Emsisoft Anti-Malware & Emsisoft Internet Security 12

http://changeblog.emsisoft.com/2017...e-emsisoft-internet-security-2017-3-released/

 

http://changeblog.emsisoft.com/2017...e-emsisoft-internet-security-2017-4-released/

 

Does EMIS (or any other A/V) scan zipped files on download?

 

AFAIK, Emsisoft scans them when they're written on your hard drive. It doesn't scan https or https network traffic.

 

hmmm

Eagle-Eye hawki managed to fall for an email phising scam this AM. EMIS detected the java-script trojan that had been contained in an attached zip file during a context scan (EMIS was able to detect it both while zipped and unzipped), but it did not catch it when written or during unzipping.[Never read emails before your first cup of coffee.]

What really spooked me out was that after EMIS quarantined it and I deleted it during a Malware Scan, when I ran a Complete Scan that usually takes approx. 30 minutes, it only took ten seconds. It even took only ten seconds using "direct disc access." I was concerned that the trojan had managed to compromise EMIS in some way.

The trojan is categorized as very serious by Microsoft, but I have forgotten its name (doh) and immediately restored an earlier image so I can not reference it now.

The phishing email was styled as a notice from UPS of an "unable to deliver." The attachment was a copy of the purported shipping label. I fell for it because I am expecting a UPS delivery today.

Wondering how the crooks got my email and coincided their attack with an actual delivery date from UPS.

hawki does not feel stoopid enuf atm. There was no attempt to spoof the UPS email address and after I just jumped on the email cuz of legitimate concern expecting a UPS delivery today, I noticed the email was from a Russsian email address. OMG! DOH !

 

Eset scans all browser, client e-mail, or whatever else you designate using its web filter. All HTTP, IMAP, and POP traffic is scanned. HTTPS, IMAPS, and POPS traffic is also scanned if SSL protocol scanning is enabled.

 

EMIS does not scan https traffic at the browser.

 

@hawki
How do you have your File guard scan level set? Balanced or fast?

 

Balanced.

 

Hm that's strange. If you have set it up as Fast, this behavior would be logical. Did you open or run a file that was in zip attachment?

 

hawki, what would they say on Emsi support forum? That's a pretty serious matter.

 

Nothing official yet.

 

Nope -- just downloaded and unzipped it. When I saw the only file the folder contained was a java script, that's when I got suspicious and went back to take a closer look at the email. I scanned both the zipped file and the unzipped folder and EMIS ID'd it, I never ran it. What scares me is that it may have ran by itself without any action by me.

MSFT says that it downloads other malware and is capable of collecting and sending out personal info and data from an infected PC.

 

You can try checking here: http://www.amtso.org/feature-settings-check-download-of-compressed-malware/

I tested with the first link (ZIP Format) ,and the moment it finished downloading Emsisoft detected it.

 

For this kind of delivery method you usually have to run/execute it manually. It doesn't run just by itself. Image restore was still wise to do, if you wasn't sure.
Still strange how it wasn't identified when stored on disk...

 

FYI - http://www.peazip.org/self-extracting-archives.html . Test Emsisoft against AMTSO SFX archive test to see how it performs.

 

Probably an FP because of the nature of the site but when clicking on a download file, Avira Browser Safety blocks and says:

"security-features-check.com
This is a malware website"

The site does do browser fingerprinting.

 

No chance, just relax and be more careful next time, you are not infected.

This javascript is probably a downloader for a Ransomware and even if you did executed it, I am almost sure that Emsisoft behavior blocker would protect you

 

Thanks Nightwalker

 

Want to give EAM a spin. Are default settings ok or are there any tweaks that should be done?

Thanks.

Running W10 x64 Enterprise with CU.

 

I agree that the default Emsisoft guard settings are fine. The only Emsisoft settings I usually change are the ones related to notifications. I suppose this is totally a personal preference, but the default notification settings throw up more alert boxes for news items and updates than I care to see.

 

Thanks I may need to trial it later. It kept crashing Google Chrome and almost every one of my installed extensions.

 

Right now I am using WD together with Voodooshield, Win 10-64 bits. I wonder if I would have a better protection running EAM with VS?

 

Default settings are optimal (very rare these days), but I like to tweak a little:

http://image.prntscr.com/image/e204840f21f04a9286ed825e6caeba65.png