OA free & EAM paid how to avoid overlap?

Ok in Securon's thread it's mentioned running Online Armor & EAM together produces duplication/overlap of features.

I am running Online Armore free & EAM paid. How should I setup both to use the better of the two for certain tasks and to avoid overlap?

 

Good Evening! Zapjb...excellent question. All I know is my history and learning curve trying to work my way...through Firewall 101...places me in the Learning Curve...Hall Of Shame...LOL! I'll be the observer as On-Line Armour is from my view point a very sophisticated app. And how will Emsisoft integrate it with EAM...in the proposed Security Suite. Sincerely...Securon

 

Good Evening! Update...Update! Just removed WSA Security Plus and HMP. Now things are much more responsive. I've got a suspicion that On-Line and EAM...are all that's needed. On-Line provides Banking Protection and Keylogging Protection. I think the KISS principle has finally come into play. Sincerely...Securon

 

Yeah well that's nice Securon.

But let's stay on topic.

Anybody know where to cut the overlap between OA free & EAM paid?

 

Hopefully this is what you are looking for, my friend.
hxxp://support.emsisoft.com/topic/11710-eam-oa-exclusions/

P.S. : I don't think anything is overlaping each other. Each feature works differently.

 

That's part of it. Thank you.
I had already done: "Here's how to exclude Emsisoft Anti-Malware in Online Armor".

But I just did: "Here's how to exclude Online Armor in Emsisoft Anti-Malware".


Next I'd like to know if there's any redundancy. Whether OA free or EAM paid handles the tasks better. And how to disable the lesser capable program of those tasks.

 

If you really want to do that then disable the BB part of EAM and use the HIPS, or disable the HIPS part of OA and use the BB. Those are the only things that I think may be overlaping each other. There are some users here who have lots of experience with Emsisoft's products, like Noob for example. Or you can directly PM the developers.

 

Hey! I see someone mentioned my name.

I've been running EAM and OA for almost 2 years and they work great together. I've everything enabled (BB and HIPS) and they dont seem to have conflicts. As others mentioned, i've whitelisted (Excluded) OA in EAM and vice versa.

Nothing to worry about, use it with confidence.
If you have any problem i recommend posting in the Emsisoft support forums, they are quick and really help you. I used to have some problems with OA a few years ago, they worked with me for a month sending me experimental builds until they fixed it and then released the update for everyone else. Top notch service!!

 

I just did post in the Emsisoft Forums.

I'll post if I get any official bites.

 

Free version does not include banking protection: http://www.online-armor.com/products-online-armor-free.php.

 

Want to expand on that thought?



I want to know if there's any redundancy. Whether OA free or EAM paid handles the tasks better. And how to disable the lesser capable program of those tasks.

 

Good Evening! Zapjb...un-install the Free Version...and install the premium paid version for the 30 day trial period. Then some of the answers your looking for might be answered. Sincerely...Securon

 

Good evening Securon,

Whats the paid version have to do with me? Nothing that's what.

What helpful information do you have to impart by your statement, "un-install the Free Version...and install the premium paid version for the 30 day trial period. Then some of the answers your looking for might be answered."

Again my setup is OA free & EAM paid. I will not buy or use OA paid.

My unanswered question is, Is there any redundancy? Does OA free or EAM paid handles some tasks better? And how to disable the lesser capable program of those tasks?

 

Good Evening! Zapjb...firstly kindly keep your attitude in check...I understand your frustration...now lets try to resolve a solution. On my thread KJdemuth uses the Free Version...get feedback from him...also Escalader...and Ripcord...are both users...not sure if their using the Free or paid version. Let's keep our communication civil and respectful...best of luck. Sincerely...Securon

 

My frustration is not that the answers I seek are not yet forthcoming.

It's the disregard for the questions asked.

I thought that was clear when I keep on restating my questions.

 

OA definitely does a better job protecting you against unknown threats if thats what you are looking for. Reason is . . . as you already know HIPS basically alert you of everything, although at default settings OA is set to auto trust apps based on its digital signature, whitelist and cloud information. (You can disable all of them but its not recommended unless you are patient and ready to answer LOTS of pop ups)

If you want, you can disable EAM BB but its not really that annoying and i feel its so light that basically it doesnt affects the computer performance so i just leave it on.

