Jump to content

Strange Pop Up and log entry


Recommended Posts

Emsisoft popped up the following message and also logged in it.

7/26/2021 9:51:17 AM
A notification message "Please re-authenticate this device with our Emsisoft user account to connect to your MyEmsisoft workspace.Learn more" has been shown

 

Does anyone know why as I have 440+ days left on my license?

 

Thanks

Link to comment
Share on other sites

I get them too - typically two or three times in one day, then none at all for a few days, then another set.  If (like me) you have no interest in using the My.Emsisoft website way of managing multiple devices, I think you can (as I do) just dismiss these popups.

It doesn't make sense to me that I should have to "authenticate" anything, bearing in mind that I have an active licence and am receiving updates alright.

Link to comment
Share on other sites

If you have the problem of Emsisoft Anti-Malware asking you to re-authenticate, there are a few things that can work. Easiest first, with the most 'drastic' last.

  1. Wait. Sometimes it will sort itself out in a day or so.
  2. Restart the computer. If you're using Windows 10, restart by right-clicking the Windows start button and using restart from the shutdown sub-menu. That performs a full restart instead of the cached rapid restart that is Windows 10's default.
  3. Sign into MyEmsisoft, click 'add device', and download the tagged installer. Don't rename it, and run it when it's done downloading. It might not appear to be doing anything, but it is. Give it 30 seconds, then open Emsisoft Anti-Malware and click update.
  4. Uninstall Emsisoft Anti-Malware, restart the computer (same method as above for Windows 10), then download and run your tagged installer per option 3.

If everything fails, email us at [email protected], explain what you tried and what if anything didn't go right with each step you tried, and we'll help.

Link to comment
Share on other sites

  • 2 weeks later...
On 8/14/2021 at 11:35 PM, Ken1943 said:

Since they are moving everyone to a 'work space', they are missing an email there. If you do what it says, the warnings will go away.

The point is, though, that my fully-licenced copy of EAM is still getting updates (as I would hope it would), and is working (as far as I can tell) perfectly.  No-one will tell me what extra facility /that I need/ will suddenly start working if I do the authentication.  I have zero interest in managing my PC's use of EAM from a web interface. 

Link to comment
Share on other sites

26 minutes ago, Ken1943 said:

Then change to another product if you don't want to do something. Your choice !

You're not getting the point.  I don't much want to change to another product as I've been happy for years with EAM's core function.  Controlling EAM from my own PC, right in front of me, works fine.  I have no need to use the PC I am sitting at to login to a website to have an Emsisoft server then communicate my wishes to EAM on that same PC.  It just adds needless complexity.  I'm also not wildly happy about the idea that any external entity can affect the way I configure security software on my PC.  How can Emsisoft /guarantee/ that no hacker ever gets access to those servers?

I absolutely 'get' that someone responsible for security on tens, hundreds or thousands of corporate PCs might love such a facility so they could configure everyone's instance of EAM in a consistent way, see infections on affected machines etc from a single point ... but /I/ don't need it, and I can't see why any typical home user would need it either.  I /think/ that the authentication is all about enabling the link between my logon at the website, the central servers (I sincerely hope there's not just one - a possible single point of failure in all of this), and my PC ... and I do not want such a link to be enabled.

But - for users like me who have no interest in controlling their copies of EAM this way - I don't understand why we can't just opt-out and not keep getting nagged about it.

Link to comment
Share on other sites

17 hours ago, NewbyUser said:

There is a setting if you wish a managed installation or a local one or both. Choose local only.

Thank-you for the suggestion.

I logged-in to My.Emsisoft for another look.  On the initial display, in the pane named "Managed devices" my PC is shown as "Not Managed", which seems pretty clear to me.

Not obvious at all, there's also a three-way choice under Settings: "Local Only", "Local & Remote", "Remote Only" , of which it appears that the middle option "Local & Remote" is set.

 

I was about to change this to "Local Only"... but I get a warning that

     "Changing the security management immediately affects all devices in your workspace.

      By switching to local management, protection on all your devices will be disconnected from protection policies and reset to factory defaults."

 

I certainly don't want all the configuration setting on my PC's copy of EAM to be reset to defaults.  I want them left alone.

