Emsisoft Anti-Malware & Emsisoft Internet Security 10 available

Discussion in 'other anti-malware software' started by emsisoft, May 10, 2015.

  1. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    We continue to look into these half open connections. It appears that for some reason some packets get dropped for some users during the connection cleanup. Essentially closing a connection involves various stages at which both the client and the server exchange various packets (FIN, ACK) to close the connection gracefully at both ends. Our server is sending the correct replies to close requests according to our packet logs, but these replies never arrive at the affected user's system according to packet dumps created by affected users. This usually indicates that something in between the client and the server is dropping these packets. Since there are dozens of different routers involved on the way from our server to the client, which are often operated by different companies, the error finding process has been extremely slow and tedious. The half open connections shouldn't affect anyone though. There is no traffic going through these connections. They just occupy a few bytes of RAM until they eventually time out and are cleaned up by the operating system.
     
  2. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Thanks for the explanation... means a lot Sir!
     
  3. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    This morning after updating EEK, I see it switched to the v10 engine, thanks Emsisoft!
     
  4. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    Now before anyone bashes me let me make something clear i use this product that i'm about to comment on for yrs.
    Why does emsisoft have a submit malware part in they product & don't really utilize it, when i submit unknown malware it take days into weeks before they reply that is not acceptable,what is the purpose of it if it don't function,i love this product but that makes my heart bleed lumps of frustration,another thing when you open emsisoft go to protection press manage whitelist now why will you make the whitelisting box so cramped up, makes a person feel claustrophobic, so is the case when going to surf protection checking your rules,the vertical lines goes off page or out of site,now i have been watching this from version 9 hoping it will get fix now this is 10 still no change now what is up with that?
     
  5. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    The fastest way to submit malware is in our forum or on our website. People unfortunately upload a ton of crap via the GUI so submissions there are always going to be processed slower.

    Can you make a screenshot and highlight what is bothering you? In general trying to sit things out is a surefire way to get disappointed. If you don't report what is bothering you, we can't know about it.
     
  6. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    https://imgur.com/ibzb9S6
    https://imgur.com/YkMaEnM

    when you open emsisoft go to protection press manage whitelist now why will you make the whitelisting box so cramped up, makes a person feel claustrophobic, so is the case when going to surf protection checking your rules,the vertical lines goes off page or out of site,now i have been watching this from version 9 hoping it will get fix now this is 10 still no change now what is up with that?
    The internal mechanism doesn,t work well & that needs addressing asap. If the product is global or striving to be then they must come to the realization that most people are not going to submit samples through forum.
     
    Last edited by a moderator: May 29, 2015
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I am not seeing this. Mine are all lines up correctly and not cramped. Sure your display settings aren't causing it.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I have come to realize, this is indeed the case; that only startup behavior is monitored along with a pre-determined list of apps it appears; browser, explorer, etc..

    This question with this approach is should a decision as to whether and unknown and unsigned app is safe or not be absolutely left to the user? I believe the correct default approach is to user allow but to whitelist the app to be monitored by the behavior blocker.
     
  9. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Are you aware you can adjust and move the vertical lines to the left or right so they fit the box? Like trjam, I have no issue currently, but have used this technique previously on the Protection/Behaviour Blocker UI so I can see every section without scrolling.
     
  10. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    It does work, but what Fabian says is the case for every vendor that gives the ability to submit files from within the GUI. People submit both malicious and non-malicious (crap) files via this sub method. Therefore, if it is urgent it's best to submit the file to the vendor(s) via other channels.
     
  11. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada

    Yes, you can move the lines, thats what I do to see everything.
     
  12. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    It is still in beta though. If you run into any issues, please let use know. Release is expected for the next couple of weeks, depending on the feedback we get.

    In an ideal scenario you don't want to leave any decisions to the user. Just allowing what is going on though will lead to missed infections. When you take a look at the AV-C results, essentially all "user decisions" would end up in real infections. Our goal is to eliminate user decisions eventually and we made a lot of progress in that regard by mostly improving our backend systems that power the Emsisoft Anti-Malware Network. We are looking forward to release similar big improvements to the protection client in the next few major versions.

