Emsisoft Anti-Malware & Emsisoft Internet Security 2017.8 released

  • Thread starter Deleted member 178
  • Start date

Do you like the Firewall Fortification feature?

  • Yes

    Votes: 55 79.7%
  • No

    Votes: 14 20.3%

  • Total voters
    69
Status
Not open for further replies.
F

ForgottenSeer 58943

Thread author
Indeed, but to me if a malware is active on your system , it doesn't matter anymore, your security strategy just failed , so just reformat your system.

Exactly.. So few understand this out there.. They want the malware cleaned up, then they go back to doing everything they did before and using the same products as before. Heck, when we discovered my Trend Micro was hijacked I flattened every machine in the home, put them all on sandboxes/vm's until I decided on my new security strategy, then dumped the VM's and implemented the strategy.

I can't even get my inlaws to drop Webroot, even after they've been infected multiple times.. The lack of logic is incredible.
 
D

Deleted Member 3a5v73x

Thread author
I can't even get my inlaws to drop Webroot, even after they've been infected multiple times.. The lack of logic is incredible.
Webroot users gets zombied. My mom also don't want to uninstall it, because as she says, that AV is so 'unintrusive' and doesn't interrupt work for her. o_O:ROFLMAO:Thinking about switching to few Emsisoft seats with console on my side. Can't figure out yet best way how to setup it up, since family is living in different location. :unsure:
 

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Webroot users gets zombied. My mom also don't want to uninstall it, because as she says, that AV is so 'unintrusive' and doesn't interrupt work for her. o_O:ROFLMAO:Thinking about switching to few Emsisoft seats with console on my side. Can't figure out yet best way how to setup it up, since family is living in different location. :unsure:
Webroot lasted a couple of minutes on my machine when I tested it for myself!!:ROFLMAO:(n)
Webroot fanboys will tell you that "you do not understand how the software works",well at least for me it didn't:D
 
5

509322

Thread author
I know, I am talking about Windows Firewall control, which this thread is about, but it does not work as supposed to. Even if I block apps, they are still allowed.

You might want to consider reporting this to alexandru. I reported the same thing, but since I was the only one reporting it he didn't think it was an issue.
 
5

509322

Thread author
Where can I find this thing? I wanted to test the firewall and I can not seem to find it. BB auto-allows everything and can not be deleted, so that can not be it.

I consider buying Sphinx Firewall Control, but since Emsisoft cost the same, I might go with it, but it does not seem to do anything firewall related. :unsure:

Simply put, how to set it up, so I would get this alert?

You do not need to adjust any settings. You need to find an unknown\untrusted file that will manipulate the Windows Firewall settings - like turn it off.

The file you see in the image is one of their internal test files. I assume that they have rated it as unknown\untrusted in their cloud database so that the query will trigger the behavior blocker alert.
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
You do not need to adjust any settings.
By default it allows everything and it is not possible to remove allowed files, just painstakingly edit them, which still does not block them. That is even worse than free version of Sphinx, which at least allows only Windows files, the rest can be blocked for outbound connections. It seems, this need a lot of work, a lot. :(
 
5

509322

Thread author
By default it allows everything and it is not possible to remove allowed files, just painstakingly edit them, which still does not block them. That is even worse than free version of Sphinx, which at least allows only Windows files, the rest can be blocked for outbound connections. It seems, this need a lot of work, a lot. :(

It allows based upon file reputation\rating.

You cannot block ports, all outbound connections, make firewall rules with EAM. You have to manage outbound activity in the Windows Firewall or use a front-end GUI for it like WFC.

Emsisoft phased-out their product that included a firewall.
 
Last edited by a moderator:

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
You cannot block ports, all outbound connections, make firewall rules with EAM. You have to manage outbound activity in the Windows Firewall or use a front-end GUI for it like WFC.
It seems, that I have seriously misunderstood their blog post, since they said, they will use Windows Firewall instead. :cry:

That picture sure did not help. Maybe I should read articles more thoroughly and not just look at pictures. :oops:
 
D

Deleted member 178

Thread author
It seems, that I have seriously misunderstood their blog post, since they said, they will use Windows Firewall instead. :cry:
We protect Windows Firewall from malicious changes (creation of outbound rules by malware, etc...) since Windows Firewall authorizes any outbound rules to be created by default without warning.
However, the blocking of legit apps connections must be done manually via the users or via a 3rd party extension.
Which make sense since if you install a software it is supposed to be safe, so why blocking the outbound connections? however, i understand that privacy paranoids may think differently...
 

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
Which make sense since if you install a software it is supposed to be safe, so why blocking the outbound connections?
I share the feeling, but since I am forced to use Windows Firewall since 1709, I wanted to take some advantage of it.
Disabling the service causes BSOD. Disabling firewall is pointless, it still monitors the traffic, it just allows everything.
 
D

Deleted member 178

Thread author
Personally, i use WinFW by blocking all connections in all profiles and making "allow outbound" rules on the fly.
 
  • Like
Reactions: Trooper

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
Personally, i use WinFW by blocking all connections in all profiles and making "allow outbound" rules on the fly.
Indeed, I just hate small annoyances like news or app popups notifying about new versions, blocking "checking for updates" prevents that.
 

petok

Level 1
Sep 19, 2011
38
When block "outbound" connections you have control what you give transfer data to servers, when block "inbound" then not receive data from server. Block to both is good for privacy and sharing mode or short invisible stealth mode...
 
F

ForgottenSeer 58943

Thread author
I had a string of FP's with Emsisoft over the last 24 hours with it set to default settings. :cry:

SWTOR (MMO), it kept quarantining the primary executable and then behaviour blocked some of the other files. Eventually it bricked the update and I had to turn off Emsisoft Protection, reinstall it, then whitelist the directory.

Private Internet Access (PIA). I was testing it on a machine and it flagged a bunch of the install files with the BB.

A couple others with some steam games, I had to whitelist the steam common directory on all of the machines.
 
  • Like
Reactions: Trooper
5

509322

Thread author
I had a string of FP's with Emsisoft over the last 24 hours with it set to default settings. :cry:

SWTOR (MMO), it kept quarantining the primary executable and then behaviour blocked some of the other files. Eventually it bricked the update and I had to turn off Emsisoft Protection, reinstall it, then whitelist the directory.

Private Internet Access (PIA). I was testing it on a machine and it flagged a bunch of the install files with the BB.

A couple others with some steam games, I had to whitelist the steam common directory on all of the machines.

To avoid this, when installing new programs I set the BB to Ask. Obviously the user is installing a known, trusted program so it is nonsense to have the BB set to auto-resolve during program installs and just let it auto-quarantine files. If the program installer or one of its files is detected as malicious then File Guard will take care of it.

Actually, you don't even have to set the BB to Ask, but instead just select Allow in the auto-resolve fly-out toaster alert. But, if you want to see full alert details, then set the BB to Ask.

In my experience, almost all VPN installers and clients will trigger the BB.

The BB is triggered by the fact that many of such installers and programs are not widely used and their community rating in AMN is based upon comparatively few Emsisoft users.

To avoid FPs, user effort is required to adjust the product settings and report the FPs. The ratings in AMN are mostly user\community based. Users have to submit whitelisting requests.
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top