Recommended Posts

Hello all!

I noticed with surprise and could not even understand if this was normal ?!ūüôĄ
After updating the EAM, the message about updating the signatures stopped showing ...
Why is this done?
After all, it was so clear to see each database load in real time!
Tell me why it was removed?

2020-06-02 12_37_11-Emsisoft Anti-Malware Home.jpg
Download Image

Share this post


Link to post
Share on other sites

Good catch!

I agree - the option should be reinstated.  For those who don't like it, they can turn it off.   But for those who like constant reassurance that things are working properly, hour by hour, the notification that signatures just got updated is big and obvious - much more so than the very small systray flag you'd get if signature updates have stopped for some reason.

  • Like 1

Share this post


Link to post
Share on other sites

Well spotted - the update blog shows this

image.png.76759bebc2f335793d68eeb4ff60a851.png
Download Image

Why is this considered redundant ?

I completely agree with these guys - please reinstate the notifications option

Share this post


Link to post
Share on other sites

Hmm so this is why I am no longer getting sig update alerts

I thought that changelog entry was a fix to the double entry in local device log for signature updates...

Share this post


Link to post
Share on other sites

We've found that the vast majority of users turn that notification off, so we decided to remove it.

Share this post


Link to post
Share on other sites

Hello!

Honestly, very sorry!ūüėĒ
These messages clearly demonstrated in real time that EAM is always with up-to-date databases.

Share this post


Link to post
Share on other sites
30 minutes ago, andrewek said:

These messages clearly demonstrated in real time that EAM is always with up-to-date databases.

That's true, however EAM displays notifications when it can't connect to our update servers, Windows will notify you if the database is outdated by more than 24 hours, and you can check the EAM logs (or the logs at my.emsisoft.com if you have EAM in a workspace) to make sure updates are installing.

  • Like 1

Share this post


Link to post
Share on other sites
Yes, all this is true.
Probably - the power of habit takes place!
I (and many, probably) just got used to these notifications...

Share this post


Link to post
Share on other sites
1 minute ago, andrewek said:

I (and many, probably) just got used to these notifications...

Some people did, however the data we have shows that only a small percentage of users keep the update notifications turned on.

Share this post


Link to post
Share on other sites

Um, just curious -

Correct me. 
Emsisoft database is always up to date because Emsisoft is cloud based device security.
Emsisoft always queries the cloud for all determinations.
Emsisoft local database is only used when device is offline or cannot reach Emsisoft servers. 

Thanks

 

Share this post


Link to post
Share on other sites

@bjm_  - No, it's not "cloud-based".  Signatures are held on the local pc but are normally updated frequently, typically every hour.

When something that might be malware is analysed, there's an optional check made of knowledge on an online server (the Antimalware Network).  Users can choose if that will be done and whether or not they want the server's opinion to be displayed or immediately acted on.

There's also an optional browser extension that uses an online server to judge whether specific pages of certain websites are dangerous.

 

  • Like 1

Share this post


Link to post
Share on other sites
10 hours ago, JeremyNicoll said:

@bjm_  - No, it's not "cloud-based".  Signatures are held on the local pc but are normally updated frequently, typically every hour.

When something that might be malware is analysed, there's an optional check made of knowledge on an online server (the Antimalware Network).  Users can choose if that will be done and whether or not they want the server's opinion to be displayed or immediately acted on.

There's also an optional browser extension that uses an online server to judge whether specific pages of certain websites are dangerous.

 

Hmm, lesson learned, for me, not to assume.  Had I not read this thread.  I would have gone on assuming Emsisoft AM Home is akin to most (to my understanding) device security solutions.   So, the optional Antimalware Network is an opinion added to automated detection decision flow.  Or, an opinion offered to user for manual detection decision flow.  

To confirm my now understanding.   Analysis occurs locally.  Analysis is primarily based on local database using local engines, using local resources with an optional Network (cloud) opinion (somehow) factored in.  

And the local database is 3rd party?

Does Emsisoft detection analysis flow rely, perhaps, more from behavior - heuristic engines.   

Are there generalities that suggest Emsisoft AM Home detection analysis flow is more or less signature based vs behavior - heuristic - reputation based.

