Jump to content

Recommended Posts

Hello,

I have been evaluating 5 Major products for protecting my Cloud VM's hosted in Public Cloud setup.

I had been looking for a product with Cloud console and specializes in Anti-Malware with best defense against Ransomware and giving alerts on email. Which is low on resource and effective.

So I tried to play with all possible live scenario testing.

When i did very basic test (Task Manager and End Task the Emsisoft Protection Service CPU Spiked 99% and nothing can be done apart from force Reboot.

EmsiSoft Business Security

Version : 2020.6.0.10209

OS : Windows Server 2016

Link to post
Share on other sites

When you say "End Task", what task were you trying to end?

There is an ongoing problem (at least in the Home version of EAM) with cpu spikes... but no-one discussing it on the forum has described a 99% cpu busy situation.  The worst people have seen is for one thread (usually half a core) to be 100% busy.  What sort of CPU does your machine have?  If a2service was keeping one thread busy, what was keeping every other thread/core busy?

Link to post
Share on other sites
1 hour ago, JeremyNicoll said:

When you say "End Task", what task were you trying to end?

There is an ongoing problem (at least in the Home version of EAM) with cpu spikes... but no-one discussing it on the forum has described a 99% cpu busy situation.  The worst people have seen is for one thread (usually half a core) to be 100% busy.  What sort of CPU does your machine have?  If a2service was keeping one thread busy, what was keeping every other thread/core busy?

Jeremy, that is exactly since I am a Cloud Service Provider with value addition of Security + Backups, I have to evaluate security at a VM level and not at the Host Server level as every one is on different public cloud.

Well open the Task Manager and under processes kill the process "Emsisoft Protection Service" nothing will happen but CPU Spike to 99% and thats the end game, you reboot and that's only option.

I am running it on my VMWare Workstation with 8 vCPU and 8 Gigs Memory with nVME drives.

I haven't yet started to do the stress test by bombarding it with the infections LOL

Link to post
Share on other sites

> Jeremy, that is exactly since I am a Cloud Service Provider ....

It's perfectly sensible to evaluate things, though I don't see that the type of business you're in has any relevance.

 

> Well open the Task Manager and under processes kill the process "Emsisoft Protection Service" nothing will happen

Ordinarily you wouldn't expect to be able to end the  a2service.exe  task (because if you can, so can malware), unless you've turned off the  'self-protection' option within EAM (in Home, at least, presumably also in the Business version),  in Settings - Advanced.

I don't know why you'd then see a cpu spike... but it should still have been only in one (v)CPU.    You didn't say what other processes are suddenly so busy on the other seven CPUs.

 

What is the host operating system?   And what is the OS under VMware?    

Link to post
Share on other sites
13 minutes ago, JeremyNicoll said:

> Jeremy, that is exactly since I am a Cloud Service Provider ....

It's perfectly sensible to evaluate things, though I don't see that the type of business you're in has any relevance.

 

> Well open the Task Manager and under processes kill the process "Emsisoft Protection Service" nothing will happen

Ordinarily you wouldn't expect to be able to end the  a2service.exe  task (because if you can, so can malware), unless you've turned off the  'self-protection' option within EAM (in Home, at least, presumably also in the Business version),  in Settings - Advanced.

I don't know why you'd then see a cpu spike... but it should still have been only in one (v)CPU.    You didn't say what other processes are suddenly so busy on the other seven CPUs.

 

What is the host operating system?   And what is the OS under VMware?    

It is relevant as my Cloud users run their application and at endpoint there is always a need of Protection, and since clouds are always on virtual cores, the power is less as compared to physical server, hence the security should be very light weight.

I totally agree that neither a user / malware should be able to turn off the protection or kill the process, however the point i wish to highlight is it should either give error access denied or simply do nothing; But instead it is actually using all the CPU.

Like i mentioned I have a VMWare Work station, I have alloted 4 cores per CPU so in total 8vCPU to my VM on my local machine.

Link to post
Share on other sites
17 hours ago, spidy0008 said:

Well open the Task Manager and under processes kill the process "Emsisoft Protection Service" nothing will happen but CPU Spike to 99% and thats the end game, you reboot and that's only option.

As @JeremyNicoll says, this isn't possible without turning off the self protection in the advanced settings. Attempting to do so will at the very least freeze/hang the Task Manager.

Also, I recommend looking at process file names in the "Details" tab of the Task Manager rather than the "user friendly" names seen in the "Processes" tab. If you need to do anything with the process outside of the Task Manager, you're going to need to know you're dealing with "a2service.exe" instead of "Emsisoft Protection Service".

 

17 hours ago, spidy0008 said:

I totally agree that neither a user / malware should be able to turn off the protection or kill the process, however the point i wish to highlight is it should either give error access denied or simply do nothing; But instead it is actually using all the CPU.

Such behavior is not normal. Freezing/hanging the Task Manager when attempting to terminate an Emsisoft Anti-Malware process is normal.

The behavior you're describing sounds more like what would happen if another security product with real-time protection were installed alongside of Emsisoft Anti-Malware. Do you have any other security software installed, and is Windows Defender automatically being turned off by Windows when Emsisoft Anti-Malware is active?

Link to post
Share on other sites
10 hours ago, GT500 said:

As @JeremyNicoll says, this isn't possible without turning off the self protection in the advanced settings. Attempting to do so will at the very least freeze/hang the Task Manager.

Also, I recommend looking at process file names in the "Details" tab of the Task Manager rather than the "user friendly" names seen in the "Processes" tab. If you need to do anything with the process outside of the Task Manager, you're going to need to know you're dealing with "a2service.exe" instead of "Emsisoft Protection Service".

