Emsisoft Anti-Malware 8.1 released

What i gleamed from the McAfee article is what we have here is a bogus installer with a valid certificate. I don't think it comes as a surprise currently that digital certs cannot be 100% trusted these days.

The question is how will EAM's Mamutu respond to this? Would if allow everything since the app is trusted? Or will it detect the installation of the unsigned .dll into svchost.exe? I would think it would. Also if one is running EMET 4.0, it would catch it.

 

i tell what when i test Emsisoft Anti-Malware 9 i keep a look out for that for you

 

Are these accounts from the same person?
Looks weird.

 

Are you talking about members here on Wilders, or?

 

Yeah, feels as if they were spamming/trolling.

 

Most likely part of the CDN we are using.

The installer isn't bogus. It is a completely legitimate and valid installer. It just has a bug that is abused by malware.

Online Armor as well as EAM have special handling for those cases. Online Armor will throw an alert like this:

http://i.imgur.com/AwC1R5f.png

EAM will simply not trust the process.

 

Nice, this is the first time I've seen a HIPS protect against the DLL loading vulnerability and inform about it as well, instead of just saying Process 'X' wants to load DLL 'Y'.

 

Well, not exactly. In Fabian's example, the .dll to be injected was sourced on the desktop. I am sure any respectable HIPS would catch that one.

In the McAfee example, the installer was using the trusted user32.dll to inject the unsigned MSIMG32.DLL.

 

I used the very same malware sample to take the screenshot that McAfee describes in their blog.

You would be surprised.

 

a very good support from emsisoft (specially from fabian), I still think EAM is the best paid product

 

but in online armor it says to investigate not blocked

 

You need a new hobby pal

 

sorry i will be testing avs for a long time

 

Thats the thing of a HIPS. It takes time and patience to know what you are doing. Google is your best friend.

 

Without any own experience!? who called youtube testers are 100% fool-proof and 100% correct.They are all home grown tests.You have always tried to force your opinions and views on AV's on others.You are NOT the boss anyways.Everyone have their own views and opinions.You dont need to boss around.Given the fact,you follow immature testers and tests and on top of that your facts are nothing but rubbish and secondly your alter ego is annoying.Whatever disability excuse you give has no match to your rubbish replies.

If you want to be respected,get the basics right and learn how to respect good things and opinions and put the immature things to the fire.You should boycott all immature tests or any test to the fire because no testbed is 100% and everything has its own flaws.What is more important is how a product works out fro you or your concerned user in the real world.

I know you and your friends have been doing these type of immature tests since ages and I know how pasionate you guys are.Any tests these days are useless with the influx of malwares coming out everyday.

1/10 made me reply. >arguing with us on wilders about AV's effectivness >no own experience >quoting commercial and home grown testers >2013

Learn the basics first,forum policy gives you enough about these type of home grown tests:

If you still cant get your stuff right,then this place is not for you.

 

I didn't say they don't, I said blocking in combination with being informative about it like that. It shows the requested DLL path, and the original Windows DLL path and informs about the DLL loading vulnerability. Most other HIPS would just throw a prompt X.exe wants to load Y.dll and then the user has to notice Y.dll is located in the Desktop folder for example, and not in the System32 folder.

 

I am experiencing some large updates again, I think it started two days ago ...

8 ~ 12 mb each update

 

Same here. Started 2 -3 days ago.

 

Thanks for letting us know. The problem has been solved and small updates are available again!

 

Emsisoft Anti-Malware 8.1.0.19 with BETA updates enabled:

Program freeze issue fixed.
Minor GUI bug fixed.


Emsisoft Online Armor 7.0.0.1862 with BETA updates enabled:

Filtering invalid MAC addresses feature blocking valid addresses – fixed.

 

You are 11 days late......

 

To remind

 

New Softpedia review:

http://www.softpedia.com/reviews/windows/Emsisoft-Anti-Malware-Review-387635.shtml

The Good

It provides comprehensive protection against all sorts of malware and can function along with other security suites.

The default configuration fits multiple user types and is flexible enough to offer more advanced users the possibility to customize how their system is protected. Notifications and the number of alerts can be cut down automatically, based on community input and other settings.

The Bad

The traditional interface could drive users away from it. The main application window features entries that point to different sections of the developer’s website and news notifications are turned on by default, showing up from time to time on the desktop.

The Truth

During our tests, Emsisoft Anti-Malware 8.1 managed to score high as far as the detection rate is concerned, proof that the Emsisoft-Bitdefender scan duo is highly efficient.

However, the availability of some extra layers of protection (e.g. for financial online transactions, exploitation of vulnerabilities), would make it more appealing.

 

Official web page still shows 8.1.0.4 as the latest version.

 

Will be fixed ASAP .