Again, not sure why I just assumed that the heavy lifting was not done locally...any more.
I assumed the evolution of all security solutions had moved their heavy lifting to the cloud.  

Just me.  

Thank you. 

Share this post


Link to post
Share on other sites
8 hours ago, bjm_ said:

To confirm my now understanding.   Analysis occurs locally.  Analysis is primarily based on local database using local engines, using local resources with an optional Network (cloud) opinion (somehow) factored in.

Behavioral detection (that is detection based entirely on an unknown program's behavior rather than static or heuristic signatures in a database) is governed by a series of rules that are stored locally, and supplemented by a cloud network that uses multiple sources of data to try to reduce false positives and increase quality of detections.

EAM also uses traditional Anti-Virus technology where a local threat database with static and heuristic signatures is kept for the purposes of real-time and on-demand scanning of files and programs. This database is updated periodically (once every hour by default) to ensure detection of the latest threats.

 

8 hours ago, bjm_ said:

And the local database is 3rd party?

Partially. We use two Anti-Virus engines (one made by us, and one made by BitDefender) and each has its own database.

 

8 hours ago, bjm_ said:

Does Emsisoft detection analysis flow rely, perhaps, more from behavior - heuristic engines.

If you mean the software (Emsisoft Anti-Malware, aka. "EAM") then it relies mostly on its Anti-Virus engines and database of signatures, as well as the Web Protection. The Behavior Blocker is there to stop the small percentage of threats that aren't stopped by the other protection mechanisms, sort of like a last line of defense.

  • Like 1

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

If you mean the software (Emsisoft Anti-Malware, aka. "EAM") then it relies mostly on its Anti-Virus engines and database of signatures, as well as the Web Protection. The Behavior Blocker is there to stop the small percentage of threats that aren't stopped by the other protection mechanisms, sort of like a last line of defense.

Yes, I meant Emsisoft Anti-Malware

Wonder why Emsisoft has not moved Emsisoft Anti-Malware heavy lifting to the cloud.    Just me.  

Thank you

Share this post


Link to post
Share on other sites
5 hours ago, bjm_ said:

Wonder why Emsisoft has not moved Emsisoft Anti-Malware heavy lifting to the cloud.    

Alternative ways to protect that don’t compromise privacy

Some good news for all of you who have been told that there are no alternatives to collect data in order to keep you safe from malware: there are alternatives. They may require a bit more effort in programming and may be a little less convenient for software vendors, but they are proven to be just as efficient as methods that impact your privacy.

https://blog.emsisoft.com/en/17153/antivirus-software-protecting-your-files-at-the-price-of-your-privacy/

Share this post


Link to post
Share on other sites
20 hours ago, bjm_ said:

Wonder why Emsisoft has not moved Emsisoft Anti-Malware heavy lifting to the cloud.    Just me.

"Cloud scanning" is not effective for detecting all types of threats, and at least for now traditional Anti-Virus signatures are still required for proper protection.

  • Like 1

Share this post


Link to post
Share on other sites
8 hours ago, GT500 said:

"Cloud scanning" is not effective for detecting all types of threats, and at least for now traditional Anti-Virus signatures are still required for proper protection.

Do you mean EAM "Cloud scanning" is not as effective for detecting all types of threats vs EAM "Local scanning" for detecting all types of threats? 

Do you mean that EAM "Local scanning" for detecting all types of threats is more effective than EAM "Cloud scanning" for detecting all types of threats?

EAM employs Antimalware Network query. 

----------------------------------------------------------------

Do you mean that "Cloud scanning" used by other security solutions is not as effective as "Local scanning" used by EAM. 

Do you mean that "Cloud scanning" used by other security solutions is not as effective - were those other security solutions using "Local scanning".  

Signatures are used in the cloud.....by other security solutions.   

Norton for example uses traditional Anti-Virus technology where a hybrid (~90% cloud | ~10% local for prevalent) threat database (cloud always queried) with static and heuristic signatures is kept for the purposes of real-time and on-demand scanning of files and programs. 

Do I want an ever growing threat database pushed down per hour using my machines limited processing resources. 
Or,
Do I want meta data uploaded accessing always up to date threat database using unlimited cloud processing resources.

