Emsisoft Antimalware Scan Result

Deleted member 2913 · Jul 6, 2015

Installed Emsi AM & did a quick scan.
It found few threats & to me it all seems FPs.
Like it mention disabletaskmanager but taskmanager opens fine. Disablecmd but cmd opens fine too. Disable registry tools but regedit opens fine too.
What I could make out of the detection have mentioned.
Attached is the screenshot

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Key: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\YAHOOPARTNERTOOLBAR detected: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 detected: Application.Win32.InstallExt (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)

Scanned 59807

hjlbx · Jul 6, 2015

Search Emsi support forum. Fabian Wosar discusses this in some threads. If I recall correctly he stated that there are cases where legitimate\safe security or other softs will create the above keys.

Since you have been installing various security softs maybe they are just left over - and are very unlikely an indication of any kind of serious infection...

Deleted member 2913 · Jul 6, 2015

None of the many security tools I use to check the system detects any threats. Those are definitely FPs.

jamescv7 · Jul 6, 2015

@yesnoo : Link 1

Brief overview: These are stated to be policies which your application done for that operation so you can safely remove if you believe its a legitimate process or use the whitelist feature to not include for the scan.

Azure · Jul 6, 2015

yesnoo said:
Like it mention disabletaskmanager but taskmanager opens fine. Disablecmd but cmd opens fine too. Disable registry tools but regedit opens fine too.

This info might help
https://support.emsisoft.com/topic/13694-disabletaskmgr-and-disableregistrytools/
"Sorry for the confusion, the policies (which would, when active, disable your taskmanager or registry tools) are set to zero, meaning they are disabled. Practically this means your Taskmanager and registry tools are working normally."

Deleted member 2913 · Jul 6, 2015

Azure Phoenix said:
This info might help
https://support.emsisoft.com/topic/13694-disabletaskmgr-and-disableregistrytools/
"Sorry for the confusion, the policies (which would, when active, disable your taskmanager or registry tools) are set to zero, meaning they are disabled. Practically this means your Taskmanager and registry tools are working normally."

Thanxx for the support man.
So there they have mentioned its fine to delete or not delete the detected keys, no probs & taskmanager, etc... will work normal. I hope understood the posts there correctly.
So should I delete those?

Azure · Jul 6, 2015

I had similar detections like yours when I fist tried Emsisoft. I didn't see any problems after I deleted them, but if you are still unsure then you can ask on the Emsisoft Support Forum for help

Deleted member 2913 · Jul 6, 2015

Some strange things here on Win 7 64 with EAM installed.
Customize taskbar list has increased. Previously there were only few programs in the list. And I had set EAM to "Show Icon & Notification" but after system restart it was not there on the taskbar but in that little square that shows programs that are set to "show notifications only". When I checked customize there are 2 Emsi Realtime, 1 set to "show notifications only" & 1 set to "show icons & notifications".

Bootime is little longer compared to Avast AV Pro & takes few secs to settle down on reaching the desktop. After it settles down system response & browsing is light & good.

And just testing how it works.
So was running apps on the system. For 2 apps got antimalware network check & found safe popups. I thought lets see what happens if the system is offline. So I removesd the rules for those 2 apps & disconnected the net. And tried running those 2 apps again. 1 got the alert manupulating another process in red & another got yellow popup mentioning access disk sectors directly. So when the system is offline it could be a prob for average users. But antimalware network works good. Is Emsi whitelists on antimalware network good & big?

And when the system is offline & antimalware network tries to check the program, it gives internal process error popup. Wouldn't it be good if the popup mention something like plzz/always connect to internet & run the programs so that the programs are instantly checked for additional/advanced security by Emsi?

And does running the full/malware scan checks the antimalware network too to whitelists the programs?

Why there is no upload option for some threads here?

Deleted member 2913 · Jul 6, 2015

Azure Phoenix said:
I had similar detections like yours when I fist tried Emsisoft. I didn't see any problems after I deleted them, but if you are still unsure then you can ask on the Emsisoft Support Forum for help

You mean you deleted & still was able to run taskmanager, etc...?

Deleted member 2913 · Jul 6, 2015

yesnoo said:
Some strange things here on Win 7 64 with EAM installed.
Customize taskbar list has increased. Previously there were only few programs in the list. And I had set EAM to "Show Icon & Notification" but after system restart it was not there on the taskbar but in that little square that shows programs that are set to "show notifications only". When I checked customize there are 2 Emsi Realtime, 1 set to "show notifications only" & 1 set to "show icons & notifications".

Bootime is little longer compared to Avast AV Pro & takes few secs to settle down on reaching the desktop. After it settles down system response & browsing is light & good.

Both the probs above in bold solved.
2 Emsi Realtime after one more system restart changed to Emsi Realtime & Emsi Security Center for scans. And Emsi now correctly appears on taskbar.

Little slow boot prob solved. Actually Bitdefender free uninstall left an entry in task scheduler. Deleting the entry solved the prob.

Azure · Jul 6, 2015

yesnoo said:
You mean you deleted & still was able to run taskmanager, etc...?

Yes. I was still able to use them.

kiric96 · Jul 6, 2015

yesnoo said:
Those are definitely FPs.

well, just to say they are not FPs as emsisoft just checks whether these entries exist or not in your registry as for default they do not exist in windows by default...

yesnoo said:
Is Emsi whitelists on antimalware network good & big?

emsisoft antimalware is their cloud protection (kind of) i dont know if their database is big nor not, but you can do a research if you wanto to... in my case almost every single program i search, they have it in database

http://www.isthisfilesafe.com/

yesnoo said:
Wouldn't it be good if the popup mention something like plzz/always connect to internet & run the programs so that the programs are instantly checked for additional/advanced security by Emsi?

ummm i think the way is now is ok, if you display such message it would be like if emsisoft is cloud dependent..

yesnoo said:
And does running the full/malware scan checks the antimalware network too to whitelists the programs?

No, they stated that they dont do this due to privacy issues, as they have to upload your computer files to verify if they are malware or not...

Search

Emsisoft Antimalware Scan Result

Deleted member 2913

hjlbx

Deleted member 2913

jamescv7

Level 85

Azure

Level 28

Deleted member 2913

Azure

Level 28

Deleted member 2913

Deleted member 2913

Deleted member 2913

Azure

Level 28

kiric96

Level 19

Similar threads