 

Such behavior is not normal. Freezing/hanging the Task Manager when attempting to terminate an Emsisoft Anti-Malware process is normal.

The behavior you're describing sounds more like what would happen if another security product with real-time protection were installed alongside of Emsisoft Anti-Malware. Do you have any other security software installed, and is Windows Defender automatically being turned off by Windows when Emsisoft Anti-Malware is active?

I am not here to compare any to any brand just i am looking for best for myself so my client's data in cloud be safe. I was so close to purchase it for all my cloud servers just before that i wanted to watch it on overall performance. 

I totally agree to all the points that we have highlighted here that any of the Protection services should not be terminated, however we are looking at the more logical point that if in case someone from any user / auto-script or something which tries to eliminate the task, the error shall appear not that the processing power goes to 99% where all users are affected. It should just deny the request which i think could be more sensible rather taking 99% of CPU.

Well windows defender is part of Win 2016 Server, and I did not manually made any changes, my installation process was pretty simple. Login.. Download ... Install. I will still check on it and if its active in case i will disable it from gp settings.

In addition to this, I just checked one more thing that email notifications work like charm, however when agent is offline / down then there no alerts.

Link to post
Share on other sites
19 hours ago, spidy0008 said:

Well windows defender is part of Win 2016 Server, and I did not manually made any changes...

That reminds me, the Windows Security Center isn't installed on server editions of Windows by default, so Windows Defender may not be shutting off when Emsisoft Anti-Malware is installed and active. You may need to disable Windows Defender manually, or add an exclusion to Windows Defender for Emsisoft Anti-Malware's EXE files to prevent issues.

 

19 hours ago, spidy0008 said:

In addition to this, I just checked one more thing that email notifications work like charm, however when agent is offline / down then there no alerts.

I'll check with QA about that.

Edited by GT500
Removed question mark.
Link to post
Share on other sites
19 hours ago, spidy0008 said:

In addition to this, I just checked one more thing that email notifications work like charm, however when agent is offline / down then there no alerts.

Apparently it was suggested to QA already, and they've made a note of it.

Link to post
Share on other sites
22 hours ago, spidy0008 said:

when you suggested to check if there any other Anti-virus service active, that time I disabled the protection and then did a fresh install of EMSISOFT.

Were the results of your test any different?

Link to post
Share on other sites
1 hour ago, GT500 said:

Were the results of your test any different?

Only one difference which I found was the Process is going 99% but dosent stay long it drops slowly, however still towards little high consumption. This is just when we end process from task manager.

I think this is one of the best Endpoint Security I have seen in terms of features / footprint on cpu / effectiveness. Just i wanted to test this as many users try to end process from task manager to open something or some scripts which are cmd based which initially doesn't look like threat. Basically if all EMSISOFT processes in task manager or sevices gives deny error as the main control lies in cloud console will be the best. I am in process to purchase this and use for the security of my cloud servers :)

Link to post
Share on other sites
18 hours ago, spidy0008 said:

Just i wanted to test this as many users try to end process from task manager to open something or some scripts which are cmd based which initially doesn't look like threat.

Users have admin rights?

Link to post
Share on other sites
8 hours ago, GT500 said:

Users have admin rights?

No users dont have admin rights but still some try to fidget with system.

I have deployed the EMSI Protection on Live Server. However emails alerts are not coming. I have question does Emsisoft use Host server (on which its installed) ports to send email or Console has its own email sending system?

Link to post
Share on other sites
16 hours ago, spidy0008 said:

No users dont have admin rights but still some try to fidget with system.

I have deployed the EMSI Protection on Live Server. However emails alerts are not coming. I have question does Emsisoft use Host server (on which its installed) ports to send email or Console has its own email sending system?

Its fixed as the email account detected ip change and had to be given special permission for sync. Alerts working charm.

Link to post
Share on other sites
On 6/6/2020 at 9:46 AM, spidy0008 said:

No users dont have admin rights but still some try to fidget with system.

a2service.exe (Emsisoft Protection Service) runs under the SYSTEM user account, and can't be terminated by a non-admin.

 

On 6/7/2020 at 2:32 AM, spidy0008 said:

Its fixed as the email account detected ip change and had to be given special permission for sync. Alerts working charm.

I'm glad to hear that.

Note that we also have an online management console (Emsisoft Cloud Console) accessible via your MyEmsisoft account, and this management console is also capable of sending e-mail notifications. There's more information about it and how to get started using it in the user guide.

Also note that 2-Factor Authentication is required for MyEmsisoft accounts, and while it defaults to sending codes via e-mail you can also configure your account to use a 2-Factor Authentication/One-Time Password app on your phone if you prefer.

Link to post
Share on other sites
On 6/9/2020 at 9:05 AM, GT500 said:

a2service.exe (Emsisoft Protection Service) runs under the SYSTEM user account, and can't be terminated by a non-admin.

 

I'm glad to hear that.

Note that we also have an online management console (Emsisoft Cloud Console) accessible via your MyEmsisoft account, and this management console is also capable of sending e-mail notifications. There's more information about it and how to get started using it in the user guide.

Also note that 2-Factor Authentication is required for MyEmsisoft accounts, and while it defaults to sending codes via e-mail you can also configure your account to use a 2-Factor Authentication/One-Time Password app on your phone if you prefer.

Yes I am aware of this as I am using the same since I am evaluating 30 Day Trial on Business Security and it comes with my.emsisoft.com and 2fa for every login with new browser or ip.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...