Emsisoft Antimalware Suggestions

[Deleted member 2913]

Emsisoft Antimalware Network allows safe & blocks malicious.
For unknown there will be popup, right?

Is the Behavior Blocker like BB or HIPS?
i.e on unknown program execution you get a popup & selecting block blocks the program & selecting allow allows the program Or during install too you get popups like doing this, modifying that, etc...?

No probs with Windows Updates i.e popups for Windows Updates, right?

 

[hjlbx]

Emsisoft Antimalware Network allows safe & blocks malicious.
For unknown there will be popup, right?

Is the Behavior Blocker like BB or HIPS?
i.e on unknown program execution you get a popup & selecting block blocks the program & selecting allow allows the program Or during install too you get popups like doing this, modifying that, etc...?

No probs with Windows Updates i.e popups for Windows Updates, right?

When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.

A weakness in my opinion... Emsi should have setting:

"Allow Unknown (to AMN) files to run" or "Block Unknown (to AMN) files from running."

In this way, EAM\EIS would behave as anti-executable when a file - Unknown to the Anti-Malware Network - is launched.

Such a setting would give the user the option to Allow or Block.

It would increase security - and be extremely easy to configure (= 1 radio button).

 

[Deleted member 2913]

When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.

A weakness in my opinion... Emsi should have setting:

"Allow Unknown (to AMN) files to run" or "Block Unknown (to AMN) files from running."

In this way, EAM\EIS would behave as anti-executable when a file - Unknown to the Anti-Malware Network - is launched.

Such a setting would give the user the option to Allow or Block.

It would increase security - and be extremely easy to configure (= 1 radio button).

Yes, that setting would be good & easy & no messy/corrupt installation by average users.
Either allow or block the program execution. And with AMN average users will rarely get alerts so they could be asked to block any alerts. Plus option to block instead of alerts would be good too...like Kaspersky Trusted Mode.

 

[Deleted member 2913]

When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.

The above bold I am worried about.
Certain Behavior - Only suspicious/malicious behavior - Good.
But if alerts for simply things like adding startup entry, modifying this-that then prob for average users. And I guess this is the case.

 

[Deleted member 2913]

How to set password protection?
I set password but can change settings, shutdown, etc... & it doesn't ask for password?

I am liking EAM. Very light & no probs at all.

Is EIS too same as EAM i.e very light or not as it has FW?

 

[Deleted member 2913]

How does EAM works?
i.e I see its antimalware network checks programs. And as per HJLBX AMN blocks malicious, allows safe & allows unknown but gives popup if suspicious behavior detected - This is fine & I get it.

What about those programs that run & no AMN checks popup appear?
So are those programs in some kinda local whitelist? Or its default allow approach?...if its default allow approach then why AMN checks popup appear for some programs...coz of some behavior detected?

 

[hjlbx]

So are those programs in some kinda local whitelist?

Yes. There is local white-list of "Trusted" applications downloaded during updates. If you look closely at the files downloaded during updates, you should see a file with an abbreviation\coded reference to 'Trust." That is trusted applications (white-list).

Goto the updates pane and open log. Inspect the downloaded files. You will see some coded references to Trusted and White-List. I'm doing this completely from memory... so forgive me if I do not have super-precise details.

I'm not sure as to the scope of the list nor how often it is updated. My take is that the local white-list contains Windows (OS) and the most widely-used trustworthy files; all other files are queried by the Behavior Blocker against Anti-Malware Network database.

I think it is still a big list despite being a relatively small size file; afterall, you can fit a ton of info inside a data file.

 

[Deleted member 2913]

Yes. There is local white-list of "Trusted" applications downloaded during updates. If you look closely at the files downloaded during updates, you should see a file with an abbreviation\coded reference to 'Trust." That is trusted applications (white-list).

Goto the updates pane and open log. Inspect the downloaded files. You will see some coded references to Trusted and White-List. I'm doing this completely from memory... so forgive me if I do not have super-precise details.

I'm not sure as to the scope of the list nor how often it is updated. My take is that the local white-list contains Windows (OS) and the most widely-used trustworthy files; all other files are queried by the Behavior Blocker against Anti-Malware Network database.

I think it is still a big list despite being a relatively small size file; afterall, you can fit a ton of info inside a data file.

Whatever size the local whitelist is seems good. AMN too seems good. I ran all the programs on my system & not a single popup. 4 programs were checked by AMN & found safe. EAM seems an excellent software.

 

[hjlbx]

Whatever size the local whitelist is seems good. AMN too seems good. I ran all the programs on my system & not a single popup. 4 programs were checked by AMN & found safe. EAM seems an excellent software.

Migrating from CIS to Emsisoft is like transitioning from a ditch-digger to an engineer.

One is all about manual administration while the other is more about balanced automation.

You know what I mean...

Emsi has their "stuff" together... so comparing Emsi and Comodo is not really fair.

Emsi has one weakness = interpreters are not well-protected and scripts are not well-monitored. It's OK. Just add NVT ERP or AG.

 

[Deleted member 2913]

Any advantage of the FW in EIS?

 

[hjlbx]

Any advantage of the FW in EIS?

Best FW UI, easy-to-learn, easy-to-use...

Old test shows OA firewall was only bested by Comodo.

EIS firewall is not OA firewall - it is further refined and improved - so, in theory, EIS is probably right there with CFW in practical terms.

Of course, I can't substantiate with any kind of data or documentation... but knowing Emsi, I know this much - it is quite a secure FW.

 

[Deleted member 2913]

EAM is running light on my laptop.
Will EIS run similarly on my laptop or FW brings some heaviness with it?

 

[hjlbx]

EAM is running light on my laptop.
Will EIS run similarly on my laptop or FW brings some heaviness with it?

Both EAM and EIS ran very light = I noticed no difference and unless I ran a full system scan, I didn't notice either was there.

W8.1 - EAM and EIS work terrific...

 

[Deleted member 2913]

Thanxx for the info

 

[Deleted member 2913]

EIS details on Emsi website mentions----
"Bonus: Online Banking Protection
Keeps fraudsters away from your money by hardening your browser software."
Whats this?

 

[hjlbx]

EIS details on Emsi website mentions----
"Bonus: Online Banking Protection
Keeps fraudsters away from your money by hardening your browser software."
Whats this?

Not entirely sure... perhaps new feature ?

Banking Protection was provided by the Behavior Blocker in version 9.

I would bet it is Surf Protection = anti-malicious\phishing - which is the same as v. 9... although, they may have added something new.

Banking Protection is one thing that Emsi never clearly explains = how all the modules work together to protect banking online...

 

[jasonX]

When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.

A weakness in my opinion... Emsi should have setting:

"Allow Unknown (to AMN) files to run" or "Block Unknown (to AMN) files from running."

In this way, EAM\EIS would behave as anti-executable when a file - Unknown to the Anti-Malware Network - is launched.

Such a setting would give the user the option to Allow or Block.

It would increase security - and be extremely easy to configure (= 1 radio button).

That's a nice suggestion there. The user should be able to have such option to Allow or Block unknown filed from running.