Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Emsisoft
What's good about Emsisoft?
Message
<blockquote data-quote="notabot" data-source="post: 841230" data-attributes="member: 75970"><p>Thanks for the very detailed response Fabian ! much appreciated !</p><p></p><p>Does your AMSI module block obfurscated/encrypted/high entropy scripts? also a couple of questions specific to Python AMSI</p><p></p><p>1) does your module cover/include python?</p><p>2) while other runtimes covered by have a de facto installation point as they usually come from microsoft, python typically has no default installation point (is Visual Studio, python org install python runtime at diff points by default) and also there are venvs with which we end up with an interpreter per project effectively - does your AMSI module deal with these Python idiosyncratic factors (incl venvs), or it would only work with what interpreters are pointed to by global environment vars?</p><p></p><p>Also regarding Javascript, would AMSI be turned on if someone has installed node.js runtimes on their machine, or it would only work with the default microsoft interpreter?</p><p></p><p>I realize AMSI has issues, but it is what it is, whitelisting interpreters is unfortunately not an option so even if flawed I want to be sure it works as well as possible.</p><p></p><p>Features like: Windows Firewall Config via web dashboard and cloud check before allowing an app to run would be awesome ( provided the cloud checkup can cope well with updates when the hash changes ) -- these are really cool things that would be huge pluses imo. It's really awesome that the web console is out for home users btw </p><p></p><p>Also one question about your BB. Let's say for the sake of the argument that a user visits a webpage using Chrome, the webpage in turn runs an exploit and compromises Chrome. Chrome is now acting maliciously ie, trying to launch other already installed binaries or it opens a port or starts a powershell process or uses COM interfaces that Chrome does not normally use etc etc. These are not common behaviors for Chrome but they're not easy to detect, unless someone keeps track of usual (parent process, child process) , (process, dlls commonly loaded), (process, com interfaces) interactions, does the BB check for suck things or performance hit would be too big?</p><p>I'm asking as no matter how hardened, the browser can always be a weak link, if Emsisoft does do these checks, then eg I'd be happy to stop using Application Guard for browsing.</p></blockquote><p></p>
[QUOTE="notabot, post: 841230, member: 75970"] Thanks for the very detailed response Fabian ! much appreciated ! Does your AMSI module block obfurscated/encrypted/high entropy scripts? also a couple of questions specific to Python AMSI 1) does your module cover/include python? 2) while other runtimes covered by have a de facto installation point as they usually come from microsoft, python typically has no default installation point (is Visual Studio, python org install python runtime at diff points by default) and also there are venvs with which we end up with an interpreter per project effectively - does your AMSI module deal with these Python idiosyncratic factors (incl venvs), or it would only work with what interpreters are pointed to by global environment vars? Also regarding Javascript, would AMSI be turned on if someone has installed node.js runtimes on their machine, or it would only work with the default microsoft interpreter? I realize AMSI has issues, but it is what it is, whitelisting interpreters is unfortunately not an option so even if flawed I want to be sure it works as well as possible. Features like: Windows Firewall Config via web dashboard and cloud check before allowing an app to run would be awesome ( provided the cloud checkup can cope well with updates when the hash changes ) -- these are really cool things that would be huge pluses imo. It's really awesome that the web console is out for home users btw Also one question about your BB. Let's say for the sake of the argument that a user visits a webpage using Chrome, the webpage in turn runs an exploit and compromises Chrome. Chrome is now acting maliciously ie, trying to launch other already installed binaries or it opens a port or starts a powershell process or uses COM interfaces that Chrome does not normally use etc etc. These are not common behaviors for Chrome but they're not easy to detect, unless someone keeps track of usual (parent process, child process) , (process, dlls commonly loaded), (process, com interfaces) interactions, does the BB check for suck things or performance hit would be too big? I'm asking as no matter how hardened, the browser can always be a weak link, if Emsisoft does do these checks, then eg I'd be happy to stop using Application Guard for browsing. [/QUOTE]
Insert quotes…
Verification
Post reply
Top