Emsisoft Anti-Malware and Emsisoft Internet Security 9.0 Public Beta

Discussion in 'other anti-malware software' started by Fabian Wosar, May 5, 2014.

Thread Status:
Not open for further replies.
  1. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    I will suggest it internally.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  3. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    Thank you very much for explanation, Fabian.
    Once again I must say that newest beta works rock solid. I haven't noticed any craches, "pauses" or problems with internet connection.

    At this moment, only three things are on my mind:

    1. Do you think that behavior blocker is a little bit too sensitive? IMHO, it's a liitle bit, hmmmmm, noisy.
    For example, this is my "Surf Protection Log" after a ew days:

    Date PID Application Action Detection
    2014-05-28 21:26:08 4884 C:\Programy\Mozilla Firefox\firefox.exe Terminated by user STAT.4U.PL
    2014-05-28 20:12:59 5112 C:\Programy\Mozilla Firefox\firefox.exe Allowed by user ADSEARCH.ADKONTEKST.PL
    2014-05-28 20:12:58 5112 C:\Programy\Mozilla Firefox\firefox.exe Allowed by user CDN.BEHAVIORALENGINE.COM
    2014-05-28 19:49:25 5112 C:\Programy\Mozilla Firefox\firefox.exe Allowed by user LINKWITHIN.COM
    2014-05-28 19:24:51 1280 C:\Programy\Mozilla Firefox\firefox.exe Blocked by rule PICS3.INXHOST.COM
    2014-05-28 19:24:31 1280 C:\Programy\Mozilla Firefox\firefox.exe Blocked by rule PICS3.INXHOST.COM
    2014-05-27 22:02:29 3460 C:\Programy\Mozilla Firefox\firefox.exe Terminated by user CDN.OPTIMIZELY.COM

    None of my other AV's that I was using (Kaspersky, Eset, Comodo) with Hitman and MBAM (on demand scan) doesn't alert during visiting my favourite web sites.
    Is this a false positives ?

    2. Surf Protection popup: is it possible to inform which web site are caused the alert?

    At this moment that kind of information is missing, even in "view details". I think that would be helpful to detect which site are safe, particularly in the case when we are suring multiple tabs in one window.

    surf prot.png

    3. CPU usage: as you can see below, in my home computer the CPU usage isn't low at this moment. This is an example of my typical usage: a few (two or three) hours of web surfing. At the other hand, I admit that the memory usage was reduced during beta versions. I must underline that I haven't noticed any slowdowns.

    po quick skanie i 2 godz. korystania z kompa - obrobione.png
     
  4. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    1) Surf Protection module is not a behavior blocker.
    2) Check Hostname.
    ;)
     
  5. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    1) Yes, you're right. Sorry for mistake. Lesson learned: do not write a post while you're sleeping at keyboard :)
    2) The hostname is not enough. I'll give a example of web page which triggets this popup when I return home
     
  6. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    The surf protection is technically not the behavior blocker :).

    No, they aren't. They are all privacy risks (sites involved in user tracking, advertisement etc.). The privacy risks category in the surf protection is set to "Don't block" by default so you must have enabled it manually. In general, I suggest to put the privacy risks category to "Block silently" or "Block and notify". Otherwise you will get swamped with alerts because almost every major site uses some kind of analytics or user user tracking.

    No. The filtering is done on the protocol level and there is no context under which circumstances the domain is accessed. You would have to either keep track of all content coming over the network, parsing the HTML/CSS/JavaScript to figure out which content pulled in the blocked domain, which will not work for encrypted connections, wastes a lot of resources, and is very error prone, or implement the protection as part of a browser plugin, which is something we don't want to do due to the rapid release cycles many browsers adopted causing an constant development effort.

    That's a bug that has already been fixed in a new development build internally. You will most likely get access to that fix on Monday. Essentially it happens if there hasn't been any network activity passed on to the service for 5 minutes, which can easily happen if you don't use it during a coffee break for example.
     
  7. guest

    guest Guest

    yes you are right
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    That's a very good decision if you ask me :thumb:
     
  9. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    You've got 100% right. As I said before - my mistake at post writing.

