Emsisoft Anti-Malware 8.1 released

Discussion in 'other anti-malware software' started by emsisoft, Aug 19, 2013.

Thread Status:
Not open for further replies.
  1. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    312
    Location:
    Nelson, New Zealand
    Emsisoft Anti-Malware 8.1 is a maintenance update for improved performance, detection, and removal.

    What’s new in Version 8.1?

    * Lighter real-time protection: Reworked File Guard and Behavior Blocker routines to reduce resource usage significantly, making the software lighter and faster than ever before.

    * New Hybrid Updates: 95% less update traffic on average thanks to the clever combination of incremental and differential updates.

    * Broader PUP detection: Special treatment of potentially unwanted programs (PUPs), such as browser toolbars and buttons, allow for much more aggressive PUP detection and removal in the future.

    * Better Malware removal: Improved speed and precision when cleaning infections.

    * Improved accessibility: Optimized support for screen readers and braille lines.

    Download: http://www.emsisoft.com/en/software/antimalware/

    As always, the new version is free for all customers with a valid license and can be obtained by performing an online update.
     
  2. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
    Good news :) I will try it soon :)
     
  3. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    Since a few other people asked about it already:

    http://i.imgur.com/o4KxeJC.png

    That is the new step we introduced into the wizard. Quickly explains what PUPs are and requires the user to select whether he wants us to detect PUPs or not.

    If you have EAM already installed, you don't have to reinstall or rerun the wizard to be able to configure whether or not to detect PUPs. Instead you can just go directly to the File Guard configuration and change it there:

    http://i.imgur.com/IeVdfdC.png

    This option also influences the on-demand scans. If you have set PUPs alerts to anything but "no detection", PUPs detection will be enabled by default for all predefined as well as custom scans.

    You can easily test whether PUPs detection is working properly by downloading and running the AMTSO PUP test file. If everything is working and you set the PUP alerts to show an alert, you will get a message like this:

    http://i.imgur.com/4oCikda.png

    If the test file is running, it will also be picked up by the on-demand scanner:

    http://i.imgur.com/io1uJvZ.png

    That's about it. So if you are confused about where to find the new settings, now you know. And you also know how to test that everything is working properly :).
     
  4. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    617
    Location:
    Wembley, London
    Very nice update, especially love the cleaner more readable alerts.
    Well done folks :thumb:
     
  5. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    Thanks for the informative writeups on the new features! You've made it much easier for me to enable this detection on my boxes running EAM. I think the screenshot you've included with the install wizard will be very nice for new users to understand. :thumb:

    I just checked a couple OpenCandy bundled installers on VT, but neither was detected by Emsisoft. Will it take awhile for the new detections to be reflected at VT? Is the new sourceforge adware one of the detections? Is there a list someplace of the adware EAM is now detecting?
     
  6. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    We decided to ask VirusTotal not to enable PUP detection. It helps to keep overeager lawyers away, that just check files at VirusTotal, have no clue how to interpret the results they get, ignore all kinds of additional information, and show up at our forums waving around with lawsuits.

    I don't think so. In general we just created the technical ground work to enable broader and more aggressive PUP detection. The next weeks will be the time where our analysts will actually put the new features to work by extending the signature database. That will take quite a bit of time. There are tons of PUPs out there that we need to go through.
     
  7. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
    EAM is not detecting eicar.com test file downloaded using firefox 23.0.1. Addons installed are ABP, downloadthemall, google/yandex search link fix, no script with javascript globally allowed setting, zscaler search engine security. I have set firefox to ask for download location everytime. EAM works correctly if I choose to use downloadthemall in the download dialogue and also with IE 10. My OS is windows 8 64 bit. Also there are no alerts if I try to double click eicar.com test file. But when I try to extract it from zip archive it is blocked and quarantined. I have also set to additionally scan all files when read in file guard settings.

    I had a BSOD showing APC index mismatch error. I am not sure if it is related to EAM and also now I have deleted the windows error reports and dump using ccleaner. I will keep EAM for some more time and see how it works.
     
  8. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    Fabian Wosar ,it's very impressive indeed...:D
     
  9. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    im·pres·sive........

    having the ability to impress the mind; arousing admiration, awe, respect, etc.; moving; admirable: an impressive ceremony; an impressive appearance
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Interesting. Appears this file has a way to get IE9 download checks? I went to site to download and received the IE popup to allow download to proceed. I didn't not select anything but immediately got the EAM PUP alert for the test file located in internet temp storage. Appears PUP scanner is accessing upon create which is what I have EAM realtime scanner set at.

    The only thing a bit confusing was the alert to restart and immediately another EAM pup alert identical to the first(?) prior to my selecting the restart option. I set the PUP handling to "notify and quarrantine."
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Smart move:thumb:. I believe VT would be interpreted as public domain.
     
  12. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    Try to disable the extension filter in the File Guard settings. Firefox downloads the files as *.part files first (which isn't included as an extension to scan) and then renames them, which is one of the operations the File Guard won't trigger a scan for. That being said, the file will still be scanned when being opened. Just try to open the file using Notepad for example.

    We had one report about a similar BSOD. But those BSODs happened and continued to happen even without EAM being installed. Back then it was triggered by a Metro app ("Great British Chefs" if I remember correctly).

    That being said, I will gladly look into any minidump you are able to provide if it happens again.
     
  13. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    784
    It is now very fast in my machine , finally :thumb:

    I dont know what changed , but it really made a difference here.
     
  14. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    Glad you like the changes we made :).
     
  15. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    That's an interesting insight. I had no idea this was going on - what a strange world we live in.

    The new version upgraded fine and is running great here. Thanks!
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Good news :)

    Perhaps it's better to clarify that in the settings or make a separate setting for on-demand scans. It's a bit confusing now, I didn't read this earlier and was searching for a way to turn on PUP detection for on-demand scans.
     
  17. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,228
    Location:
    North Texas
    Just downloaded...very nice! :thumb:
     
  18. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Sweet! Better PUP detection and 95% less update size is fantastic. I think I already asked but when will these changes be rolled into EEK?

    EDIT: Appears a new EEK was released today. I ran it and it asked about the PUPS, so it appears the changes have already been applied to EEK. Woot!
     
    Last edited: Aug 19, 2013
  19. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520

    Thanks :) Changing file guard settings to scan all files solved the issue with firefox :thumb:

    So far no more BSODs :thumb: I will provide the dump if it happens again.
     
  20. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    Correct. It has already been updated.
     
  21. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
  22. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    4.0.0.13 is the newest version. The 4.0.0.12 announcement in the blog is from July 12th when 4.0.0.12 was released ;).
     
  23. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    Oh, yeah...my bad....:oops:
    I saw "Posted on August 19th, 2013" right above the EEK title but it belongs to EAM announcement.
     
  24. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    787
    Location:
    Germany
    Don't worry. I can see how it is confusing ;).
     
  25. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    So basically you will transfer cloud based signatures from AMN to database more often ? (I am thinking about the PUPs).
     
Loading...
Thread Status:
Not open for further replies.