Then again, perhaps the warning doesn't mean that they'll be reset - after all, how would that reset command get sent to my PC in the first place if it's never been authenticated to this wretched central-server?

And what does that "disconnected from protection policies" text actually mean?  Whose "protection policies"?  Does that mean (for anyone who has been using the central server control) the current settings managed centrally?  What about people not yet using that facility? 

Link to comment
Share on other sites

And another thing...  There's tooltip text on the three options: "Local Only", "Local & Remote", "Remote Only".  The text for "Local Only" says two things; the first (which makes sense) says:

   "Protection settings are managed on the local device only."

but the second means nothing to me.  Maybe it's not worded very well?  It says:

   "Data exchange between the device and Emsisoft Management Console are limited by protection status only."

Should that say "... are limited TO protection status only."  ??

 

Right now I can see (on the website's main pane - the one where my PC is shown as "NOT MANAGED") when my copy of EAM was last updated and the number of items in quarantine... but I don't quite understand why even that much information is apparently able to be shown by the website when my PC has not been /authenticated/. 

Link to comment
Share on other sites

14 hours ago, JeremyNicoll said:

Thank-you for the suggestion.

I logged-in to My.Emsisoft for another look.  On the initial display, in the pane named "Managed devices" my PC is shown as "Not Managed", which seems pretty clear to me.

Not obvious at all, there's also a three-way choice under Settings: "Local Only", "Local & Remote", "Remote Only" , of which it appears that the middle option "Local & Remote" is set.

 

I was about to change this to "Local Only"... but I get a warning that

     "Changing the security management immediately affects all devices in your workspace.

      By switching to local management, protection on all your devices will be disconnected from protection policies and reset to factory defaults."

  A workspace is just your emisosft page and protection policies are the settings changes you have made

I certainly don't want all the configuration setting on my PC's copy of EAM to be reset to defaults.  I want them left alone.

I've never disconnected from web management so I don't know if in fact settings are changed back to defaults.

Then again, perhaps the warning doesn't mean that they'll be reset - after all, how would that reset command get sent to my PC in the first place if it's never been authenticated to this wretched central-server?

And what does that "disconnected from protection policies" text actually mean?  Whose "protection policies"?  Does that mean (for anyone who has been using the central server control) the current settings managed centrally?  What about people not yet using that facility? It just means you're disconnected from web management and using local control on your computer.

Expand quoted post to see comments inserted

Link to comment
Share on other sites

On 8/19/2021 at 12:24 AM, KevinYu0504 said:

I am surprised that there is no Emsi's employee reply user's new questions .

 


Do you guys noticed , from May this year ,
Emsi's employee they hardly continued to answer the customer’s articles,
only a few articles received a few responses.

Also , the customer services staff such as  "GT500" ,
stop reply at May this year , many post on official forum never get any reply from Emsi employee , this never happen before .

And I discover , David Biggar (Customer lead) , 
his name was remove from Emsi's official Management team 
(from the link in "Why Emsi") .
https://www.emsisoft.com/en/company/about/

 

 

I guess there should be many major personnel changes in Emsi,
not to mention the decline in service quality, I also encountered a unfair treatment from Emsi.
and deliberately ignored my protest.

I would suggest not to consider Emsi anymore, obviously they don’t take customers seriously now .

I also have the same feeling, emsi on the quarantine area to report false alarm file response has become less active, the forum in addition to the two feedback virus file problem sub-page has an official reply, the rest of the post basically no official reply

Link to comment
Share on other sites

Guesses and theories do nobody any good. I've already replied to you, Kevin. As far as the rest of the questions, there are several, but much more outright conjecture than questions. I'm happy to try to answer those though if asked again without all of the guesswork muddying up the thread.

Link to comment
Share on other sites

8 hours ago, David Biggar said:

Guesses and theories do nobody any good. I've already replied to you, Kevin. As far as the rest of the questions, there are several, but much more outright conjecture than questions. I'm happy to try to answer those though if asked again without all of the guesswork muddying up the thread.

Sorry for causing your misunderstanding,
In fact, the conjectures or questions I put forward in the comments on this post,
they were all sent before you answered me by private message.

This is because all the message I sned to Emsisoft's message had more than 10 days no one reply .

I apologize if I cause a misunderstanding.

