Emsisoft Anti-Malware and Emsisoft Internet Security 9.0 Public Beta

Discussion in 'other anti-malware software' started by Fabian Wosar, May 5, 2014.

Thread Status:
Not open for further replies.
  1. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Was EIS recognized before? The fix prevents the Windows Action Center registration from breaking during the update. However, it won't fix registrations that are already broken.
     
  2. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    I think I do. I'll try to run some test to figure out what's causing the CPU usage (during update, scan, web surfing etc.).

    po 6 godz. korzystania z kompa.png
     
  3. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Don't see it. CPU usage is at 0% compared to the constant 25% shown in the previous screenshot.
     
  4. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    The percent usage of the CPU is fine now. Sorry, if I wrote my thoughts not clearly enough.
    I'm curious about summary time usage (4th column). It's higher that my prevoius AV's, ESET especially (2,3 minutes in similar circumstances).
     
    Last edited: Jun 1, 2014
  5. DarkyXxX

    DarkyXxX Registered Member

    Joined:
    May 20, 2014
    Posts:
    12
    It's not working on Windows 8.1 x64

    1. I have deinstalled the old IES 9 Beta
    2. Installed new Setup from yesterday
    3. WAC Shows Emsi correct.
    4. After a short Time there are new Updated Program Updates (Beta Updates enabled)
    5. Reboot
    6. EIS 9 isnt showing in WAC again :(

    Here are an Update Log from the Program Updates:

    Allgemeine Informationen:

    Update Beginn: 01.06.2014 17:27:34
    Update Ende: 01.06.2014 17:28:03
    Dauer: 0:00:29
    Update erfolgreich
    Detail-Informationen:

    24 Module, 23094654 Bytes
    Signatures\BD\emalware.i73 (1299 Bytes) - geupdated
    Signatures\BD\e_spyw.i20 (1218 Bytes) - geupdated
    Signatures\BD\update.txt (349 Bytes) - geupdated
    Signatures\BD\emalware.314 (4437 Bytes) - geupdated
    Signatures\BD\emalware.i72 (1120 Bytes) - geupdated
    a2hosts.dat (1047 Bytes) - geupdated
    a2framework.dll (1776997 Bytes) - geupdated
    a2guard.exe (1963091 Bytes) - geupdated
    a2service.exe (2166657 Bytes) - geupdated
    a2update.dll (1862025 Bytes) - geupdated
    a2wizard.exe (2364574 Bytes) - geupdated
    a2wsc.dll (46158 Bytes) - geupdated
    logging.dll (679101 Bytes) - geupdated
    resource.dll (4191046 Bytes) - geupdated
    a2contmenu.dll (1339292 Bytes) - geupdated
    a2contmenu64.dll (1673754 Bytes) - geupdated
    Languages\en-us.lng (1227 Bytes) - geupdated
    a2toast.dll (895049 Bytes) - geupdated
    a2start.exe (2631892 Bytes) - geupdated
    defaultrules.dat (1168 Bytes) - geupdated
    a2core32.dll (1250 Bytes) - geupdated
    a2hooks32.dll (94037 Bytes) - geupdated
    a2hooks64.dll (101752 Bytes) - geupdated
    a2cmd.exe (1296114 Bytes) - geupdated
     
  6. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    940
    Location:
    Canada
    The first version of the beta worked, every update since and I am having trouble with my Action Center recognizing EIS. Also, EIS wants me to restart computer after every update again, I thought that was fixed but this morning same old thing.
     
  7. vonvon

    vonvon Registered Member

    Joined:
    Apr 30, 2006
    Posts:
    49
    Location:
    Near Paris, in France
    The same at home, beta update and WAC don't recognizes EIS.

    Before, after a fresh install all was ok.

    Waiting ...
     
  8. DarkyXxX

    DarkyXxX Registered Member

    Joined:
    May 20, 2014
    Posts:
    12
    I have fixed my WAC Issues.

    Had to do some manuell cleanup in the registery.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,762
    Location:
    The Netherlands
    Perhaps I´m a bit slow, but I´m still confused. Isn´t it correct that both EAM and EIS only have a behavior blocker component, they never had a HIPS component? And people who are not happy with OA, probably don´t know how to operate a HIPS, so no surprise. :)
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    EAM contains the behavior blocker. Online Amor which is the firewall and part of EIS contains a HIPS component. Also since EAM is part of EIS, EIS contains a behavior blocker.
     
  11. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    OA is part of EISP, not EIS.
    ;)
     
  12. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Got a new machine so I now have a dedicated antivirus test rig. Decided to break it in by giving this program a shot.

    Installation:

    It went smoothly except for one part. After the initial installing screen Emsisoft seemed to get stuck. a2wizard.exe (I believe) jumped up to using 200MBS but nothing happened. Going into the start menu and clicking Emsisoft Anti-Malware seemed to fix it from its loop and open the setup screen. Maybe it was just a one time glitch don't know if anyone else has seen it before.