Do I want emulator - heuristic analyzer run on my machine using my machines limited computing power.
Or, 
Do I want emulator - heuristic analyzer run off my machine using unlimited cloud computing power.  

Regards w Respect

Share this post


Link to post
Share on other sites
15 hours ago, bjm_ said:

Do you mean EAM "Cloud scanning" is not as effective for detecting all types of threats vs EAM "Local scanning" for detecting all types of threats?

I mean everyone's cloud scanning is not effective against certain types of threats. There are technical limitations to cloud scanning technology that make it ineffective against certain types of threats.

 

15 hours ago, bjm_ said:

Do I want an ever growing threat database pushed down per hour using my machines limited processing resources.

Databases are compressed, encrypted, and are occasionally cleaned and consolidated to reduce the size without reducing effectiveness.

 

15 hours ago, bjm_ said:

Do I want emulator - heuristic analyzer run on my machine using my machines limited computing power.

The performance reduction of Anti-Virus software usually has more to do with the fact they they inject code into all running processes on the system to open hooks to read their memory and monitor their behavior. You'd have the same performance issues with or without local behavioral monitoring, because you're talking about an operation that only takes a few milliseconds and which is only triggered when a process is unknown.

  • Like 1

Share this post


Link to post
Share on other sites
8 hours ago, GT500 said:

I mean everyone's cloud scanning is not effective against certain types of threats. There are technical limitations to cloud scanning technology that make it ineffective against certain types of threats.

Databases are compressed, encrypted, and are occasionally cleaned and consolidated to reduce the size without reducing effectiveness.

The performance reduction of Anti-Virus software usually has more to do with the fact they they inject code into all running processes on the system to open hooks to read their memory and monitor their behavior. You'd have the same performance issues with or without local behavioral monitoring, because you're talking about an operation that only takes a few milliseconds and which is only triggered when a process is unknown.

Hmm....just when I was convinced that cloud scanning is better.  So, EAM local scanning is not just for privacy concerns.  

Um, is there an Emsisoft Blog (recent) article expressing that local scanning is better than cloud scanning ... and not just for privacy? 

Is there an Emsisoft Blog (recent) article expressing that cloud scanning technology is ineffective against certain types of threats.

Thanks again

Share this post


Link to post
Share on other sites

 would rather have it reverted i liked the  notifications if not many users are using a feature leave it off by default give the user the choice don't just strip it based on statistical data   

Share this post


Link to post
Share on other sites

Typical today, change just for change. I guess programmers have nothing better to do and have to "show" some work.

Share this post


Link to post
Share on other sites
On 6/6/2020 at 9:34 AM, bjm_ said:

Um, is there an Emsisoft Blog (recent) article expressing that local scanning is better than cloud scanning ... and not just for privacy? 

Is there an Emsisoft Blog (recent) article expressing that cloud scanning technology is ineffective against certain types of threats.

I don't believe we've published any articles discussing cloud scanning recently, beyond our recent privacy article of course.

 

On 6/7/2020 at 10:13 AM, MJmusicguy said:

 would rather have it reverted i liked the  notifications if not many users are using a feature leave it off by default give the user the choice don't just strip it based on statistical data   

Thanks for your feedback. Note that you can also send feedback directly to our management by sending an e-mail to feedback@emsisoft.com (all e-mails received at this address should be read, except the obvious junk mail of course).

 

On 6/7/2020 at 12:27 PM, Ken1943 said:

Typical today, change just for change. I guess programmers have nothing better to do and have to "show" some work.

There were actual reasons for changing it. For instance some corporate customers would actually prefer update notifications be removed as their employees have no need to see such information, and they prefer their IT teams to manage their Anti-Virus remotely.

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

There were actual reasons for changing it. For instance some corporate customers would actually prefer update notifications be removed as their employees have no need to see such information, and they prefer their IT teams to manage their Anti-Virus remotely.

well at least they'll be happy then - it can't have been that hard for the IT teams to have to uncheck the option for the update notification

 

Share this post


Link to post
Share on other sites
7 hours ago, GT500 said:

I don't believe we've published any articles discussing cloud scanning recently, beyond our recent privacy article of course.

