Battle Combo: Emsisoft Suite + SpyShelter Premium OR Emsisoft Anti-Malware + SpyShelter Firewall

[giants8058]

My current EAM license is due to expire in a couple months and I'm not sure if I should stick with EAM or switch over to EIS. I do a good amount of online banking/commerce, so on top of a good AV, I also would like to add an anti-logger as a last line of defense.

So I needed some help in deciding and am curious to hear your opinions as to which combination do you think offers the best overall protection and why exactly. Technical explanations are welcome. Do you think it is better to have the firewall integrated with the AV since it will work together seamlessly with the behavior blocker along with the other components, or is it more advantageous to have the firewall integrated with the HIPS system like with SpyShelter Firewall? Thanks in advance for your input.

 

[giants8058]

Long time i didn't used EAM and i learned that they removed it... i am disappointed of the removal of the "paranoid" mode...



yes it may conflict. Not saying that any kernel kooks isn't good for the system security and stability.

HMPA uses the same mitigations, especially dll injections.

Yeah, that makes sense. There are some redundancies there. It would probably be a good idea to disable that module if combining with either two. Maybe it would be best to reach out to the dev to see what they have to say about compatibility.

Like Wave mentioned about Emsisoft and hooks, I believe SS implements hooks as well, so there is probably a chance they could conflict in some ways. Would any of these conflicts actually compromise security in turn allowing the threat, or would one just overwrite the other as you stated and end up blocking it? Btw thanks for the feedback guys

 

[Wave]

Yeah, that makes sense. There are some redundancies there. It would probably be a good idea to disable that module if combining with either two. Maybe it would be best to reach out to the dev to see what they have to say about compatibility.

Like Wave mentioned about Emsisoft and hooks, I believe SS implements hooks as well, so there is probably a chance they could conflict in some ways. Would any of these conflicts actually compromise security in turn allowing the threat, or would one just overwrite the other as you stated and end up blocking it? Btw thanks for the feedback guys

It really depends on the situation, there is not one definite answer.

SpyShelter have to use hooks for them to implement some of the features they have, and they don't utilise the hyper-visor, meaning they have to rely on entirely user-mode hooks on x64 (unless they are 32-bit only?) and potentially mixing them in combination with kernel-mode callbacks.