 

In order to ensure that the discussion does not digress,
I will not continue the discussion in this post,
I am sorry if I make anyone feel uncomfortable .

 

And because my main account had be banned ,
do not allow me to login in,
I am here using new account for apologize and looking opportunity to restore my main account .

 

  • Upvote 1
Link to comment
Share on other sites

5 hours ago, David Biggar said:

Guesses and theories do nobody any good. I've already replied to you, Kevin. As far as the rest of the questions, there are several, but much more outright conjecture than questions. I'm happy to try to answer those though if asked again without all of the guesswork muddying up the thread.

You've not yet adequately answered my questions.  I have however noticed that EAM hasn't nagged me recently; does that mean that someone's tweaked the code to stop the nagging, or is it just coincidence (since the nags seemed to be at irregular intervals)?

If the nagging is going to continue, then please explain once and for all WHY this authentication is needed for a user who is not using the website-based console.

Please also address all the other points I've raised here, namely:

- the possibility (if there's not multiple instances) that your backend server is a single point of failure

- the possibility (if someone manages to hack into those server(s)) of the security of customers' systems being at risk.  I'm sure you won't have forgotten that an Emsisoft server was breached in Jan-Feb 2021.  I know that was reported as a fairly minor data leak, but that doesn't mean that other kinds of breach are impossible.  I wonder how much thought Emsisoft have given to how they'd mitigate effects (on customers' systems) if such a breach were to occur.  And, do you run disaster-recovery tests on your infrastructure?  If eg a data-centre which houses your servers burns down (as did OVHcloud, Strasbourg, France, in March 2021) how long will your customers be affected for?   

- the point about the website console, if one chooses to change to "Local Only" resetting my (private) PC's EAM configuration to default - two problems there: why would it reset anything, and secondly how/why (if my PC is not authenticated to the workspace) does it have the right to perform a reset?

- the tooltip text for the "Local Only" option

 

I do not think I have muddied the waters with conjecture.  But note that "conjecture" means speculation based on inadequate information.  The very fact that I've been asking the initial question here (about the nagging) over and over again without a proper answer being given has not helped.

Questions about single points of failure etc might have been less relevant before when your customers' systems were less tightly integrated with your servers; I mean all of us could cope with occasional absences of signature updates.  But centralised control of our copies of EAM by your servers considerably heightens risk for customers.

I would like you to understand that I ask about these things based on my professional experiences in a UK bank's datacentre.

  • Like 1
  • Upvote 2
Link to comment
Share on other sites

Jeremy, I totally agree with the concept of reducing potential points of failure. However, please keep in mind that antivirus software always needs to exchange data with some sort of cloud infrastructure to be able to do its job. In the early years it was enough if software pulled online updates once a day, then we needed more frequent updates (about 1h intervals), and today we're at a point where we need a permanent connection to provide the best possible protection. Mainly to get real-time information about newly emerging threats and also to be able to push updates at any time, without a delay of 30 minutes. That's why we are currently in the process of changing our entire backend infrastructure to 'managed' devices.

'Managed' in this context doesn't necessarily mean these devices can be fully remote controlled (that's only the case if you use 'Local&Remote' or 'Remote only' workspace management modes), it rather means that devices have a permanent connection to the cloud to exchange malware intelligence (such devices show up as 'Managed' in your workspace). At the end of the day, those new cloud interfaces are not more or less secure than the simple hourly online updates were before. We are very well away of the risk involved with providing any cloud interfaces and do our best to make it as hard as possible for attackers to get in and manipulate data. 

None of our interfaces provide the ability to execute code on your devices. Software updates are the only way you can receive executable code from us, and again, those interfaces haven't conceptually changed since Emsisoft was founded 20 years ago. Our data transfer channels are secured on multiple levels, making it pretty much impossible to infiltrate unauthorized code. Our transfer channels and binaries are digitally signed on top of SSL to block any man-in-the-middle attempts by design. Our production database has very rigorous access limitations even within our team. But truth be told, there is no 100% guarantee that we'll never get hacked. 

That above described 'Please re-authenticate' notification shows up when you have a device using a license that is assigned with a workspace but the device hasn't migrated to 'managed' state yet. Changing it to managed is a one time action.

 

  • Upvote 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...