Discussion in 'other anti-malware software' started by Fabian Wosar, May 5, 2014.
I will suggest it internally.
I haven´t read every post, but in some other thread I read that EIS will ditch the HIPS component, is it true?
Edit: I read it over here:
Thank you very much for explanation, Fabian.
Once again I must say that newest beta works rock solid. I haven't noticed any craches, "pauses" or problems with internet connection.
At this moment, only three things are on my mind:
1. Do you think that behavior blocker is a little bit too sensitive? IMHO, it's a liitle bit, hmmmmm, noisy.
For example, this is my "Surf Protection Log" after a ew days:
Date PID Application Action Detection
2014-05-28 21:26:08 4884 C:\Programy\Mozilla Firefox\firefox.exe Terminated by user STAT.4U.PL
2014-05-28 20:12:59 5112 C:\Programy\Mozilla Firefox\firefox.exe Allowed by user ADSEARCH.ADKONTEKST.PL
2014-05-28 20:12:58 5112 C:\Programy\Mozilla Firefox\firefox.exe Allowed by user CDN.BEHAVIORALENGINE.COM
2014-05-28 19:49:25 5112 C:\Programy\Mozilla Firefox\firefox.exe Allowed by user LINKWITHIN.COM
2014-05-28 19:24:51 1280 C:\Programy\Mozilla Firefox\firefox.exe Blocked by rule PICS3.INXHOST.COM
2014-05-28 19:24:31 1280 C:\Programy\Mozilla Firefox\firefox.exe Blocked by rule PICS3.INXHOST.COM
2014-05-27 22:02:29 3460 C:\Programy\Mozilla Firefox\firefox.exe Terminated by user CDN.OPTIMIZELY.COM
None of my other AV's that I was using (Kaspersky, Eset, Comodo) with Hitman and MBAM (on demand scan) doesn't alert during visiting my favourite web sites.
Is this a false positives ?
2. Surf Protection popup: is it possible to inform which web site are caused the alert?
At this moment that kind of information is missing, even in "view details". I think that would be helpful to detect which site are safe, particularly in the case when we are suring multiple tabs in one window.
3. CPU usage: as you can see below, in my home computer the CPU usage isn't low at this moment. This is an example of my typical usage: a few (two or three) hours of web surfing. At the other hand, I admit that the memory usage was reduced during beta versions. I must underline that I haven't noticed any slowdowns.
1) Surf Protection module is not a behavior blocker.
2) Check Hostname.
1) Yes, you're right. Sorry for mistake. Lesson learned: do not write a post while you're sleeping at keyboard
2) The hostname is not enough. I'll give a example of web page which triggets this popup when I return home
The surf protection is technically not the behavior blocker .
No, they aren't. They are all privacy risks (sites involved in user tracking, advertisement etc.). The privacy risks category in the surf protection is set to "Don't block" by default so you must have enabled it manually. In general, I suggest to put the privacy risks category to "Block silently" or "Block and notify". Otherwise you will get swamped with alerts because almost every major site uses some kind of analytics or user user tracking.
That's a bug that has already been fixed in a new development build internally. You will most likely get access to that fix on Monday. Essentially it happens if there hasn't been any network activity passed on to the service for 5 minutes, which can easily happen if you don't use it during a coffee break for example.
yes you are right
That's a very good decision if you ask me
You've got 100% right. As I said before - my mistake at post writing.
Once again, thanks for that explanation. I agree with that kind of aproach to privacy risks.
Sound good to me. I'm looking forward to test it.
And what´s the reason for this? Why will the HIPS be ditched?
Because it doesn't fit a security suite product targeted towards average home users in our opinion. By far the most common reason we get for OA refunds is that the HIPS is completely overwhelming. The behavior blocker provides a similar level of protection when it comes to real life malware but with a lot less noise. So it was the obvious choice for a home user product.
OK, then I misunderstood.
I thought that the behavior blocker (same as HIPS to me) would be scrapped from both EAM and EIS.
I don't agree. The behavior blocker has been more noisy on my machines, and it does not give adequate information to make a decision to allow, or deny an action when prompted. To me it's no easier to use than OA HIPS. OA rarely ever prompts me for anything. About the only time I ever have to answer to any prompts from OA is when i'm installing, or upgrading software. OA has an excellent training mode so it does most of the work for you. OA HIPS provides superior protection in the hands of anyone that takes the time to learn how to use it. A user is just as likely to allow something malicious when prompted by the BB as they are with the HIPS except the BB will miss more threats than the HIPS will. There's a much better chance of a threat slipping by the BB than the HIPS.
Which is fine. We made sure not to break compatibility between EAM 9.0 and OA so if you prefer the HIPS, you can continue to use it.
Me too i preferred that Emsisoft kept the HIPS but i have to agree with Fabian's "home user view"; if you wander a bit on Emsi forum, many posts were about OA's shower of popups, especially for "Average Joe" users which HIPS is definitely not for them; they will finish to click Allow all the time.
Not saying that Kernel Hooks based products are obsolete now, since they can be bypassed in many ways by hooks exploits tools.
What is a HIPS? The technology behind Emsisoft Online Armor Firewall explained.
HIPS or behavior analysis – what is better?
A new beta build is available via online updates now.
Changes in version 22.214.171.12494 compared to the previous version:
Fixed dozens of GUI glitches
Added windows 8 toast notifications for important events
Fixed occasional connection drops (EIS).
Improved licensing system
Improved Windows classic theme support
Improved behavior blocker alerts
Improved factory settings feature
Improved settings import feature
Fixed wizard update logic bug
Fixed incorrect update download progress bar problem
Modified surf protection notification popup
Fixed WSC problem when updating from v8 to v9
Fixed restart computer dialog
Improved support for additional languages
Added new icon for Commandline Scanner
Fixed flickering bug in data grids
Fixed bug in temporary shutdown feature
Fixed default actions and button focus of alert windows
Fixed file guard "block once" behavior
Fixed file version resources
Fixed content switching issue
Changed windows service name
Action center still doesn't recognize I have a anti virus and firewall installed. Just going to turn off alerts as uninstalling and re-installing EIS is a PITA.
Any chance of a direct link to this new build?
The links are always available in the first post in the beta thread over on the Emsisoft Support Forums Here:
The same links as on the Emsisoft Support Forums are also in the first post in this thread (as the post is copied from Emsisoft Support Forums).
Note that even though the link states an older version, it will always download the latest version available. HTH ...
Correct. It always points towards the same location on the server and we just switch the file. The only reason the first post still states the old version number is that I can no longer edit the post since the edit grace period is over.
I've done the clean install of the previous beta (v. 3952). Yesterday, I've installed the newest beta via online update. Action Center properly recognized the EIS as an AV software
By the way, is the v.3994 contains the fix of that bug?
Yes, it does. Do you still have high CPU issues?
Thanks for confirming .
Separate names with a comma.