DDE_Server

Level 21
Verified
here some tuning steps from configuring Emsisoft from the following link:
tell me what is your opinion

Emsisoft Anti-Malware


Emsisoft Anti-Malware provides protection for your computer against viruses, ransomware, a variety of malicious programs, infected and fraudulent sites. Our guide will help you configure your antivirus as much as possible, which will increase the level of detection and give more security.

Emsisoft Anti-Malware, like other antiviruses , is optimally configured, but if you need to raise the parameters for maximum protection, our instructions will help.

How to add a file or folder to Emsisoft Anti-Malware exceptions

Note . Strengthening the protective functionality affects the performance of the computer .

Configuring Emsisoft Anti-Malware for Maximum Protection
Open the Emsisoft Anti-Malware antivirus and click " Security ." In the " File Protection " section, set the level to " Paranoid ", if it is not comfortable, you can slow down a little and put " Careful ". Click the verification icon in the menu on the right, expand " New Scan ", check the boxes " Scan mail data files " and " Use direct access to disk ". Then save the changes. Scroll down the page a little and reduce the impact of the product on the system by selecting " Reduced resource usage ."

Open Security Settings




Set protection level




Setting up a new scan




Lower resource usage


Optimize memory . Now, the Emsisoft Anti-Malware antivirus will protect you better and more optimally use computer resources. And what I want to note is protection of access rights to settings. If necessary, set an administrator password and prevent unauthorized changes to the security product. Tip . It is important to know so that the maximum settings do not prevent the antivirus from skipping. Try to scan your computer with antivirus scanners regularly. This way you can detect and eliminate the missing malware.

Enable memory optimization






Set password
 

Fabian Wosar

From Emsisoft
Verified
Developer
Click the verification icon in the menu on the right, expand " New Scan ", check the boxes " Scan mail data files " and " Use direct access to disk ".
Those are horrible recommendations, to be honest. DDA will do absolutely nothing on x64 systems, as rootkits are pretty much dead on that platform thanks to Secure Boot. So unless you are stuck on Windows 7 or older or can't/don't want to use Secure Boot, do not enable that option. It will have no benefit at all to you, except for slowing the scan down dramatically.

Scanning mail archives is pointless. In fact, it may cause issues. EAM will treat mail archives as normal archives. Meaning: If you have any malware file in your inbox and quarantine/delete the infection, EAM will remove the entire inbox. That option is more there for people who want to scan maildirs on a server for example.

Then save the changes. Scroll down the page a little and reduce the impact of the product on the system by selecting " Reduced resource usage ."
Or, you know, don't enable the pointless options that add absolutely nothing for your security and just waste a metric tonne of resources.

Optimize memory
That's wrong. What that option does is leave as much of the signature database swapped out onto your disk at all times as possible. This will completely destroy performance every time EAM has to scan something, which it does all the time as you also changed the File Guard settings to scan everything all the time, which is a bad idea as well. If you want to go with the more aggressive File Guard options, you better make sure this option is off, as otherwise, EAM will have a serious impact on your overall performance because every time a file needs to be scanned, signatures have to be swapped in from the disk again.
 

DDE_Server

Level 21
Verified
Those are horrible recommendations, to be honest. DDA will do absolutely nothing on x64 systems, as rootkits are pretty much dead on that platform thanks to Secure Boot. So unless you are stuck on Windows 7 or older or can't/don't want to use Secure Boot, do not enable that option. It will have no benefit at all to you, except for slowing the scan down dramatically.

Scanning mail archives is pointless. In fact, it may cause issues. EAM will treat mail archives as normal archives. Meaning: If you have any malware file in your inbox and quarantine/delete the infection, EAM will remove the entire inbox. That option is more there for people who want to scan maildirs on a server for example.


Or, you know, don't enable the pointless options that add absolutely nothing for your security and just waste a metric **** tonne of resources.


