Lately Emisoft is doing well in detection: MRG Flash tests, RAP report, although it failed the VB 100 December test, I got kind of curious, and decided to test it. I don't mean to test it against live malware, but on a machine that only a couple of years ago was infested with all sorts of baddies. This machine had been scanned and cleaned by MBAM, Combo fix, Avira (as a program and rescue CD) VIPRE, Norton Power Eraser, DrWeb Cureit, McAfee Stinger, Kaspersky Virus Removal Tool and Hitman Pro. I installed Emisoft as a proper 30 day trial, updated it and run a full scan that took ages, in the end the results were staggering: more than 40 issues categorized as high risk malware (virut family mainly) which were all quarantined. I honestly was expecting 1 may be 2 issues, it was a long and very detailed list of malware which by right clicking each line would give me the option (excellent procedure by Emisoft) to automatically send the sample to Emisoft for analyses, which I did for all of them. One or two days later, I received 12 e-mails by Emisoft stating that 12 of those issues were FPs, and therefore I could safely restore them. Nothing about real malware. As I opened Emisoft's quarantine (while Emisoft was still updating) I could see virtually about 15 lines disappearing in real time from the list of malware, I thought that was quite impressive, the program being updated with my samples is acting straight away to restore the FPs. But then why the E-mails? The files were different, and when I tried to restore some of them, a dialogue window would ask me if a wanted to do it directly to the file as the program couldn't do it automatically. In the end about 6 files could not be restored by any means, and I thought that's not impressive at all. Now from an initial detection of 40+ rated high malware issues, minus the FPs automatically/manually restored under Emisoft's guidelines, I still have 14 issues quarantined, and I suspect they are also FPs: Is it possible for Emisoft to detect 14 issues ignored by the 11 scanners mentioned at the beginning of this post? I'm impressed by Emisoft own infrastructure of communication and very prompt response, but I can't help thinking the program is a bit too trigger happy in terms of FPs. I'm not complaining about Emisoft really, rather this little story proves once again that when a computer is heavily infected the only way to know it is clean beyond any reasonable doubt, is to re-install a clean copy of Windows. As for my malware/FPs I restored a recent image.