What Happens with emsisoft ?

http://www.emsisoft.com/en/software/mamutu/
-->
Order Now
-->
https://shop.emsisoft.com/34/?scope=checkout&id=XmLFCUnxDB&language=en

 

Hi Fabian,

thanks for all these explanations.
Since few days, there is a large amount of updates for the guardian... Is it a new version or did you add some new rules in the behavior blocker ?
Thanks for your great job

caiusilus

 

What do you mean by the guardian?

 

The behavior blocker - same as mamutu - and integrated in the Anti-malware

 

Another strange issue... I just notice that after last updates, the GUI is no more avalaible in french
Not really a trouble (french translation was not so good...).

 

It's a small error in the French language file encoding. Guess it will be fixed soon.

If you really need the French language now you can do the following;

Disable Emsisoft Anti-Malware self protection (Configuration > General)
Find the French language file fr-fr.lng in Emsisoft Anti-Malware\languages\ folder.
Open the fr-fr.lng file with notepad. Choose; File > Save as, and select file type 'all files' and select Unicode instead of UTF-8 and press Save.

Enable the self protection (Configuration > General)
French language should be available again.

 

Thanks for the very quick reply
I'll keep the english GUI, it would gave me the impression I've got a new toy to play with ;-)

 

@Fabian

since 2011 there is not any update. is there any plan for new version?

 

The version number is a bit misleading. It is true that the GUI hasn't changed since 2011, but then the behavior blocker user interface in Emsisoft Anti-Malware hasn't changed since then either.

The underlying behavior blocker technology has constantly been updated though. In fact the last update was just about 3 weeks ago on 01/30/2013:

http://www.emsisoft.com/a2/changelog/mamutu/

Unfortunately the status screen displays neither the behavior blocker update date nor the behavior blocker version which makes it a bit confusing and may lead to the impression there haven't been any updates in a while.

 

i know mamutu is BB and it has "protect keylogger like activity" ability but it doesnt give any alert for Zemana, Spyshelter, AKlt leak tests.

what is the reason?

 

Behavior blockers in general don't react to leak tests. You could even argue that a reaction to a leak test is actually a false positive. While HIPS only care about whether or not a certain API was called or a certain action took place, behavior blockers care a lot about the circumstances.

From a behavior blocker's point of view leak tests are nothing like actual keyloggers. To name just a few things:

1. A keylogger is usually invisible to the user. It doesn't have any GUI or a tray icon. A leak test though does have a GUI to display what was logged.
2. Keyloggers also usually install themselves in the system and make sure they run automatically during boot. Leak tests on the other hand usually are just started by the user. They don't install themselves and never add themselves to the autoruns.
3. Just collecting what you type alone is not very useful. Keyloggers always have mechanisms that allow them to save what you typed or to send out what you type through the network. Leak tests usually don't do that.
4. Keylogger executables often "look" fishy. No icons, no version information, no digital signatures, usage of obfuscators and packers. Leak test executables on the other hand usually have a nice shiny icon, have proper version information and some leak test providers even signed their leak test.

So when a behavior blocker sees a leak test calling for example the SetWindowsHookEx API to install a window message hook it will notice that the application has the capability of logging keys, but all other aspects of the application point toward it being legitimate and not a keylogger, so it may decide not to issue an alert about it just yet.

I hope this explains why leak tests have a rather limited relevance when it comes to testing behavior blockers.

 

Yes, very good. thanks.

 

At the time of the EAM v6.0 closed beta, I asked if there were going to be any major updates and if the target information could be included into the pop-up(e.g. with code injection the target process) and I was answered that a major update was in the works for one of the next versions and the target information was already on the to-do list. It has been quite a while since then, do you have more info on these plans?