That's wrong. What that option does is leave as much of the signature database swapped out onto your disk at all times as possible. This will completely destroy performance every time EAM has to scan something, which it does all the time as you also changed the File Guard settings to scan everything all the time, which is a bad idea as well. If you want to go with the more aggressive File Guard options, you better make sure this option is off, as otherwise, EAM will have a serious impact on your overall performance because every time a file needs to be scanned, signatures have to be swapped in from the disk again.
so shall i remove this thread :) :) ??
 

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
Those are horrible recommendations, to be honest. DDA will do absolutely nothing on x64 systems, as rootkits are pretty much dead on that platform thanks to Secure Boot. So unless you are stuck on Windows 7 or older or can't/don't want to use Secure Boot, do not enable that option. It will have no benefit at all to you, except for slowing the scan down dramatically.

Scanning mail archives is pointless. In fact, it may cause issues. EAM will treat mail archives as normal archives. Meaning: If you have any malware file in your inbox and quarantine/delete the infection, EAM will remove the entire inbox. That option is more there for people who want to scan maildirs on a server for example.


Or, you know, don't enable the pointless options that add absolutely nothing for your security and just waste a metric **** tonne of resources.


That's wrong. What that option does is leave as much of the signature database swapped out onto your disk at all times as possible. This will completely destroy performance every time EAM has to scan something, which it does all the time as you also changed the File Guard settings to scan everything all the time, which is a bad idea as well. If you want to go with the more aggressive File Guard options, you better make sure this option is off, as otherwise, EAM will have a serious impact on your overall performance because every time a file needs to be scanned, signatures have to be swapped in from the disk again.
Fabian, do you have any recommendations how to configure EAM for maximum protection and/or for maximum performance?
 

Fabian Wosar

From Emsisoft
Verified
Developer
The defaults are pretty good when it comes to performance. The only way you can improve that is by starting to exclude processes that you know are safe. For maximum protection, setting the File Guard to thorough is the best you can do. Paranoid is overkill and will give you little to no additional protection.
 
F

ForgottenSeer 823865

Configuring Emsisoft Anti-Malware for Maximum Protection

That was valid during the OA era, EAM had lot of advanced settings that really increased its security compared to its default settings, but with time EAM became more popular, adopted by "the masses" instead of just the geeks; hence requiring simplified GUI and BB, so most of those security settings are now set by default.

When i was their Community Manager, i tried writing the same kind of article but when i saw i had almost nothing to say , i abandoned the idea LOL
 

HarborFront

Level 54
Verified
Content Creator
I wonder what Emsisoft is going to say about ‘Multi-process malware’. Read below


Quote

The infection appears to be targeting multi-core machines and has so far evaded most behavioral and some simple threat detection tools......

Code- or signature-based approaches have proved just as ineffective as heuristic analysis.

Unquote
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
I wonder what Emsisoft is going to say about ‘Multi-process malware’. Read below


Quote

The infection appears to be targeting multi-core machines and has so far evaded most behavioral and some simple threat detection tools......

Code- or signature-based approaches have proved just as ineffective as heuristic analysis.

Unquote
I just found this Heimdal blog after referring to the giveaway. Many users may be just learning about the existence of multi-process malware (MPM). Yet it is an acknowledged attack architecture and must have been researched upon since a couple of years already.
I found a relevant paper dating 2013 and having older references.

Folks at Heimdal have mentioned about their method of behavioral analysis - what they like to call the 'Threat-to-Process Correlation (TTPC)'.
They state in the interesting use cases in that blog - that their method was more effective than regular behavioral analysis, in identifying the malicious activities of adversaries (MPM) hidden in an innocent horse. That's obviously a form of them marketing their stuff... nothing wrong.
However as you would guess, this doesn't mean that major security players around the world haven't worked upon measures to detect such potential attacks. We have some good behavior blockers/HIPS and solutions with strongly inter-connected modules for quite some time now.

Couldn't find any articles or marketing from popular antiviruses on the same though.
It would be good to hear from a professional in the industry.
I wonder how - reactive enterprise emergency response solutions and monitoring tools might serve as a different (perhaps more effective) weapon to identify (pre/post) and possibly remediate them.
 
Top