Emsisoft Anti-Malware 8.xx Sammelthread

The problem has stopped occurring! Maybe it was a problem I had trying to install .NET Framework v3.5 in order to run VoodooShield.

 

No, I was not. I assume you are referring to classic viruses and worms?

As such, I can buy your argument. Primarily since the above are somewhat in the threat minority today. And as you pointed out, a virus will modify code to the point that even if cleaned, the code will still have problems running as intended. Hopefully, the Bitdefender realtime scanning engine will keep on top of the signatures so the bad guy is caught upon access.

 

Not even worms. Just plain file infectors. Viruses that infect existing files. Virut, Sality, Expiro, Polipos etc..

 

good program

 

Updates.

I think we are going backwards here. EAM updating after first cold boot took 10 mins and downloaded 22+MB. Connection sat idle to EAM servers during much of the 10 min. update duration.

 

Now thats weird. It takes seconds here.

 

Updates.

Things back to normal today. Probably a problem with Emsisoft servers yesterday.

 

Emsisoft Anti-Malware 8.1.0.2 with BETA updates enabled:

Added special handling for Potentially Unwanted Programs (PUPs).
Fixed rule submit issue on x64 systems.
Fixed a crash bug when switching to the logs dialog.
Fixed a minor bug in updater module.
Fixed several potential memory leaks.

 

Lovin' it!

 

Yes. Let the war on PUPs commence!

Now, please merge Online Armor with Emsisoft Anti-Malware and ditch either behavior blocker of EAM or HIPS module of OA with a nice, quick and good looking GUI!

 

Are you sure you aren't a member of our Tester group?

 

Nooooo dont say that, Online Armor HIPS is a jewel. They should never stop developing it!!

 

Emsisoft Anti-Malware 8.1.0.3 with BETA updates enabled:

Improved PUPs handling, added illustration in setup wizard.
Improved license end notifications.

http://changeblog.emsisoft.com/2013/08/13/beta-updates-2013-08-13/

 

I was a pair of years back. No more though as I don't qualify for it anymore due to lack of time!

 

Fabian - question on EAM keylogging and screen capture protection.

I ran the old AKLT test and EAM passed with flying colors. However, I did not receive any alert from EAM on any test? EAM also let AKLT startup without issue?

 

Wait what?
It passed but it also failed? I think you meant OA passed and EAM failed.

 

No. Don't have OA installed.

The AKLT tests, 8 or so of them, are run individually. You start your browser. then AKLT, and run each test.

It is normal for many AVs and behavior blockers to stop AKLT at its startup and display an alert since AKLT displays "keylogging" type behavior. In that case, your allow AKLT to run; otherwise you cannot do the individual tests. In other cases, the anti-malware software has whitelisted AKLT. It that case, no alert for AKLT startup would be expected.

My questions to Emsisoft are:

1. Does it whitelist AKLT?

2. If it doesn't whitelist AKLT, then why was not a EAM behavior alert generated when AKLT started up?

 

Because AKLT is not designed to test behavior blockers. It is designed to test HIPS. I went into the specifics before here:

https://www.wilderssecurity.com/showthread.php?p=2192678#post2192678

 

What is the average download size of updates for a month? I am temporarily using a limited bandwidth connection and I am reluctant to use EAM (I have a license) or any other av using bitdefender technology for that matter.

 

Thanks. I didn't see that prior posting.

 

Not to happy with EAM performance on latest AV-Comparatives anti-phishing test. Anyone have any stats on how effective it is when used in combination with IE's SmartScreen filter?

 

They are still bigger compared to other AV's. At least thats what i feel but since bandwidth is not a problem for me, i dont really care.

 

We never advertised any phishing protection in EAM. In our minds phishing protection is more of a internet security suite or browser feature. Based on that, 89% detection rate is surprisingly good. Personally I expected the ratings to be much lower.

Once the suite product is out (there, I confirmed it ), we will likely spend more time on the phishing protection and improve it further, as it makes more sense for a full suite product.

 

When I was using EAM I found that sig updates were 300-350MB/month.

I made a backup copy of the current sigs just before an update and then after an update, I used FreeFileSync to compare files to see changes and additions due to the update. You can export the file list and copy/paste the list to a spreadsheet. By adding the date of the update I could see the change in file sizes and new files over a period of time.

I found that BitDefender has a large number of files that are/were 'grouped together' for 'replacing' older versions, in their entirety, once a month. That amounted to downloading the equivalent of the BD sig file folder each month even though it seemed very little new data had been added.

I found that EMSI, on a given day, created a new file with a few records, then added more the next day and downloaded the entire file the next day, for about 4-5 days. This occurred over several days so that, for both BD & EMSI, the 'same' data was transmitted 'many' times just to add (or delete) a relatively small amount of data. And, occasionally, EMSI had some problem that, after the problem was 'fixed', required about 50MB of sig files to be downloaded.
The combined overall size of BD & EMSI sigs was about 191MB so you can see that the downloads for a month were about 1.5 times or more due to downloading the 'same' data repeatedly rather than using differential updates as done by other vendors.

J