    Just as a note, the GUI will also remember your settings. So you only have to adjust them once, if you want to adjust them and EAM should remember your preferences for the future.

    Thanks. I will suggest internally to make the whitelist window resizable.

    You can just adjust the width of the columns using the grips.
     
  13. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    Thank you Fabian for taking time explain & other wilders member also,once again thank you peeps.
     
  14. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    Emsisoft rules! ;)
     
  15. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Scheduled scan ran today (I have set for monthly) and the switch from v9 to 10 reset the scheduled scan to custom with nothing else listed, so scheduled scan was 0 files. I reset the scan option to Malware scan. Also automatic default setting for outbound firewall permission is set to allow. Shouldn't this be set to ask? I had changed my settings a long time ago. A new user may not know to check all the settings.
     
  16. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    The scheduled scan migration problem has already been fixed in the latest version. The default for outbound connections is to allow. Most users don't care much about what is going out. They mostly care about what is coming in. This is especially true as outgoing connections that are the result of possible malware activity are also covered by the behavior blocker and will trigger an alert anyways.
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Totally agree Fabian.
     
  18. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Okay, thanks for the response.
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Working great!
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I had just booted into this snapshot earlier this morning, when I got he following popup...

    ScreenShot_Emsisoft_EIS_unknown_01.png

    However, I didn't respond for a couple of minutes because I was in the middle of a scan with a another program. When it had finished, I responded to the popup, but mistakenly allowed it.

    Then my computer went into a freeze, and after waiting a few minutes, hoping for my system to clear, I had to force a reboot.

    After the reboot, I went looking in the EIS logs and found a change about the time of the initial popup.

    Screenshot_Emsisoft_EIS_unknown_02.gif

    I didn't like what I found, so I was trying to see whether I should delete, or not, when I got the following when I went and checked the logs again, a little while later. Apparently, an automatic correction was applied, as can be seen from this last screenshot. I hope all is OK, and that my computer wasn't compromised.

    Screenshot_Emsisoft_EIS_unknown_03.gif

    P.S...details of this site that was in the initial popup, can be found here
     
    Last edited: Jun 6, 2015
  21. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    I am having viruses quarantined info in file guard logs. But quarantine is empty.
    Screenshots in attachment. I think it is a false positive from bitdefender engine. I had the same issue when using GDATA. It may be a file relating to windows update but I am not sure (Coincidently there are windows updates today). I found a thread in Bitdefender forum: http://forum.bitdefender.com/index.php?showtopic=51858. Scans didn't find anything. Are they false positives? Does anyone have similar issue? My OS is windows 8.1 pro 64bit with media center. Can somebody check their file guard logs to see if there is any such alert?
     

    Attached Files:

  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I had a similar issue when doing some security testing. Also don't believe this is an EIS/EAM issue. I have both EAM and Eset Smart Security installed.

    When I downloaded the eicar.com file from the Eicar web site, I received alerts both from EAM and Eset SS. Now I have both thoroughly excluded from each other via whitelisting. EAM file guard does show it quarantined the file but EAM quarantine shows no ref. to the eicar.com file. The reason? Because eicar.com was actually quarantined by Eset SS.

    One of the trivialities of using two different security products. You can repeat this process by downloading eicar.com from the Eicar web site and monitoring what happens.
     
  23. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    Hi, I don't use multiple security products as real time protection. I have only EAM and hitman pro. I think you misunderstood due to my reference to GDATA. At that time I was using only GDATA. Now I am using EAM. My point is with reference to detections triggered by bitdefender engine which is used by both EAM and GDATA. The files which caused the alerts, discussed in the bitdefender forum and in the screenshot attached by me were similar. I just wanted to know whether it was a real virus or a false positive.
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Did you scan those file at the VirusTotal web site? If only a few engines detect something with those files, then EAM/Bitdefender alert is probably a false positive.
     
  25. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    570
    I could not do it since the file was not in quarantine.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.