    Memory Usage:

    It stayed at using 200MBs for a bit, I am going to assume that was because of the behavior blocking mamtu engine because I in the past have had issues with that. However as of now it has dropped down to 5mbs. Very impressive Emsisoft Team!

    I am going to do some malware blocking tests next to see if the engine is working smoothly on my machine and watch for that CPU usage. Other then that its running smoothly so far. I will update after the malware testing.
     
  13. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Emsisoft did very well on the on-demand scanning of malware samples however I noticed a few other things. One thing about the testing I did notice is EAM does not detect the eicar test file on execution only with an on-demand scan. Is this by design or a glitch? Oddly enough same thing happened with SpyCar deteted on-demand ran freely on execution? This seems like a bug?

    The UI is laggy: Why does EAM need so much memory to open the UI. On my machine opening the UI takes about 191 MB for the UI to open. On my other machine with Panda it sometimes spikes up 70/80 MBS but never 200. It eventually does drop down but it spends a while at 200 MB Also sometimes when switching screens in the UI the old UI page overlaps with the new for a short time. It overall just does not seem to transition smoothly. When open and working the UI is wonderful and I believe its a great layout just needs the smoothness kinks worked out of it.

    a2service.exe spikes: For some reason the private working memory usage of a2service.exe likes to spike when opening applications. I understand that is due to scanning but it seems to spike to about 200MBS when opening apps such as Firefox, the EAM UI. Then it falls back down to 120MBS, and then it sits at 50MB for a while, till finally going down to a much calmer 5 mbs
     
  14. Ciach0

    Ciach0 Registered Member

    Joined:
    May 13, 2014
    Posts:
    37
    Eicar test file is properly detected on my system. Additionally, I deactived the "Surf Protection" and "File Guard" before download the file. After that I executed eicar file. Detection worked in all cases.

    eicar.png
     
  15. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Well that is very strange EAM is reporting no issues but that makes it seem as if none of the shields are activated. I have rebooted the machine and still it only seems on-demand protection is working. Is their some sort of logging tool or logs I can submit to see what in the world is going on? My machines updating at this moment but I'd love to dive in and see what's causing this glitch
     
  16. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Gave Emsisoft a fresh install and now everything seems functional. I dont know what went wrong the first install the UI was not telling me anything was wrong but something glitched somewhere. Now lets see if it stays working this time.
     
  17. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    We just released a new beta build today. Version number is 9.0.0.4021 for both Emsisoft Anti-Malware as well as Emsisoft Internet Security. If you have beta updates enabled under "Settings"/"Updates" the new version will be installed automatically.

    Changes in version 9.0.0.4021 compared to the previous version:

    • Improved Windows Security and Action Center integration
    • Text links will work properly now
    • A rare updating issue during the first time installation wizard has been fixed
    • Various dialogs have been adjusted: Network management, hosts import, overview screen, behavior blocker alerts
    • Various orphaned files have been removed from the setup
    • Several smaller graphical glitches when maximizing the program window have been corrected
    • License handling has been improved
    • The behavior blocker has been extended to cover certain malware families better
    • Dozens of smaller fixes for various smaller GUI glitches
     
    Last edited: Jun 5, 2014
  18. DarkyXxX

    DarkyXxX Registered Member

    Joined:
    May 20, 2014
    Posts:
    12
    WAC issues are finaly gone @update vis Beta Updates.
     
  19. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    I have just installed EIS 9 and the first scan detected the following suspicious files.

    Not sure if these are FP and can be ignored or not. If I select quarantine the 17 registry keys are quarantined but not the four 'Setting.****' detection's. I cannot then move in any direction because if I then select next I get a message asking if I want to quarantine the remaining four detections. If I then click 'yes' EIS fails to quarantine them and I get the same message again - if I select 'no' the same message occurs again. A never ending loop.
    As I was running EIS under Shadow Defender I was able to reboot and start again. This time I chose to ignore the detections and not quarantine them. I was then able to use EIS normally until it did a scan when I was back in the same situation as when I started.
    Can these entries be ignored, manually deleted or are they FP's.
    Other than this small blip I am finding EIS very light and a keeper.
     

    Attached Files:

  20. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    You can uncheck them if you are sure that you or some other legit program made those changes.
     
  21. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Just been doing some google searches on these and it seems that the finger of suspicion points to WSA (which I've been using) creating them.
    Will just ignore them and see what happens.
    If WSA is the culprit then I'm not very impressed.
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,762
    Location:
    The Netherlands
    To be honest, I never really understood what behavior blockers are all about. I´ve read that they will only alert if a certain amount of malicious actions are triggered by an app, but does this make any sense? I mean, almost every single action that HIPS are monitoring can be used in attacks. I don´t really believe in behavior blockers being "smarter" than HIPS.
     
    Last edited: Jun 5, 2014
  23. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Seems like you guys released the Beta to the public through automatic updates. I just got V9 Beta automatically though the updates. (i have the Beta updates on)
     
  24. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Likewise :thumb:
    Nice job!
     
  25. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Installed the latest build still smooth sailing here. The guards are all still active, and I see the undetected files I quarantined are all detected now.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.