Emsisoft Antimalware Suggestions

  • Thread starter Deleted member 2913
  • Start date
Status
Not open for further replies.
D

Deleted member 2913

Thread author
Emsisoft Antimalware Network allows safe & blocks malicious.
For unknown there will be popup, right?

Is the Behavior Blocker like BB or HIPS?
i.e on unknown program execution you get a popup & selecting block blocks the program & selecting allow allows the program Or during install too you get popups like doing this, modifying that, etc...?

No probs with Windows Updates i.e popups for Windows Updates, right?
 
  • Like
Reactions: Logethica
H

hjlbx

Thread author
Emsisoft Antimalware Network allows safe & blocks malicious.
For unknown there will be popup, right?

Is the Behavior Blocker like BB or HIPS?
i.e on unknown program execution you get a popup & selecting block blocks the program & selecting allow allows the program Or during install too you get popups like doing this, modifying that, etc...?

No probs with Windows Updates i.e popups for Windows Updates, right?

When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.

A weakness in my opinion... Emsi should have setting:

"Allow Unknown (to AMN) files to run" or "Block Unknown (to AMN) files from running."

In this way, EAM\EIS would behave as anti-executable when a file - Unknown to the Anti-Malware Network - is launched.

Such a setting would give the user the option to Allow or Block.

It would increase security - and be extremely easy to configure (= 1 radio button).
 
  • Like
Reactions: jasonX
D

Deleted member 2913

Thread author
When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.

A weakness in my opinion... Emsi should have setting:

"Allow Unknown (to AMN) files to run" or "Block Unknown (to AMN) files from running."

In this way, EAM\EIS would behave as anti-executable when a file - Unknown to the Anti-Malware Network - is launched.

Such a setting would give the user the option to Allow or Block.

It would increase security - and be extremely easy to configure (= 1 radio button).
Yes, that setting would be good & easy & no messy/corrupt installation by average users.
Either allow or block the program execution. And with AMN average users will rarely get alerts so they could be asked to block any alerts. Plus option to block instead of alerts would be good too...like Kaspersky Trusted Mode.
 
  • Like
Reactions: Logethica
D

Deleted member 2913

Thread author
When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.
The above bold I am worried about.
Certain Behavior - Only suspicious/malicious behavior - Good.
But if alerts for simply things like adding startup entry, modifying this-that then prob for average users. And I guess this is the case.
 
  • Like
Reactions: Logethica
D

Deleted member 2913

Thread author
How to set password protection?
I set password but can change settings, shutdown, etc... & it doesn't ask for password?

I am liking EAM. Very light & no probs at all.

Is EIS too same as EAM i.e very light or not as it has FW?
 
Last edited by a moderator:
  • Like
Reactions: Logethica
D

Deleted member 2913

Thread author
How does EAM works?
i.e I see its antimalware network checks programs. And as per HJLBX AMN blocks malicious, allows safe & allows unknown but gives popup if suspicious behavior detected - This is fine & I get it.

What about those programs that run & no AMN checks popup appear?
So are those programs in some kinda local whitelist? Or its default allow approach?...if its default allow approach then why AMN checks popup appear for some programs...coz of some behavior detected?
 
  • Like
Reactions: Logethica
H

hjlbx

Thread author
So are those programs in some kinda local whitelist?

Yes. There is local white-list of "Trusted" applications downloaded during updates. If you look closely at the files downloaded during updates, you should see a file with an abbreviation\coded reference to 'Trust." That is trusted applications (white-list).

Goto the updates pane and open log. Inspect the downloaded files. You will see some coded references to Trusted and White-List. I'm doing this completely from memory... so forgive me if I do not have super-precise details.

I'm not sure as to the scope of the list nor how often it is updated. My take is that the local white-list contains Windows (OS) and the most widely-used trustworthy files; all other files are queried by the Behavior Blocker against Anti-Malware Network database.

I think it is still a big list despite being a relatively small size file; afterall, you can fit a ton of info inside a data file.
 