 

Thanks for your feedback. Note that you can also send feedback directly to our management by sending an e-mail to feedback@emsisoft.com (all e-mails received at this address should be read, except the obvious junk mail of course).

 

There were actual reasons for changing it. For instance some corporate customers would actually prefer update notifications be removed as their employees have no need to see such information, and they prefer their IT teams to manage their Anti-Virus remotely.

There are actual reasons for keeping it, too.

Doesn't the corporate version have "policies" that allow the corporate people to set which things can be altered by the users?  And even if not, I don't see why an IT person would get that bothered if someone turned on a notification that is meant to be off - it is after all only a notification.  Users can't change anything based on it.

Share this post


Link to post
Share on other sites
15 hours ago, JeremyNicoll said:

Doesn't the corporate version have "policies" that allow the corporate people to set which things can be altered by the users?

Yes, however some may have had reasons why they didn't want the option to appear in the UI at all. With the majority of our users seeming to see this feature as a nuisance anyway, it was decided it was best to remove it for now.

Share this post


Link to post
Share on other sites

@GT500 it is always good to keep corporate members happy but in this case remove it for Emsisoft Business Security clients pnly and default to off for consumers problem solved 

 

Share this post


Link to post
Share on other sites
On 6/14/2020 at 5:53 PM, MJmusicguy said:

@GT500 it is always good to keep corporate members happy but in this case remove it for Emsisoft Business Security clients pnly and default to off for consumers problem solved 

We probably would have gone that route if we didn't have evidence that an overwhelming number of our customer don't like the notifications at all.

Granted that doesn't mean things won't change in the future as we receive feedback from our customers.

Share this post


Link to post
Share on other sites

> Granted that doesn't mean things won't change in the future as we receive feedback from our customers.

I struggle to think of much that Emsi have ever changed when users have complained (apart from actual bugs of course).

The longer something like this goes on, with people occasionally adding a "me too" to this or similar threads, with no change occurring, the less likely it is that you'll finally decide that that one extra voice matters enough to make the change.   And, the longer it goes on... the less likely it is that anyone will bother to add their voice, as there's little evidence that you're listening.

 

Have the people who made this decision actually been told of the objections the few of us here have made?    I ask, because it's obvious from other threads that you don't even go as far as talking to QA about some things, until some threshold is reached.      

Share this post


Link to post
Share on other sites
4 hours ago, JeremyNicoll said:

Have the people who made this decision actually been told of the objections the few of us here have made?    I ask, because it's obvious from other threads that you don't even go as far as talking to QA about some things, until some threshold is reached.   

Yes, of course.
Emsisoft always listens to their customers and we regularly add features on request.
That doesn't mean however that when we receive some complaints about removal of a not so important notification from a few users, we instantly bring it back, while 99,999% of the users do not even care.

 

Share this post


Link to post
Share on other sites
On 6/16/2020 at 4:30 AM, Cineatic said:

Do the customers, that didn't like that notification, know they can disable it? I don't think so.

Yes, and a significant portion of customers did disable it (roughly 90% from the information we have).

Share this post


Link to post
Share on other sites

But... you've annoyed the people who DID want the notification, even though those who did not could easily disable it.

 

Also... "from the information you have".    Did I read somewhere that you knew the state of the notifications settings from dumps or debug logs sent to you?   Surely that's a tiny fraction of your users?

Share this post


Link to post
Share on other sites
16 hours ago, JeremyNicoll said:

Did I read somewhere that you knew the state of the notifications settings from dumps or debug logs sent to you?   Surely that's a tiny fraction of your users?

I'm fairly certain that I haven't actually said where the information came from.

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

I'm fairly certain that I haven't actually said where the information came from.

The idea that you implicitly see things in dumps / debug logs might have come from some other conversation; I can't recall precisely why I thought that.  

But if the source of the information isn't dumps / debug logs, I would wonder precisely how you could possibly know what settings anyone uses.     

Share this post


Link to post
Share on other sites
20 hours ago, JeremyNicoll said:

I would wonder precisely how you could possibly know what settings anyone uses.

Settings for those who use the Emsisoft Cloud Console are synced with our online systems, and we can see the percentage of users who have an option on or off.

Note: This data is anonymous, and usage of ECC is on an opt-in basis.