 

If anything, I would disable the HIPS and leave the proactive protection to EAM's BB, but then OA as a whole would be kind of pointless. That's what I was trying to say in my posting in the other thread.

HIPSes have been bypassed in the past by malware, so you don't get 100% protection from them anyway. EAM showed an impressive result of only 3 compromised cases of 1.109 samples in the latest AV-Comparatives proactive protection test, two of those were already fixed, when the test was conducted.

OA's HIPS is not tested as thoroughly as EAM, so it's already very hard to say how much protection it offers on its own. Many people here are operating on the assumption, that OA covers what EAM misses, but I have not seen any evidence for that. On the contrary, most of the time it will just ask you to allow a lot of things again, which have already been green-lit by EAM. That's what I was referring to when I was speaking of overlappings.

If you really want to beef up protection, which is already rock solid as it is (in the case of EAM), don't use a HIPS, but look at anti-executables, policy restriction and virtualization applications like DefenseWall (x86), AppGuard, NVT ERP, Voodooshield, Sandboxie, Shadowdefender, etc.

Best regards

 

Personally i consider OA HIPS a loooot more robust than EAM BB. Im not a malware analyst but i've seen some apps do things without my knowledge and EAM BB didnt even beep but OA always had it under control.

 

Are you talking about malware or applications, which were running on your system?

 

You have a good point here. Almost all HIPS tests I have seen published are for outbound leak testing. To test a HIPS effectiveness against inbound threats, you would have to turn off any off any realtime anti-malware protection and see how effective the HIPS was. The only mitigation would be to block the malware from access. It would still be resident on your PC. You might be able to delete the object that was blocked but anything associated with the malware would still be present unless sandboxing was in effect.

 

Actually if you run EAM's Mamutu in paranoid mode, you have a full fledged HIPS and will receive an alert for everything. Also a rule will be a added for each application.

I beleive Mamutu and Program Guard offer pretty much the same protection capability. The main difference your ability access to individual program rules. Using EAM's Mamutu default settings, you will only see rules for previously unknown applications. In OA's Program Guard, you will see applications detected and their applicable trust status.

I have seen Emsisoft state that EAM's Mamutu monitors trusted applications but I have not seen any proof of that other than a program change alert after updating an existing application.

 

Mamutu does monitor trusted applications but it only alerts you about things that have not been trusted/allowed before. Also when you update an app, Mamutu will ask you again the same things that have been allowed/trusted before because the file changed.
Still, even in Paranoid mode Mamutu doesnt even comes close to OA HIPS granularity.

 

Could you please explain what you mean with granularity?

Detailed notifications about applications' activities und the user's involvement in the decision making process may give you a sense of transparency, control and security. Yet this does not necessarily mean that you are actually more secure. A HIPS can only give you control about the things it can control itself. The amount of control is limited by the each HIPS's own inherent shortcomings and the user's ability to configure and handle the software properly. Even if you take user inaptitude out of the equation, it cannot make up for the software's inaptitude. HIPSes have failed before and not only occasionally.

So how can you say that a HIPS covers everything a solid anti-malware software with one of the best proactive detection mechanisms misses?

In no way am I implying that EAM catches everything. Indeed I think it would be foolish to assume that. Of course the software has its own limitations and may very well be bypassed by very professionally programmed malware. It's only sensible not to rely on it alone, when you know of these limitations, and there are several options to achieve more security. These options will allow you to cut down on realtime protection or even give up on it completely, if they are configured properly.

Yet a HIPS is the last thing I would take into consideration. It's just another monitoring program with its own limitations and a lot more user interaction. Most of the time it will ask you to allow the stuff which should run in the first place. Then comes the devious piece of malware and slips through its grasp, no user ineraction required.

 

I just wish there was an official guide by Emsisoft. Stating the overlaps & which is best to disable & here's how.

 

Hopefully when OA and Anti-Malware is under one hood all these questions will be taken care of...