Emsisoft Anti-Malware

I last checked for EAM updates about six hours ago...I am not an insomniac, I just woke up in the early hours of the morning...so, what does one do, but check for updates...LOL

Spoiler: screenshots

 

Since, I am going into my limited peak ISP bandwidth usage with my ISP, I have just terminated access through the firewall for EAM....I don't need it until I choose to manually update EAM, which I just did a short time ago.

Spoiler: screenshot

 

The excessive bandwidth usage should be fixed in build 5167 that was published yesterday.

 

OK...I gave EAM access through the firewall to get build 5167... Then it ran into a problem as per the screenshots. The last screenshot shows ''that an error has occurred", but I can't put any details in the box because it won't take any keystrokes, or send an error report... Time to close the browser after this post is made, and reboot. See what happens, then.

Spoiler: screenshots

 

Back after the reboot, and it appears all is OK...

Spoiler: screenshots

 

From the get-go I'm a "fanboy" of EAM. Period. No bloat, stellar test results all around via AV-Comps, etc. And through various sources I've managed to renew an annual license with EAM for a whopping $10 (roughly) over the past two years. And yet, I'm finding it difficult to justify paying another annual fee with Sandboxie on board and surfing under Shadow Defender protection 98% plus percent of the time. Giving due consideration of switching to EEK or the Panda freebie (and this is NOT an invite to an A vs B comparison.) I s'pose the answer may be if the "plug and play" works for ya-- go for it; and, of course, mileage may vary. Truth of the matter is I'm only paying for an AV/AM app nowadays. The Mods are cordially invited to delete or move this post to a different thread if it appears irrelevant or conceivably contentious in context.

Edit: To each their own. I should've thought of that.

 

Here is a list of features I would like to see in EAM:

1. Exploit protection - Fabian already stated this would require a major re-write of EAM code.

2. Active web filtering - Presently EAM's web filter is a blacklist of bad IP addresses/domains. It is quite good but blocking at the IP level is an effort in futility these days. Would like to see something along the lines of what Eset has in Nod32 and Smart Security.

3. E-mail client protection - Again along the lines of what Eset has where minimally, the standard IMAP ports are monitored.

4. Improved updating - I am tired of my PC locking up during the first boot of the day until the EAM update completes. Nothing I have tried including limit the amount of CPU cores the scanner/updater uses seems to minimize the issue.

5. More detailed information via logging when the behavior blocker detects something. Detecting a hidden download is great but exactly what was the task attempting to do?

 

No.3 recently got kicked out?

 

I never said that. I said, that implementing exploit mitigation will break compatibility to a lot of other AVs which also implement exploit mitigation. It is not a technical problem at all but a problem of how a major part of our user base is using our product.

This will require us to break SSL/TLS to be effective, which is something we won't do.

The majority is using webmail nowadays. The small percentage that doesn't is fragmented to dozens of clients, which have no or rather unstable APIs for AVs to plugin properly. Avoiding that means breaking SSL/TLS again, as most providers try to migrate all of their users to use encrypted connections, which, as mentioned before, we will not do.

That sounds more of a problem with signature loading. Our own signatures are loaded within milliseconds on most systems. We can't really influence Bitdefender's loading speed. You can try to enable the Bitdefender signature cache though. Just create a file named cache.000 in the Signatures\BD folder. You will have to stop EAM/EIS before though. Otherwise the self-protection will not allow you to create any files.

The goal is to not have any alerts eventually. Not to make them more elaborate.

 

What is it for? Learn more about this

 

Well, it's a cache. Speeds up loading of signatures after they have been loaded once before.

 

Can this be included to work inside the software automatically?

 

What's the drawback in enabling the cache? Or asked differently, why is it not enabled by default?

 

Well, the cache is invalidated during every update. Meaning, Bitdefender will write a new copy (about 150 MB) to disk, greatly increasing I/O during the signature reload after an update.

 

Agreed on the SSL/TLS issue. However, web filtering of HTTP and non-encrypted HTTPS traffic could be done.

Thanks for the tip on the cache.000. Will give it a try.

 

Unencrypted HTTP already has an expiration date. There are various malware families that transitioned to HTTPS already and more will follow. Not to mention that future standards will make TLS defacto mandatory. I think our time is better spent elsewhere to be honest.

 

Bitdefender engine get updates every hour, it will really increase I/O in a unhealthy way.
Is it worth?

 

I can't create any file in Signatures/BD even when I shutdown EAM. I opened Explorer under admin and still get permissions error when trying to write to that directory.[/QUOTE]

 

You can also just temporarily turn off self protection under Settings/General. That will allow you to create the required file even with EAM/EIS still running.

 

With this said, adding exploit protection to EIS won't break compatibility with other anti-virus products since it wasn't supported to begin with. Correct?

 

Correct. We considered adding it only in EIS as well, but if we want to go that route we will likely include it in both EAM and EIS.

 

@Fabian Wosar
Which is a stronger selling point, compatibility with other anti-virus programs or exploit protection?

 

At the moment compatibility.

 

Coincidentally that fix has stopped the network traffic function in Kingsoft PC Doctor...and since I don't believe in coincidence, I think the change you have made with the last build 5167 update seems the likely cause.

Spoiler: screenshot

 

[/QUOTE]
That worked! Thanks. Will monitor tomorrow monitoring at first boot.