Share this post


Link to post
Share on other sites
11 hours ago, GT500 said:

Settings for those who use the Emsisoft Cloud Console are synced with our online systems, and we can see the percentage of users who have an option on or off.

Note: This data is anonymous, and usage of ECC is on an opt-in basis.

Isn't ECC also only enterprise users?  How would you know what typical home users choose to do?

 

Also: unrelated issue, is it no longer possible for forum users to edit their own posts?  I used to fix my spelling mistakes etc and it now looks as if I cannot.

 

Edit: hmm, just after creating /this/ post the newly added post offered an "Edit" option, but older ones (eg those above this one in this discussion) do not.

Share this post


Link to post
Share on other sites

I think the issue is mire that you are taking away ALL  users freedom of choice based on statistics no one sees  but yourselves i mean you have done that alot

-Firewall discontinued

- always defaulting scanners to default even though we want through (my scan level resets every time i restart)

-removing privacy risk   module 

all based on data we adapt because we love the product but moderate to advanced users want more control we do not want to be lumped in with grandpa

just let us have this one we haven't  said much about the other stuff :) 

 

  • Like 1

Share this post


Link to post
Share on other sites
9 hours ago, JeremyNicoll said:

Isn't ECC also only enterprise users?  How would you know what typical home users choose to do?

Anyone can use ECC. It's available right from MyEmsisoft, and all you have to do is create a workspace and add license keys to it. Some of the features may only be useful to enterprise customers, but a lot of them can be useful to regular/home users as well.

 

9 hours ago, JeremyNicoll said:

Edit: hmm, just after creating /this/ post the newly added post offered an "Edit" option, but older ones (eg those above this one in this discussion) do not.

It could be a bug in this version of the forum software. You're not the only one to complain about it.

 

9 hours ago, JeremyNicoll said:

And here's one that I can't delete....   Maybe I never could...

I would believe that only moderators and admins can delete or hide posts.

 

9 hours ago, MJmusicguy said:

I think the issue is mire that you are taking away ALL  users freedom of choice based on statistics no one sees  but yourselves i mean you have done that alot

Decisions like this aren't necessarily made lightly. We always know there will be people who don't want us to make changes, but sometimes it's still necessary to ensure that our resources and development time are focused in the areas that serve our customers the best.

Granted in this instance is was a minor feature that probably required no real maintenance to keep, but time spent on a feature isn't always the reason why it's discontinued.

 

9 hours ago, MJmusicguy said:

all based on data we adapt because we love the product but moderate to advanced users want more control we do not want to be lumped in with grandpa

I can certainly understand and sympathize with this point of view. There are a lot of us on the Emsisoft team who also like the idea of more control as well. That being said, our product is marketed to those with limited computer knowledge who don't want a bunch of complicated options, and would rather have things be as simple as possible.

Sadly, more complicated products that are marketed towards advanced users don't tend to do well. Just look at what happened to WinPatrol, Sandboxie, and countless firewall programs over the years. Software like that just isn't sustainable, and always ends up either getting discontinued, or bankrupting the company that's making it.

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

Decisions like this aren't necessarily made lightly. We always know there will be people who don't want us to make changes, but sometimes it's still necessary to ensure that our resources and development time are focused in the areas that serve our customers the best.

Granted in this instance is was a minor feature that probably required no real maintenance to keep, but time spent on a feature isn't always the reason why it's discontinued.

Bearing in mind that the information you put into the notification box must already have been collected, and the fact that you already have (and use elsewhere) the notification mechanism, I'd be surprised if you removed much more code than a single call of the notification method.    It doesn't sound to me like there'd be any saving in "resources and development time" in doing that.    You'd spend more time logging the change (in whatever source-control system you use) than making it.

 

It's particularly irksome seeing pointless changes like this being made when - as someone else pointed out recently - you still haven't fixed the excess cpu issue.   It's been two weeks since there was any word on that.      

Share this post


Link to post
Share on other sites
On 6/20/2020 at 5:13 AM, JeremyNicoll said:

... you still haven't fixed the excess cpu issue.   It's been two weeks since there was any word on that.

We don't usually give status updates on debugging and bug fixing. I know "we're still working on it" sounds bad, but we have no intention of giving up on trying to fix it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.