/ page at this site to be a phish.

That's correct. We only add our own tests to our database. If we detect any other tests, it's because they are in a third-party database that we use to supplement our protection.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.