Sign in to follow this  
Kano

Emsisoft "auto detection"

Recommended Posts

I was asking myself is there a way to get "Automatic detection" I mean for example when downloading a file from internet and its infected, Emsisoft won't detect it until I open it, but in te case that the virus won't be detected it would be dangerous.

Or it just happens on the trial version?

Thank you anyway.

Share this post


Link to post
Share on other sites

Hi Kano, welcome to the forum

Usually when you are downloading something you are saving the file whether it's an archive or executable. No dangers yet. It is just a file. You are not executing it yet.

Then, you can (or rather must) scan it and if current signatures (important) will recognize the danger then you will be alerted and investigate further

Checking/scanning when downloading - "Automatic detection" as you called is just simple waste of time.

Moreover, you will never know whether the detection was False Positive (FP) or not. What's the point?

That mainly apply to any security and "onAccess" scanning

Different story when & if you would try to execute downloaded content:

- 1st "onExecution" scan will kick in (again it's not efficient in all cases because of signatures- related, so 0-days can be missed);

- but if you have Behavioral Blocker(BB) - that will most likely catch the suspect;

- speaking of internet downloads same (regarding BB) apply if you accidentally hit "drive by download" / execution without your knowledge & consent

My regards

Share this post


Link to post
Share on other sites

Hi Kano, welcome to the forum

Usually when you are downloading something you are saving the file whether it's an archive or executable. No dangers yet. It is just a file. You are not executing it yet.

Then, you can (or rather must) scan it and if current signatures (important) will recognize the danger then you will be alerted and investigate further

Checking/scanning when downloading - "Automatic detection" as you called is just simple waste of time.

Moreover, you will never know whether the detection was False Positive (FP) or not. What's the point?

That mainly apply to any security and "onAccess" scanning

Different story when & if you would try to execute downloaded content:

- 1st "onExecution" scan will kick in (again it's not efficient in all cases because of signatures- related, so 0-days can be missed);

- but if you have Behavioral Blocker(BB) - that will most likely catch the suspect;

- speaking of internet downloads same (regarding BB) apply if you accidentally hit "drive by download" / execution without your knowledge & consent

My regards

Thanks for the fast reply, I'm used to Eset, it detects malware when file has been downloaded so it doesn't give me the chance to open it until I run it rom quarentene, but its okay, I have to get use to the "Manual context scan before opening files"

Share this post


Link to post
Share on other sites

Thanks for your reply as well, Kano

The rule of thumb - you must not allow any security automatically quarantine/delete anything that being flagged. Period!

There is no way that ESET does not have options to disable such behaviour

Correct me if I'm wrong, but I've never met such security ... except MSE. Last time I tested it - it will quarantine anything what's suspected as "hi risk" therefore - it's not allowed on any PC.

You have to go through Preferences / Options / sometimes Advanced/ etc.,

Those could be "spread" there and you have to know your security well enough in order to disable those features

a side note: it would be "overdone" security setup if you have both EAM & ESET with real-times active - that is not recommended

Otherwise, please follow the advice by ctrlaltdelete:

Kano,

What are your settings in EAM File Guard?

There are several options, see also this section of the EAM 5 Tutorial

and set "Additionally scan all files when they are created or modified"

I'm not using that option for the reasons explained. My setting is "OnExecution" only, but probably you may consider and test it.

My regards

Share this post


Link to post
Share on other sites

Thanks for your reply as well, Kano

The rule of thumb - you must not allow any security automatically quarantine/delete anything that being flagged. Period!

There is no way that ESET does not have options to disable such behaviour

Correct me if I'm wrong, but I've never met such security ... except MSE. Last time I tested it - it will quarantine anything what's suspected as "hi risk" therefore - it's not allowed on any PC.

You have to go through Preferences / Options / sometimes Advanced/ etc.,

Those could be "spread" there and you have to know your security well enough in order to disable those features

a side note: it would be "overdone" security setup if you have both EAM & ESET with real-times active - that is not recommended

Otherwise, please follow the advice by ctrlaltdelete:

and set "Additionally scan all files when they are created or modified"

I'm not using that option for the reasons explained. My setting is "OnExecution" only, but probably you may consider and test it.

My regards

Thank you both for your help and time ; ) and fast reply too.

I checked all the settings before posting this, I have tested all of these three settings but still the same, detections are only by file access or context menu scan.

I mean this menu:257k21s.png and yes I know two antivirus at the same time is not recommended but I'll unistall eset, ikarus engine is far away better.

But don't worry, its matter of time to get use to ; )

Share this post


Link to post
Share on other sites

You are welcome

Instead of uninstalling, which you can do any time, at the moment you can leave another AV as on-demand scanner only if you wish, and know how to maintain its updates and avoid clashes. That's all a matter of experience, which you definitely will get being persistent and willing to learn

Cheers!

Share this post


Link to post
Share on other sites

Hello ... oddly enough, earlier EAM catching viruses in files (zip) on the fly and immediately put them in quarantine ... and now provides easy download ... and only when unpacking their vidit.kak for me, so would be better if everything remained as before. :wacko:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.