Emsisoft Anti-Malware & Emsisoft Internet Security 2017.8 released

[ForgottenSeer 58943]

Indeed, but to me if a malware is active on your system , it doesn't matter anymore, your security strategy just failed , so just reformat your system.

Exactly.. So few understand this out there.. They want the malware cleaned up, then they go back to doing everything they did before and using the same products as before. Heck, when we discovered my Trend Micro was hijacked I flattened every machine in the home, put them all on sandboxes/vm's until I decided on my new security strategy, then dumped the VM's and implemented the strategy.

I can't even get my inlaws to drop Webroot, even after they've been infected multiple times.. The lack of logic is incredible.

 

[Peter2150]

Yes, but I think on the 1st of October, licenses will be switched and updates will change you to EAM

 

[Deleted Member 3a5v73x]

I can't even get my inlaws to drop Webroot, even after they've been infected multiple times.. The lack of logic is incredible.

Webroot users gets zombied. My mom also don't want to uninstall it, because as she says, that AV is so 'unintrusive' and doesn't interrupt work for her. Thinking about switching to few Emsisoft seats with console on my side. Can't figure out yet best way how to setup it up, since family is living in different location.

 

[Venustus]

Webroot users gets zombied. My mom also don't want to uninstall it, because as she says, that AV is so 'unintrusive' and doesn't interrupt work for her. Thinking about switching to few Emsisoft seats with console on my side. Can't figure out yet best way how to setup it up, since family is living in different location.

Webroot lasted a couple of minutes on my machine when I tested it for myself!!
Webroot fanboys will tell you that "you do not understand how the software works",well at least for me it didn't

 

[509322]

I know, I am talking about Windows Firewall control, which this thread is about, but it does not work as supposed to. Even if I block apps, they are still allowed.

You might want to consider reporting this to alexandru. I reported the same thing, but since I was the only one reporting it he didn't think it was an issue.

 

[509322]

Where can I find this thing? I wanted to test the firewall and I can not seem to find it. BB auto-allows everything and can not be deleted, so that can not be it.

I consider buying Sphinx Firewall Control, but since Emsisoft cost the same, I might go with it, but it does not seem to do anything firewall related.

Simply put, how to set it up, so I would get this alert?

You do not need to adjust any settings. You need to find an unknown\untrusted file that will manipulate the Windows Firewall settings - like turn it off.

The file you see in the image is one of their internal test files. I assume that they have rated it as unknown\untrusted in their cloud database so that the query will trigger the behavior blocker alert.

 

[TairikuOkami]

You do not need to adjust any settings.

By default it allows everything and it is not possible to remove allowed files, just painstakingly edit them, which still does not block them. That is even worse than free version of Sphinx, which at least allows only Windows files, the rest can be blocked for outbound connections. It seems, this need a lot of work, a lot.

 

[509322]

By default it allows everything and it is not possible to remove allowed files, just painstakingly edit them, which still does not block them. That is even worse than free version of Sphinx, which at least allows only Windows files, the rest can be blocked for outbound connections. It seems, this need a lot of work, a lot.

It allows based upon file reputation\rating.

You cannot block ports, all outbound connections, make firewall rules with EAM. You have to manage outbound activity in the Windows Firewall or use a front-end GUI for it like WFC.

Emsisoft phased-out their product that included a firewall.

 

[TairikuOkami]

You cannot block ports, all outbound connections, make firewall rules with EAM. You have to manage outbound activity in the Windows Firewall or use a front-end GUI for it like WFC.

It seems, that I have seriously misunderstood their blog post, since they said, they will use Windows Firewall instead.

That picture sure did not help. Maybe I should read articles more thoroughly and not just look at pictures.

 

[Deleted member 178]

It seems, that I have seriously misunderstood their blog post, since they said, they will use Windows Firewall instead.

We protect Windows Firewall from malicious changes (creation of outbound rules by malware, etc...) since Windows Firewall authorizes any outbound rules to be created by default without warning.
However, the blocking of legit apps connections must be done manually via the users or via a 3rd party extension.
Which make sense since if you install a software it is supposed to be safe, so why blocking the outbound connections? however, i understand that privacy paranoids may think differently...

 

[TairikuOkami]

Which make sense since if you install a software it is supposed to be safe, so why blocking the outbound connections?

I share the feeling, but since I am forced to use Windows Firewall since 1709, I wanted to take some advantage of it.
Disabling the service causes BSOD. Disabling firewall is pointless, it still monitors the traffic, it just allows everything.

 

[Deleted member 178]

Personally, i use WinFW by blocking all connections in all profiles and making "allow outbound" rules on the fly.

 

[TairikuOkami]

Personally, i use WinFW by blocking all connections in all profiles and making "allow outbound" rules on the fly.

Indeed, I just hate small annoyances like news or app popups notifying about new versions, blocking "checking for updates" prevents that.

 

[petok]

When block "outbound" connections you have control what you give transfer data to servers, when block "inbound" then not receive data from server. Block to both is good for privacy and sharing mode or short invisible stealth mode...

 

[ForgottenSeer 58943]

I had a string of FP's with Emsisoft over the last 24 hours with it set to default settings.

SWTOR (MMO), it kept quarantining the primary executable and then behaviour blocked some of the other files. Eventually it bricked the update and I had to turn off Emsisoft Protection, reinstall it, then whitelist the directory.

Private Internet Access (PIA). I was testing it on a machine and it flagged a bunch of the install files with the BB.

A couple others with some steam games, I had to whitelist the steam common directory on all of the machines.

 

[509322]

I had a string of FP's with Emsisoft over the last 24 hours with it set to default settings.

SWTOR (MMO), it kept quarantining the primary executable and then behaviour blocked some of the other files. Eventually it bricked the update and I had to turn off Emsisoft Protection, reinstall it, then whitelist the directory.

Private Internet Access (PIA). I was testing it on a machine and it flagged a bunch of the install files with the BB.

A couple others with some steam games, I had to whitelist the steam common directory on all of the machines.

To avoid this, when installing new programs I set the BB to Ask. Obviously the user is installing a known, trusted program so it is nonsense to have the BB set to auto-resolve during program installs and just let it auto-quarantine files. If the program installer or one of its files is detected as malicious then File Guard will take care of it.

Actually, you don't even have to set the BB to Ask, but instead just select Allow in the auto-resolve fly-out toaster alert. But, if you want to see full alert details, then set the BB to Ask.

In my experience, almost all VPN installers and clients will trigger the BB.

The BB is triggered by the fact that many of such installers and programs are not widely used and their community rating in AMN is based upon comparatively few Emsisoft users.

To avoid FPs, user effort is required to adjust the product settings and report the FPs. The ratings in AMN are mostly user\community based. Users have to submit whitelisting requests.

 

[Deleted member 178]

@ForgottenSeer 58943 Also you can add all the game's needed executables to the Application Rules section and set them to "All allowed" .