IMHO it's more an issue of convenience as opposed to effectiveness. Have to either use another two-way firewewall with a learning mode or manually configure Win FW by use of a Win FW skin or otherwise to block apps of your choice from communicating out. In otherwords = PITA. Also, Cuz most Msft apps are not digitally signed EMIS was a convenient way of blocking telemetry and other Mfst apps one does not use.
From what I know for the moment , EAM will prompt for unknown outbound connections via the BB, so it will change nothing for the average users. And I don't see any loss of protection in that regard. Personally I use WinFW since ages, I block all outgoing connections in all profiles and create rules on-the-fly when needed. By using next EAM, I can unblock outgoing connections and I won't need 3rd party extensions for WinFW.
Hopefully that is a correct statement, but not sure if BB will block only outbound connections by apps that behave like malware or if it will also block apps that are merely unsigned like Msft Photos, etc. What about signed apps. you believe have no legitimate purpose in making an outbound connection?
Yes that's right. No monitoring of outbound connections (built-in FW is not present any more), only BB checking whats happening with Win FW rules (for example malware trying to modify rules, trying to open WinFW for inbound attempts and similar). EDIT: better example would probably be malware trying to disable Win FW.
We have to remember that EAM is about blocking malware not any processes like anti-exe does. so it would be logical that the BB block only malicious outbound attempts by default.
Yes it would be logical if it had FW to control outbound attempts. Since it doesn't have one it doesn't monitor network connection attempts. At least I understand it that way.
https://www.wilderssecurity.com/thr...ernet-security-12.388577/page-18#post-2698348 That has been the case since the very first version of EAM and doesn't change now either. EAM always has been blocking suspicious outgoing connections as well as attempts to open ports locally in a suspicious manner.
OK, now I understand a little more where you've been coming from all along. Would be nice if there was a way to integrate all one's EIS rules directly into Windows Firewall's--guess that's not entirely possible, for obvious reasons Sounds like a lot of work with all these third party combinations--remember: this too shall pass, hawki, lol. Also, YOU informed me that Emisoft Anti-Malware was the one tested in AV comparatives all along, not Emsi Internet Security
Indeed the FW doesn't really matter in term of security unless it posseses IDS/IPS features, if the FW (the module itself) of a suite is the only one detecting a threat, it means all other components failed. However, in some special case (like Eternal Blue exploit), the FW is the only one blocking the attack if properly configured.
Thnx I missed that one. So some connections can be blocked by BB even without firewall. And new feature (controlling modifications to WinFW settings) is just another action controlled by BB.
https://support.emsisoft.com/topic/...internet-security-with-emsisoft-anti-malware/ and http://changeblog.emsisoft.com/2017/08/24/beta-updates-2017-08-24/
Also: https://www.wilderssecurity.com/thr...ernet-security-12.388577/page-18#post-2698348 and https://www.wilderssecurity.com/thr...ernet-security-12.388577/page-18#post-2698459
Sorry, bad wording from me. It should be "controlling modification to WinFW settings". Corrected in post, thnx.
AFAIK, it will only alert about apps that try to connect out in a suspicious way. And I'm guessing they also look at other behaviors that were triggered. If you want to simply to block all connections, you can use Win Firewall.
So if I have a third party firewall such as ZAP, there will be no benefit correct? It's like they want you to use a crap firewall (MS). Almost begging.
Of course there is a benefit to using a third party firewall provided it has a learning mode. That firewall would alert you to ALL outbound connections and YOU, rather than a pre-configured set of behaviors, would decide whether or not to allow it. (A third party FW might have a white list of trusted apps to save you from undue pop-ups.) The new EAM obviously will not tell you about what it allows through -- only what it considers to be a connection attempt resulting from suspicious behavior. Furthermore, I am not aware that Emsisoft has said that the fact that an app is not signed alone would trigger a behaviorial alert in the enhanced EAM. Don't believe the hype. The new EAM plus WIN Firewall is NOT the equivalent of EMIS. There is still something missing that will have to be added by contorted configuring of WIN FW, using a WIN FW GUI skin, or using a third party FW. You can get to the same place but not as simply as one could with the sweet EMIS package. Talk about throwing out the baby with the bathwater.
I agree. Do you remember Mike Nash, developer of OA. I said on the OA forum he was "sell out" sure he might have needed the money (probably gone now). He said emsisoft will make it better, blah,blah,blah. Never did believe him, and now I believe I was right, unfortunately. And emsisoft said it will be even better, what a load of crap. Took them about 5 years to destroy the firewall (OA) that was suppose to be the greatest thing ever. Karma will hit both of them.