    Once again, thanks for that explanation. I agree with that kind of aproach to privacy risks.

    Sound good to me. I'm looking forward to test it.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    And what´s the reason for this? Why will the HIPS be ditched?
     
  11. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Because it doesn't fit a security suite product targeted towards average home users in our opinion. By far the most common reason we get for OA refunds is that the HIPS is completely overwhelming. The behavior blocker provides a similar level of protection when it comes to real life malware but with a lot less noise. So it was the obvious choice for a home user product.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK, then I misunderstood. :)

    I thought that the behavior blocker (same as HIPS to me) would be scrapped from both EAM and EIS.
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I don't agree. The behavior blocker has been more noisy on my machines, and it does not give adequate information to make a decision to allow, or deny an action when prompted. To me it's no easier to use than OA HIPS. OA rarely ever prompts me for anything. About the only time I ever have to answer to any prompts from OA is when i'm installing, or upgrading software. OA has an excellent training mode so it does most of the work for you. OA HIPS provides superior protection in the hands of anyone that takes the time to learn how to use it. A user is just as likely to allow something malicious when prompted by the BB as they are with the HIPS except the BB will miss more threats than the HIPS will. There's a much better chance of a threat slipping by the BB than the HIPS.
     
  14. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Which is fine. We made sure not to break compatibility between EAM 9.0 and OA so if you prefer the HIPS, you can continue to use it.
     
  15. guest

    guest Guest

    Me too i preferred that Emsisoft kept the HIPS but i have to agree with Fabian's "home user view"; if you wander a bit on Emsi forum, many posts were about OA's shower of popups, especially for "Average Joe" users which HIPS is definitely not for them; they will finish to click Allow all the time.

    Not saying that Kernel Hooks based products are obsolete now, since they can be bypassed in many ways by hooks exploits tools.
     
  16. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
  17. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    A new beta build is available via online updates now.



    Changes in version 9.0.0.3994 compared to the previous version:

    • Fixed dozens of GUI glitches
    • Added windows 8 toast notifications for important events
    • Fixed occasional connection drops (EIS).
    • Improved licensing system
    • Improved Windows classic theme support
    • Modified self-protection
    • Improved behavior blocker alerts
    • Improved factory settings feature
    • Improved settings import feature
    • Fixed wizard update logic bug
    • Fixed incorrect update download progress bar problem
    • Modified surf protection notification popup
    • Fixed WSC problem when updating from v8 to v9
    • Fixed restart computer dialog
    • Improved support for additional languages
    • Added new icon for Commandline Scanner
    • Fixed flickering bug in data grids
    • Fixed bug in temporary shutdown feature
    • Fixed default actions and button focus of alert windows
    • Fixed file guard "block once" behavior
    • Fixed file version resources
    • Fixed content switching issue
    • Changed windows service name
     
  18. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    Action center still doesn't recognize I have a anti virus and firewall installed. Just going to turn off alerts as uninstalling and re-installing EIS is a PITA.
     
  19. Feandur

    Feandur Registered Member

    Joined:
    Jun 15, 2005
    Posts:
    429
    Location:
    Australia
    Any chance of a direct link to this new build?
     
  20. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello Feandur,

    The links are always available in the first post in the beta thread over on the Emsisoft Support Forums Here:
    http://support.emsisoft.com/topic/1...nd-emsisoft-internet-security-90-public-beta/
    The same links as on the Emsisoft Support Forums are also in the first post in this thread (as the post is copied from Emsisoft Support Forums).
    Note that even though the link states an older version, it will always download the latest version available. HTH ;) ...
     
    Last edited: Jun 1, 2014
  21. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Correct. It always points towards the same location on the server and we just switch the file. The only reason the first post still states the old version number is that I can no longer edit the post since the edit grace period is over.
     
  22. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    I've done the clean install of the previous beta (v. 3952). Yesterday, I've installed the newest beta via online update. Action Center properly recognized the EIS as an AV software
     
  23. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    By the way, is the v.3994 contains the fix of that bug?
     
  24. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Yes, it does. Do you still have high CPU issues?
     
  25. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Thanks for confirming :).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.