Last edited by a moderator:
D

Deleted member 2913

Thread author
Yes. There is local white-list of "Trusted" applications downloaded during updates. If you look closely at the files downloaded during updates, you should see a file with an abbreviation\coded reference to 'Trust." That is trusted applications (white-list).

Goto the updates pane and open log. Inspect the downloaded files. You will see some coded references to Trusted and White-List. I'm doing this completely from memory... so forgive me if I do not have super-precise details.

I'm not sure as to the scope of the list nor how often it is updated. My take is that the local white-list contains Windows (OS) and the most widely-used trustworthy files; all other files are queried by the Behavior Blocker against Anti-Malware Network database.

I think it is still a big list despite being a relatively small size file; afterall, you can fit a ton of info inside a data file.
Whatever size the local whitelist is seems good. AMN too seems good. I ran all the programs on my system & not a single popup. 4 programs were checked by AMN & found safe. EAM seems an excellent software.
 
  • Like
Reactions: Logethica
H

hjlbx

Thread author
Whatever size the local whitelist is seems good. AMN too seems good. I ran all the programs on my system & not a single popup. 4 programs were checked by AMN & found safe. EAM seems an excellent software.

Migrating from CIS to Emsisoft is like transitioning from a ditch-digger to an engineer.

One is all about manual administration while the other is more about balanced automation.

You know what I mean...

Emsi has their "stuff" together... so comparing Emsi and Comodo is not really fair.

Emsi has one weakness = interpreters are not well-protected and scripts are not well-monitored. It's OK. Just add NVT ERP or AG.
 
Last edited by a moderator:
H

hjlbx

Thread author
Any advantage of the FW in EIS?

Best FW UI, easy-to-learn, easy-to-use...

Old test shows OA firewall was only bested by Comodo.

EIS firewall is not OA firewall - it is further refined and improved - so, in theory, EIS is probably right there with CFW in practical terms.

Of course, I can't substantiate with any kind of data or documentation... but knowing Emsi, I know this much - it is quite a secure FW.
 
D

Deleted member 2913

Thread author
EAM is running light on my laptop.
Will EIS run similarly on my laptop or FW brings some heaviness with it?
 
  • Like
Reactions: Logethica
H

hjlbx

Thread author
EAM is running light on my laptop.
Will EIS run similarly on my laptop or FW brings some heaviness with it?

Both EAM and EIS ran very light = I noticed no difference and unless I ran a full system scan, I didn't notice either was there.

W8.1 - EAM and EIS work terrific...
 
D

Deleted member 2913

Thread author
EIS details on Emsi website mentions----
"Bonus: Online Banking Protection
Keeps fraudsters away from your money by hardening your browser software."
Whats this?
 
  • Like
Reactions: Logethica
H

hjlbx

Thread author
EIS details on Emsi website mentions----
"Bonus: Online Banking Protection
Keeps fraudsters away from your money by hardening your browser software."
Whats this?

Not entirely sure... perhaps new feature ?

Banking Protection was provided by the Behavior Blocker in version 9.

I would bet it is Surf Protection = anti-malicious\phishing - which is the same as v. 9... although, they may have added something new.

Banking Protection is one thing that Emsi never clearly explains = how all the modules work together to protect banking online...
 

jasonX

Level 9
Apr 13, 2012
421
When EAM\EIS detects Unknown program, it will generate Anti-Malware Network pop-up - when it performs the query. If the file is Unknown, EAM\EIS will allow it to run. If EAM\EIS detects certain behaviors, then it will generate BB alert.

A weakness in my opinion... Emsi should have setting:

"Allow Unknown (to AMN) files to run" or "Block Unknown (to AMN) files from running."

In this way, EAM\EIS would behave as anti-executable when a file - Unknown to the Anti-Malware Network - is launched.

Such a setting would give the user the option to Allow or Block.

It would increase security - and be extremely easy to configure (= 1 radio button).

That's a nice suggestion there. The user should be able to have such option to Allow or Block unknown filed from running.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top