Battle Combo: Emsisoft Suite + SpyShelter Premium OR Emsisoft Anti-Malware + SpyShelter Firewall

giants8058

Level 4
Thread author
Verified
Jan 26, 2016
150
My current EAM license is due to expire in a couple months and I'm not sure if I should stick with EAM or switch over to EIS. I do a good amount of online banking/commerce, so on top of a good AV, I also would like to add an anti-logger as a last line of defense.

So I needed some help in deciding and am curious to hear your opinions as to which combination do you think offers the best overall protection and why exactly. Technical explanations are welcome. Do you think it is better to have the firewall integrated with the AV since it will work together seamlessly with the behavior blocker along with the other components, or is it more advantageous to have the firewall integrated with the HIPS system like with SpyShelter Firewall? Thanks in advance for your input.
 
Last edited:

giants8058

Level 4
Thread author
Verified
Jan 26, 2016
150
Yes I have checked out both sites along with Emsisoft's support forum, and for the most part, the product descriptions for each don't really go into too much detail. Both appear to be good firewalls. My question is between the two, which one would be better off to be responsible for controlling network access, Emsisoft's components+FW or SpyShelter's HIPS+FW. As for price, it's not really that big of a deal since it's only a $5-$10 difference.
 
Last edited:
  • Like
Reactions: Cats-4_Owners-2

giants8058

Level 4
Thread author
Verified
Jan 26, 2016
150
Combining two HIPS products makes no sense. It will result in, at best, double-alerts and, at worst, conflict with each other.
To my understanding, I don't think Emsisoft's Behavior Blocker is technically considered a HIPS and leak tests provide very different results for them both. Emsisoft's BB pretty much misses everything which is fine because it functions differently and is not intended to work the same as HIPS. If it were up to me, I only would want the anti-logging features, but they don't offer it. And I'm pretty sure that the HIPS is the main component that provides the anti-logging protection. I have also checked out Zemana, but after trying it out and failing numerous tests, I don't have faith in their anti-logging capabilities. When I ran the trial, there didn't seem to be any issues between the two. I could always disable the system protection setting that should probably prevent any possible conflicts.
 
Last edited:

Aluno

Level 1
Verified
Aug 15, 2016
33
EIS' BB can be set on "stricter" mode, so almost an HIPS, but indeed both can be used together.[/QUOTBE]
BB is more user friendly but any AV protect at 100%. HIP is very helpfull becouse you have all processes under your control. SpyShleter give you an option scan with jotti(probably 12 or 18 AV enginess) Its good as file scanner. And of course full key-encrypted working with any browser or aplication.
 

giants8058

Level 4
Thread author
Verified
Jan 26, 2016
150
EIS' BB can be set on "stricter" mode, so almost an HIPS, but indeed both can be used together.
In "stricter" mode, are you referring to adding rules under application rules, or is there a setting somewhere for the behavior blocker, like when they used to have paranoid mode in the past?

Do you think that SS's "Real time System Protection" which consists of the following mitigation's (as per SS website) would have any conflicts with HMP.alert or even Emsisoft's BB possibly letting something get through as a result:

•Global Hook Installation
•Rootkit Installations
•Thread Context Changing
•Direct Physical Memory Access
•Remote Thread Creation
•DLL Code Injection
•Kernel Driver Loading
•Program State and Memory Modification
•System Critical parts Registry Modification

I get what they mean, but some of this stuff is a little over my head as to which ones could possibly cause conflicts. Could it result in a compromise in security along the same lines of having two AVs on the same system would cause?
 
  • Like
Reactions: Cats-4_Owners-2
D

Deleted member 178

In "stricter" mode, are you referring to adding rules under application rules, or is there a setting somewhere for the behavior blocker, like when they used to have paranoid mode in the past?

Long time i didn't used EAM and i learned that they removed it... i am disappointed of the removal of the "paranoid" mode...

Do you think that SS's "Real time System Protection" which consists of the following mitigation's (as per SS website) would have any conflicts with HMP.alert or even Emsisoft's BB possibly letting something get through as a result:

•Global Hook Installation
•Rootkit Installations
•Thread Context Changing
•Direct Physical Memory Access
•Remote Thread Creation
•DLL Code Injection
•Kernel Driver Loading
•Program State and Memory Modification
•System Critical parts Registry Modification



I get what they mean, but some of this stuff is a little over my head as to which ones could possibly cause conflicts. Could it result in a compromise in security along the same lines of having two AVs on the same system would cause?

yes it may conflict. Not saying that any kernel hooks isn't good for the system security and stability.

HMPA uses the same mitigations, especially dll injections.
 
Last edited by a moderator:
W

Wave

In "stricter" mode, are you referring to adding rules under application rules, or is there a setting somewhere for the behavior blocker, like when they used to have paranoid mode in the past?

Do you think that SS's "Real time System Protection" which consists of the following mitigation's (as per SS website) would have any conflicts with HMP.alert or even Emsisoft's BB possibly letting something get through as a result:

•Global Hook Installation
•Rootkit Installations
•Thread Context Changing
•Direct Physical Memory Access
•Remote Thread Creation
•DLL Code Injection
•Kernel Driver Loading
•Program State and Memory Modification
•System Critical parts Registry Modification

I get what they mean, but some of this stuff is a little over my head as to which ones could possibly cause conflicts. Could it result in a compromise in security along the same lines of having two AVs on the same system would cause?
If they all work with the same method then yes it will conflict.

I can tell you right now that Emsisoft inject into processes and make use of API hooks (a2hooks32.dll and a2hooks64.dll -> check a monitored process for it's modules and it'll show up as they didn't manual map for the injection).

It won't hook for all the features though ofc but some of them it will

It also depends on the types of hooks both products use.. e.g. if one uses a run-time patch hook (so the instructions at the function prologue are changed to JMP <addr> or MOV RAX, addr and then JMP RAX) and the other hooks the IAT then it'll work but cause alert from both products but if they use the same hook method -> conflict as one will overwrite the other
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top