Emsisoft Anti-Malware question

Status
Not open for further replies.
R

rocky

Thread author
I have Emsisoft Anti-Malware installed as only security program with windows firewall on win.7 x86. Out of curiosity I tried to run Zemana keylogger simulator and it ran with no reaction from Emsisoft Anti-Malware so now I'm not sure what to think. I have fallen into a hole and I can't really find a program I'm having alot of faith in.
 
hamo

hamo

Level 10
Verified
Well-known
Mar 30, 2014
468
Emsisoft full Compatible with Zemana AntiLogger ( no reaction )

PImzvUmE.png


You can use Zemana AntiLogger seamlessly as an important extra layer of security, in harmony with almost any antivirus or firewall software.

See the list here : http://www.zemana.com/product/antilogger/overview/

Press

 
  • Like
Reactions: marg and rocky
XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I think most antiviruses/antimalwares, if not all, white-listed Zemana's keylogger simulation test. So, don't lose faith if your antivirus/antimalware for not detecting and stopping the keylogger test.

I have ESET, but it doesn't block Zemana's simulation tests. Kaspersky doesn't block them either. :)
 
  • Like
Reactions: WinXPert, rocky and Deleted member 178
D

Deleted member 178

Thread author
ZAL is whitelisted by most of Avs, if you want test it, maybe you can set EAM on paranoid
 
  • Like
Reactions: rocky and XhenEd
R

rocky

Thread author
Thanks for the replies. I will install Zemana and give that a try. I appreciate the help!
 
R

rocky

Thread author
I decided to give SpyShelter a try since I had never used it. It does block Zemana keylogger test. Thanks again for all the help!
 
Fabian Wosar

Fabian Wosar

From Emsisoft
Verified
Developer
Well-known
Jun 29, 2014
260
rocky said:
Out of curiosity I tried to run Zemana keylogger simulator and it ran with no reaction from Emsisoft Anti-Malware so now I'm not sure what to think. I have fallen into a hole and I can't really find a program I'm having alot of faith in.
Click to expand...
Emsisoft Anti-Malware is very focused on behavior blocking. Behavior blockers in general can't be tested with leak tests like the Zemana test for example. You could even argue that a detection of such tools by a behavior blocker is a false positive. While HIPS only care about whether or not a certain API was called or a certain action took place, behavior blockers care a lot about the circumstances and combinations of events.

From a behavior blocker's point of view the Zemana leak test is nothing like an actual keyloggers. To name just a few things:
  1. A keylogger is usually invisible to the user. It doesn't have any GUI or a tray icon. The Zemana leak test though does have a GUI to display what was logged.
  2. Keyloggers also usually install themselves in the system and make sure they run automatically during boot. This leak test on the other hand is just started by the user. It doesn't install itself and never adds itself to the autoruns.
  3. Just collecting what you type alone is not very useful. Keyloggers always have mechanisms that allow them to save what you typed or to send out what you typed through the network. Leak tests usually don't do that.
  4. Keylogger executables often "look" fishy. No icons, no version information, no digital signatures, usage of obfuscators and packers. Leak test executables on the other hand usually have a nice shiny icon, have proper version information and some leak test providers even signed their leak test.
So when a behavior blocker sees the Zemana leak test call the SetWindowsHookEx API for example to install a window message hook it will notice that the application has the capability of logging keys, but all other aspects of the application point toward it being legitimate and not a keylogger, so it may decide not to issue an alert about it just yet.
 
  • Like
Reactions: marg, XhenEd, Malware1 and 1 other person
D

Deleted member 21043

Thread author
Fabian Wosar said:
Emsisoft Anti-Malware is very focused on behavior blocking. Behavior blockers in general can't be tested with leak tests like the Zemana test for example. You could even argue that a detection of such tools by a behavior blocker is a false positive. While HIPS only care about whether or not a certain API was called or a certain action took place, behavior blockers care a lot about the circumstances and combinations of events.

From a behavior blocker's point of view the Zemana leak test is nothing like an actual keyloggers. To name just a few things:
  1. A keylogger is usually invisible to the user. It doesn't have any GUI or a tray icon. The Zemana leak test though does have a GUI to display what was logged.
  2. Keyloggers also usually install themselves in the system and make sure they run automatically during boot. This leak test on the other hand is just started by the user. It doesn't install itself and never adds itself to the autoruns.
  3. Just collecting what you type alone is not very useful. Keyloggers always have mechanisms that allow them to save what you typed or to send out what you typed through the network. Leak tests usually don't do that.
  4. Keylogger executables often "look" fishy. No icons, no version information, no digital signatures, usage of obfuscators and packers. Leak test executables on the other hand usually have a nice shiny icon, have proper version information and some leak test providers even signed their leak test.
So when a behavior blocker sees the Zemana leak test call the SetWindowsHookEx API for example to install a window message hook it will notice that the application has the capability of logging keys, but all other aspects of the application point toward it being legitimate and not a keylogger, so it may decide not to issue an alert about it just yet.
Click to expand...
Your behavior blocker is amazing. I wish I could make one like yours aha :D Of course that isn't going to happen with me using .NET... Of course I will need C...
 
Tony Cole

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Fabian thanks for the reply! It's truly an amazing product; that offers excellent protection.
 
Status
Not open for further replies.

Similar threads

Bot
    • Like
Emsisoft Anti-Malware 2022.12.1
Replies
0
Views
721
Emsisoft
Bot
Bot
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review Adlice RogueKiller Anti-Malware Pro 2024
Replies
9
Views
618
Video Reviews - Security and Privacy
vaccineboy
vaccineboy
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
703
Windows Malware Removal Help & Support
Can't Decide
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top