Emsisoft Anti-Malware 8.1 released

Good point of views.
I still wonder why EAM cant catch lots of cookies that HMP do. Or is it that they get through when i disable the guard from time to time.

 

The thing with cookies is, that it is incredibly difficult to determine whether they are good or "bad". Quite frankly, your browser does a way better job protecting you from tracking cookies, if you disable third party cookies and enable the DNT flag, then any outside application can, as the browser knows a lot more about the circumstances of how those cookies were created. That is one of the reasons why we will likely remove the cookie scan entirely in one of the next releases.

 

I think, there are some quite useful browser addons that can help to secure your system from "bad cookies", like Vanilla for Chrome or even ABP or Ghostery.

 

Oh i understand. I dont really care that much about cookies because cookies at least for me is not really a big deal but i always wondered why HMP always found so many of them.

 

Personally, I would prefer Disconnect over Ghostery, as the later will share information with ad networks. You can disable the information sharing by disabling the GhostRank, but it is enabled by default.

 

MBAM is the Kevlar for your head.
.

 

I never should have used that analogy because it only enabled people to create arguments based on pure speculation, which, thanks to the analogy, now seem more solid.

 

Sorry for a bit off topic.

Is HIPS of Online Armor freemium the same as of the paidee?

 

Take a look
http://www.areweprivateyet.com/
Thanks to sharing this information (statistics, and without ID you) they are able to add more and more trackers to the list, this is why now they are slightly better than ABP lists

Yes, http://support.emsisoft.com/topic/12457-oa-free-vs-premium/

 

Thank you. So from anti-malware tests follows that OA fremium (Standard Mode) is a bit weaker then OA premium in Advanced Mode as 90% vs 95%.

 

There was speculation by all sides.

 

Afaik GhostRank is disabled by default, and has always been like that.

 

I am pretty sure it was opt-out the last time I tried it, which admittedly has been a while ago. If they changed it to opt-in, that's great. In general I prefer Adblock Edge with customized filter lists, disabled third party cookies, and DNT header over Disconnect or Ghostery anyways, as Adblock and Ghostery/Disconnect produce a huge overlap in functionality from a technical point of view.

 

After trying Ghostery, I've decided to do a system scan it with MBAM....the result was somewhat unsettling:



Registry Keys Detected: 12
HKCR\CrossriderApp0020900.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0020900.BHO.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0020900.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0020900.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider.M) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider.M) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440244094400} (PUP.Optional.CrossRider.M) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550255095500} (PUP.Optional.CrossRider.M) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider.M) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider.M) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider.M) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider.M) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Ghostery IE\Ghostery IE.dll (PUP.Optional.CrossRider.M) -> No action taken.

 

- Does EAM use the latest BD engine?

 

Yes...and signatures as well.

 

lol and methinks Ghostery IE was not one of them

So Fabian was that 6k in unique PUP applications or 6k in new unique signatures you guys added ?

 

I am running v8.1.0.35, and decided to run my first custom scan.

However, I wish I hadn't because I don't believe the results. I think in future I think I will forego this type of after the event scanning.





P.S. I system restored to a point previous, after running a HMP scan which didn't seem to run well.

 

Looks like FPs from Bitdefender....I hope you have reported them.

 

I really shouldn't need to...

 

Hi! Ghostery for IE uses Crossrider framework that has also been used by unsavory parties in the past. That said, Ghostery for IE acts same way as Ghostery for any other browsers, and PUP (Potentially Unwanted Program) in this case is a false positive.

 

See a follow up in the Prevx Releases thread - Scan results that are confusing... here

 

Trying out 8.1.0.31

When I do a deep scan, it finds :

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS detected: Application.Win32.InstallExt (A)

What are these two beings and how do I get red of them?

In general, when emsisoft finds something, how do I get information on it?

Thanks.
C.