Jump to content

Behavior Blocker De-activation


Recommended Posts

Regarding EAM 6.0.046...

Does it make any difference if the Behavior Blocker is de-activated on the Security Status screen or under the Behavior Blocker tab on the Guard screen? Or does doing one do the other? Or do both?

Given deactivation of BB:

1) Do Guard : Application Rules become irrelevant? (No monitoring, blocking, allowing, etc.)

2) Do Guard : Alerts settings become irrelevant? (No alerts regarding application behavior.)

3) Do Guard : File Guard alerts remain relevant? (Alerts upon signature detection of malware.)

Thank you.

Link to post
Share on other sites

Hi dallas7,

Settings for Behavioural Blocker (BB) and File Guard (FG) a separate because the detection technique is completely different

As you correctly pointed in #3) FG is a signature related detection. So, unless you disable FG you will have those detection alive whether it is just “onExecution” and/or a combination of “onExecution” (only executables are scanned) and “onAccess” (any files involved are scanned) based on current signatures

Disabling BB has nothing to do with FG.

And yes, as in #1 & #2 - when you disable BB currently created Application Rules are irrelevant – no Monitoring/no Alerts until re-enabling BB (rules are preserved).

Unfortunately in the existing Help File (7.1 Application Rules) there is no clear statement that Application Rules belong to BB

My regards

p.s. as a simple test please

- disable BB and leave FG

- execute Eicar.exe or TrojanSimulator - you will get FG Alert (based on signatures)

Link to post
Share on other sites

Thanks Tester. I won a license over at the Raymond.CC forum and while the Softpedia screen shots and Emsisoft's online help were instrumental in my thinking along those lines, I wanted to make sure before I installed EAM that I could fully disable the Behavior Blocker. I was running Ashampoo AntiMalware (currently disabled, not uninstalled) and though it uses the latest 1.1.109.0 T3 engine, the A2 is at v5.0.0.50 which is OK. However my interest is in the new A2 v2.x engine and not the BB. So now I have EAM6 as a trial running with Online Armor Premium, MBAM Pro and Zemana AL. I'm optimistic and will probably activate the license soon. My experience with the EAM/OAP here in this XP system will help me determine if I want to take advantage of Emsisoft's offer of a free switch to the Security Pack from OA++ on my Win7 system. Cheers!

Link to post
Share on other sites

Thanks for the reply dallas7,

We all do know that Ashampoo is using EAM's engine(s)

At the same time I am not aware whether they are using the new one that was introduced in v6 of EAM

I'm just hoping that developers will reply regarding the matter

Anyway, as far as I am concerned, that is about signatures only

As for BB - EAM's BB is the best on the market you can have at this stage

Between us when nobody listening ;) - I rely only on EAM's BB I do not and did not run any signature related Software for 5 or more years since EAM was developed, except rare cases where users reporting some weird detections & / or suspected bugs

I never used newly introduced "onAccess" options by EAM . My choice always was is and will be -"onExecution" only & BB - perfect combination!

As for OA++ please read this forum - there will not be any development for OA++ including incorporating new engines any more.

So, stick with current OA whether you consider choosing Free or Premium. OA (not OA++) and EAM is one of the best security combination currently on the market

Cheers!

Link to post
Share on other sites

You don't have to sell me on Emsisoft. I vote for them with my PayPal account. :)

As far as OA++, that forum is peppered with my commentary. I believe if it wasn't for me, we users would still be running T3 1.1.103.

While it won't be receiving a next gen Ikarus (T4?) or the A2 2.x engines, the current iterations (1.1.109.0 and 5.1.0.11) offer superb protection and your dismissal of OA++ is misplaced. IMHO, in doing so you not only dismiss Ikarus but Online-Armor as well. Be reminded that T3 remains validated in EAM6 and unless otherwise discussion is buried in some obscure blog or forum it should remain so well into 2012.

True that EAM6 alone offers protection beyond signature scanning but in my own environment I don't want suite-centric behavior blocking or white/black list filtering - of which their efficacy of is off-topic as well as endlessly debated in other venues.

A detail I should interject is my choice OA++ (vs OAP & Ashampoo) for the laptop I purchased in October was based on Emsisoft's commitment to current engine support until it (and Internet Security Pack) face retirement and the promised "new common code base" product is released. Further, the new laptop (Win7) doesn't go out online anywhere near as much as this old tower (WinXP) what with social nets, yoot oob, Web mail and, um... forums. B)

Your advice to "stick with current OA" is puzzling as it was never a focus in this thread but perhaps you overlooked my profile on the left: I am running paid versions on both my system.

I consider my commentary here is exhausted and won't be posting up any more.

Thanks again, Lynx (oops, I called you Tester in #3). I look forward to reading all your assistance for us users and your thoughts and opinions in the other threads. Especially when Emsisoft goes beta with their next gen product - I'm sure you'll be a front runner on that.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...