Discussion in 'other anti-malware software' started by Fabian Wosar, May 5, 2014.
Too bad was a nice utility.
The moving dot was replaced by a white glowing effect of the shield icon.
Okay I just ran update and saw it.
No problems so far. GUI is fine. Most important thing is seeing the three check marks under 'Protection'.
The rest, I don't care too much about.
Default rules are sufficient. It comes down to personal taste really. These are the few settings I like to change and my reasoning:
Under Protection/File Guard:
Set scan level to "Fast" which means, the File Guard will only scan files if they are about to be executed. This is mostly to reduce overhead without compromising security.
Disable "Protect the computer even if no user is logged on". Slows down the system boot considerably and has no real benefit unless you regularly leave your system without a user being logged on (like for example File Servers).
Disable "Only scan files with specific extensions". If the File Guard thinks a file is about to be executed, it should always be scanned, no matter the extension. Will most likely make no difference in real world though.
Set the action for both malware and PUP detections to Alert. I hate auto quarantine .
Under Protection/Firewall/Automatic rule settings:
I set the preference for "Unknown programs" both to Ask. I like knowing if an application that Emsisoft Internet Security doesn't know anything about and doesn't trust is trying to connect to the Internet. Again, it will most likely not make a difference in real world as malicious connection attempts to the Internet are covered by the Behavior Blocker as well.
Disable "Activate memory usage optimization". I bought my RAM so the applications I have on my system can use it. There is no point in getting 4 GB or even more RAM and obsessing about an application using a few hundred MBs of those 4 GB. Especially if I get better system performance and responsiveness in return.
Hope those hints help .
Yes, it is. Server rules deal with incoming connections, client rules with outgoing connections. They are just different presets.
Do you happen to use any email filter or scanner? Some of them will redirect the traffic to a local proxy. I know Avast did that in the past for example. Not sure if that is still the case.
Glad you are liking it and it works well for you. Make sure to let me know if it changes .
Fabian, thanks for the hints, it's really appreciate
So EIS + OA isn't recommended.
I'm testing EIS on a VM and I do have Avast on my main machine
but I have the mail scanner disabled
just in case I created a new VM and disabled Avast on the main machine
installed EIS and configured Thunderbird with the preset rules
created a new email account, and the result was the same
Never a good idea to install two firewalls especially from the same vendor, but there is no problem using EAM+OA like you're doing now. I personally dropped EAM+OA and now using EIS only.
I remembered when creating rules in OA for torrent clients
I had to add a bottom rule blocking everything,
otherwise OA would allow and add new ports per the client request
so I created block rules for Thunderbird in EIS along the preset ones
and this time things worked as expected,
Thunderbird said it could not connect to the server
is this problem of emsisoft internet security suite, i am installed in win 7 x64 fully updated and no other security program installed.
when i start other system with same win 7 x64 with i3 and 4 gb ram, i do not got this error message, so is the related above said.
Good Morning! Just have EIS and AppGuard...in tandem...from the couldn't be happier department...over and out! Sincerely...Securon
Thank you for your update, Securon .
Thanks. We will be looking into this issue. Good catch!
I am glad you found a workaround that works for you, but it shouldn't be necessary to begin with. If you set the default behavior to Ask for outgoing connections, then it should ask if the connection doesn't match your specified rules and not just allow it through.
I presume you mean Protection/Firewall/Automatic rule settings
yes it should work, but what I mean is that the presets (email client, web browser etc.) are flawed
there should be a bottom rule to either Ask or Block like in Comodo
also there should be more default ports in the Email presets
It is hard to tell from just a screenshot. Any chance you can create a crash dump of the application showing the error message? That should give some more insights .
Great release! I've been looking forward to a brand new GUI and finally merging OA with EAM.
I'm using Windows 8 x64 and testing EIS 9.
1) When downloading a .exe file... will EIS 9 show a toast notification that the download was checked and clean/infected when finished in the final release of 9.0? The same goes when EIS 9 encounters tracking cookies. I know you said:
Windows 8 toast notifications aren't integrated yet.
Does that apply to the above scenarios I described? Will I see toast notifications in these scenarios?
2) I really miss "Run Safer" option from Online Armor because this eradicated vulnerabilities in a way EIS 9 never can. Will a similar "Run Safer" option become available in the future?
The toast is triggered whenever EIS displays a dialog on the Desktop that the user needs to react to. Triggering a notification for every scanned file that was found to be clean or every cookie that was blocked will cause a flood of notifications. The main purpose of the toasts is to tell the user that something needs his intention while he is using Metro because otherwise he may not know why his Metro app stopped working as an alert on the Desktop is not immediately visible. The toasts are also very limited in what they can do. So we can't move the allow or deny options directly to the notifications either.
Run Safer adds next to nothing if you are already using a non-admin user, which is the default on Windows Vista, 7 and 8 thanks to UAC. So it is extremely unlikely to make in comeback. However, exploit mitigation and protection is something we are looking into at the moment as a possible upgrade to our behavior blocker in the future.
Thank you for a quick answer.
For those of us who disable UAC and still want to restrict, for instance, Internet facing applications, Run Safer was a good feature. However, if some kind of exploit protection is in the roadmap for 9.1 I'd say I'm satisfied enough!
Are you sure you actually disabled UAC? Disabling UAC on Windows 8 has some huge ramifications, because it is used for example to isolate the app container processes that Metro uses. So disabling UAC breaks all Metro apps and is the reason why you can't do it in the normal user interface. You most likely have it set to just allow everything without any further dialog, which still runs all applications as a limited user except the applications that ask for admin rights. However, in those cases Run Safer will more than likely break the application, again rendering the potential benefit questionable at best.
So...is that a thumbs up? I'm tempted! RR