A sneak peek on Emsisoft’s version 11 series

[jamescv7]

Conducted review (Oct 26, 2015)

Observations throughout the review:

1) 12/20 mix up from zero day up to one day old samples (including phishing sites/IFrame scripts)
2) with PUP detection enabled it prevents all the randomize samples.
3) with PUP detection disabled, bypass instantly without any real signatures or cloud from AMN.
4) I tested two random phishing sites and seems Emsisoft didn't recognized it.
5) BB with AMN enabled tends to blocked already 6/10 (without pop ups)
6) BB with AMN disabled seems no pop ups directed for possible malware infections.
7) A perfect 21/21 for on demand scanning test (PUP Enabled) / Without PUP 19/21.

 

[Online_Sword]

BB with AMN disabled seems no pop ups directed for possible malware infections.

Then the malwares are prevented or not?

 

[jamescv7]

@Online_Sword: It didn't nor any category that can raise an event to have a pop up for possible suspicious behaviour.

Actually when AMN on, it blocks immediately without user interaction when the file is dangerous.

When the file is declared safe by AMN, then it allowed the program immediately.

 

[Online_Sword]

@Online_Sword: It didn't nor any category that can raise an event to have a pop up for possible suspicious behaviour.

Actually when AMN on, it blocks immediately without user interaction when the file is dangerous, same goes to Safe.

Thank you for your reply.
But...your first sentence has an unusual structure, which makes it difficult for me to understand...Sorry.
I hope you can partition that sentence into several short sentence. This can make it easy to understand.

 

[hjlbx]

Then the malwares are prevented or not?

Many times after installation, adware does nothing to trigger the Behavior Blocker - the application is just nuisance-ware.

You have to play around with the adware and explore all of its functions to see if it triggers the Behavior Blocker - like hidden download, connect to malicious domain, etc.

Behavior Blocker only alerts after very specific actions. It can be fooled, but still, it is very good.

 

[minegroasprilla]

.....Emsisoft is better (and so is Comodo).

Sorry for my question, but If anyone wants to use combo Emsisoft+Comodo, What's better: EAM+ComodoFirewall or EAM+CIS?.

 

[Deleted member 178]

Sorry for my question, but If anyone wants to use combo Emsisoft+Comodo, What's better: EAM+ComodoFirewall or EAM+CIS?.

Lightest = EAM + CFW
Safest = EAM + CIS

 

[Rebsat]

I am waiting for this new version

 

[hjlbx]

I am waiting for this new version

Version 11 has be released !

 

[Azure]

Here's a video of Emsisoft Behavior Blocker dealing with ransomware.

 

[CMLew]

Thanks for sharing the video @Azure Phoenix .

Indeed Behavior Blocker is a powerful program. Can be a good alternative option to HIPS I guess.

If i recall correctly Emsisoft used to have a standalone BB called Mamutu right? So it's been incorporated to EAM and EIS?

 

[Evgeny]

Thats why i like Emsi

 

[Online_Sword]

AMN is utilized by the BB in the tests shown in the video posted by @Azure Phoenix .

I am curious about whether the BB of Emsisoft could still block those ransomware in the offline case.

 

[CMLew]

AMN is utilized by the BB in the tests shown in the video posted by @Azure Phoenix .

I am curious about whether the BB of Emsisoft could still block those ransomware in the offline case.

Good Point. I'm curious too.

 

[hjlbx]

Except for the sample that generates the large, red detail Behavior Blocker alert, all of those blocks where Anti-Malware Network query blocks.

AMN is a file reputation database.

So, bottom line is, 19/20 detections where "signature\file reputation" detections. 1/20 blocks were done by the local Behavior Blocker.

 

[SHvFl]

He should disable internet and do the test again so it's just the behaviour blocker if he really wants to test it.

 

[Azure]

AMN is utilized by the BB in the tests shown in the video posted by @Azure Phoenix .

I am curious about whether the BB of Emsisoft could still block those ransomware in the offline case.

I wonder same. I would like see Emsisoft releasing another video demonstrating how good the behavior blocker is without internet connection

 

[Azure]

He should disable internet and do the test again so it's just the behaviour blocker if he really wants to test it.

The video was made by a Emsisoft employee and uploaded on their official youtube account.

 

[jamescv7]

The effectiveness of BB in offline is totally needs more improvement and smarter to detect without any reference when reputation isn't available.Although AMN is well effective at all.

 

[Azure]

The effectiveness of BB in offline is totally needs more improvement and smarter to detect without any reference when reputation isn't available.Although AMN is well effective at all.

Indeed. Will be nice once they have perfected the "Introduced autonomous decisions on alerts for malware intrusions and exploitation attempts." that was written on the initial post of this thread.