Emsisoft Anti-Malware 9 released

Discussion in 'other anti-malware software' started by emsisoft, Jun 18, 2014.

  1. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    They usually take 24 hours to reply but sometimes it can take a bit longer.
    In my experience, they have never taken more than 24 hours for a reply.
     
  2. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    I don't have a answer how to fix it, but I have my main desktop as well as my laptop who both have EAM + Macrium. Both of them work without
    any conflict since almost two years.
     
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,935
    Location:
    UK
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Silver

    As I said in the Macrium thead, I had already mad those settings and they work fine for me. On Win 7x64
     
  5. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    For some reason Macrium crashes on some 64 bit systems when EAM is installed. We haven't been able to reproduce the issue yet, but we are looking into the issue. The easiest fix is to just exclude Macrium from EAM, so EAM won't interfere with it at all. That is by the way not the same as creating an "All allowed" rule as the Macrium knowledgebase article suggests which is why those instructions won't work. Instead you need to go to Protection/File Guard/Manage white-list. Add a new entry of type "Process" and select the Macrium Reflect executable (reflect.exe if I recall correctly). Make sure all 3 check boxes are set. Macrium will work as expected now.
     
  6. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    EAM + Macrium are working fine together on my notebook.
     
  7. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    994
    Where is the "of type "Process" checkbox" located? I checked all 3 boxes on the whitelist. Macrium still does not work on that computer. Win 8.1 Pro, 64 bit.

    I submitted a ticket to EAM over 48 hours ago. No response. I did not even get a validation response when I tried to register on their forum.
     
  8. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    There is no such check box. Just click the very first cell in the grid where it currently says "File" and switch it to "Process".

    Like most companies, our support staff, with the exception of malware removal support, is not working over the weekend. We do answer within 24 work hours (so if you send a mail on Friday 12 PM you will usually get an answer by Monday 12 PM).
     
  9. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Good morning Fabian,

    Any plans for the final release? The latest beta version is very stable (at least on my computer):)
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    A very quick question about the HIPS/BB, how does it block or detect hidden processes? :)
     
  11. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    994
    Thanks. That fixed it. I was not aware that there is a drop down box there as the normal arrow is not there.
     
  12. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    There are always plans for final releases. I mean, we don't start updates or new products without the intention to release a final version eventually. I know that is not what you asked, but it surely beats the "when it's done" reply you would have gotten otherwise ;).

    You need to be more specific. What exactly do you define as a hidden process?
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  14. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Invisible means not visible to the user. Meaning: No window, no tray icon, no task bar entry while it is running. It will still show up in the Task Manager though.

    Processes that are clearly running, because the behavior blocker records activity for the process, but that doesn't show up in the process list and are invisible to the Windows API.
     
  15. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Since EAM 9.0 is released, will EEK be updated soon?
     
  16. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    It's in internal beta testing at the moment.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I forget to response, thanks for the feedback. :)

    Another question: on Win Vista/7/8, rootkits can´t modify the kernel except when they bypass PatchGuard, so can they still hide processes?
     
  18. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Available now for testing:





    Removed link, It is up to Fabian Wosar to post links. It may not be in public testing yet

    Peter2150
     
    Last edited by a moderator: Aug 9, 2014
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    It would be nice if the download speed of updates could be optimized for EEK.
    When I updated EEK, it downloaded about 50MB of updates, I hadn't timed it exactly, but it was more than just a few minutes.
    My internet connection is certainly not the limiting factor; theoretically, with instant maximum speed, I would be able to download 50MB in 4 seconds.
     
  20. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Let's keep the topic on EAM, thanks :)
    I am sure when EEK is ready to be linked and promoted here it will be done by the EMSI staff.
     
  21. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    228
    Location:
    UK
    Just out of interest, I'm noticing that the popup notifying the number of updates in v9 seems to be reduced from around 12 to 10 million. Is this as a result of some drastic housekeeping at your end or more efficient algorithms?
     
  22. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    I noticed that as well.
    Well done EMSI team :)
     
  23. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    They often clean duplicated signatures from in-house engine.
     
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Yeah, they clean up the signatures from time to time to keep it lean.
     
  25. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    You can always try to hide a process through a user mode rootkit or alternatively hide it inside an unsuspecting process through code injection.

    The actual download is by far the least time consuming part of the update. We are already using a very well established CDN to ensure good download speeds for all our customers. But good throughput doesn't matter much if you waste a lot of time renegotiating TCP/IP connections because the signature database consists of hundreds of files as well as recompiling those signature files locally on your system to safe bandwidth.

    Well, if it is in our blog, it is safe to be posted. I just have taken over some additional responsibilities within the company, so I had a few particularly busy weeks :).

    So yes, we released a public beta of Emsisoft Emergency Kit 9. It is available here:

    http://blog.emsisoft.com/2014/08/09/emsisoft-emergency-kit-9-beta-available/

    We try to reduce the number of signatures on a constant basis. We do this mostly using two techniques:
    1. Since we do have two engines, the Bitdefender as well as our own engine, we are constantly disabling signatures in our own engine as soon as Bitdefender adds detection for the same sample. There is simply no point in keeping 2 signatures for the same file around.
    2. We regularly make passes on all detections with the goal to combine as many of them as possible. In this process we usually identify commonalities between many malware samples of the same malware family and target those commonalities specifically. This often allows us to replace hundreds and thousands of signatures that each detect a single sample each with one signature that covers all those samples that were previously covered as well as future versions belonging to the same malware family.
    The reason we try to keep the number of signatures as low as possible is to reduce memory usage and overall system impact on our users' systems. So what you are seeing is completely normal and just reflects our daily commitment to offering the best protection for your system while keeping resource usage to a minimum.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.