Emsisoft Anti-Malware

Emsisoft fixed some errors in surf protection in a recent build. Surf protection is mainly based off hpHosts list which is who determines what websites are added and removed from the list and for some reason they added bloomberg.com. Only thing you can do either tweak or turn off surf protection. I don't think complaining to hphosts will help much.
h**p://hosts-file.net/default.asp?s=bloomberg.com

 

Both are yearly.

 

But why would anyone select the "Allow to Run, but Check Behavior" setting?

 

Pretty much word for word what I'd say about EAM.

It's a top quality AM and with Mamutu as well I couldn't get anything past it.If the next version,due out soon,is lighter on resources,I'd be more than happy to have it on my main system.

 

Have you ever tried to?

 

Oh yes indeed.

I was playing around with it (v5) on a VM looking for the optimal settings and it blocked all the malware I threw at it.Mamutu can be set up to lock everything down very tightly.Not exactly an AV-C endorsement I know,but it impressed me .

It was only the very noticeable system lag that stopped me using it as my main defence.

 

This is incredible. I did the same and mamutu failed 80% of my malware samples (no alerts and no records in the logs). Willing to get my samples? They are pretty numerous, though, because I collected them for years. And they and not "just the samples", they introduce different tricky techniques that allowed them to bypass different security in the past, this is why they had got to my collection.

BTW. There is not any sense to use EAM and mamutu together because EAM uses the same proactive engine mamutu does.

As for "..can be set up to..", I don't accept this as an option. This would hardly make a user happy to know that "if he set up", he would not be infected.

Edit: and I don't mind to get your collection. it's always interesting to get new toys to play with

 

Yes please PM me with info on your samples I'd like to test them out and I can provide a few bits.

I did tweak the BB to monitor specific apps,etc. and ramped it up to the paranoid setting,so this would have a bearing on the results.I may just have got lucky with the stuff I threw at it too.

When I say Mamutu I'm referring to the inbuilt component withi EAM not the standalone product,I should've made that clear.

 

let us know please

 

I've always considered Mamutu pretty weak, and this is coming from a "fanboy"
That's why i will pair it with OA which is almost bullet proof + SRP

 

I've always found Mamutu to be very strong.

The problem with a lot of testing, is that instead of testing on one file which a user would likely come across, some people will download and launch several at a time (unlikely to happen in a real-world environment), then you don't know which file impaired the system.


alex_s, I'd contact the guys at Emsisoft, or they contact you to test some of your samples out. What was the result on the system once it was bypassed, system lag, or do the files seek to delete system files etc?

 

I don't mind that they contacted me. After all, they should be interested to improve their software

Testing conditions - VM/XP/32, samples started one by one, mamutu blocks/alerts at least something - success (which doesn't mean real success, this is just to simplify the things), mamutu is silent - fail. I also was able to disable a2service by manually modifying registry. And key-loggers. Most of the tests failed despite the declared antikeyloggers support. I haven't tested it with the ransomware, but I have a feeling that this vector is not covered as well.

 

Thanks for the info.

I try to keep things in perspective, that, sometimes the bullet-proof protection users seek, can mean a program with more pop-ups than a user has brain cells.

For the everyday common samples, Mamutu I believe is doing better than any other behaviour blockers available, in my opinion.

 

Yes, this is known issue. Security and usability contradict to each other

If you sincerely think this I'm not going to bring you round. But you said "I could never get it be passed". I do not know just a single product that really could never be passed. The difference is only in the number of the passes

 

You also need to add that Alex_S is a guy who developed Online Armor long before emsisoft acquired it. This is to make the picture more complete.

 

is it same person?

 

According to emsisoft developers, to have OA and mamutu at the same time is useless because both will alert you about the same stuff the only difference is that mamutu will do it less. This is why they don't implement mamutu on OA.

 

Yep. This is true. I don't know why Peter thinks this is important to know. I criticize not only mamutu, but PFW (for the same things, BTW), Comodo for only being strong in paranoid mode, Zemana for false x64 support. And I never worked for Comodo, PFW or Zemana.

 

You should be banned forever

Just kidding

 

maybe you work for emsisoft or maybe you are undercover FBI agent

 

LOL. Actually, nobody really knows who is there, at the other side of a monitor

 

exactly

 

Hi Alex,
i would be interested to know your security setup..if you don't mind.

b/W what is your choice of products for firewall and AV?

Thanks,
Harsha.