Emsisoft Now Has Script\Interpreter Protections

  • Thread starter Thread starter hjlbx
  • Start date Start date
Status
Not open for further replies.
hjlbx said:
Sandboxie... I have to test, but I would think it would - but only if properly configured. Sounds familiar, right ?

With Sandboxie there is a lot of configuration possible... like Comodo. So I would be surprised if advanced configured "Secure" box did not protect.

I have to find script sample again... I lost it... Hee, hee...

IF there is bypass, of course I would let SBIE know about it by giving Invincea the script. Whether they can, or will, fix it is an entirely different matter.

Default Sandboxie box, I think, will not protect...
Click to expand...
Does CIS default settings protects against the mentioned script?
 
yesnoo said:
Does CIS default settings protects against the mentioned script?
Click to expand...

Comodo detects it as malicious.

If deactivate Comodo antivirus module, script will run in sandbox. It will delete Download folder contents... unless you add that folder to Protected Objects or virtualize the Download directory.

So, basically, yes...
 
hjlbx said:
Comodo detects it as malicious.

If deactivate Comodo antivirus module, script will run in sandbox. It will delete Download folder contents... unless you add that folder to Protected Objects or virtualize the Download directory.

So, basically, yes...
Click to expand...
Ok...got it.
 
I just visited Emsisoft support forum last night to check if they are going to release any version soon. Then i came across this one thread user asked one of Emsisoft staff when are they going to release new version to address Emsisoft firewall issue or whatever the heck is, and what astonished me is they have to WAIT FOR A MONTH to fix this issue. What a disappointed on you Emsisoft.

EIS cause Windows Update unable to connect to the internet. - Emsisoft Internet Security
 
hjlbx said:
EAM\EIS is not anti-executable like AppGuard, NoVirus Thanks Exe Radar Pro or VooDooShield.

If a malicious script triggers the Behavior Blocker, then it will generate an alert. So, in other words, unless a file does something covered by the BB, EAM\EIS will not alert. I have submitted a really nasty WinKill script to Emsi that deletes the entire disk. The reply was they can't do anything about that (since there are valid scripts that perform deletions...). It is new feature, so let 'em figure it out...
Click to expand...
I think anyone would want to know if something is attempting to delete the entire disk Lol. Who's worried about a false positive in that scenario. If the user really is trying to wipe their disk they can always just allow the action when prompted. They can even shut the protection down if needed.
 
cutting_edgetech said:
I think anyone would want to know if something is attempting to delete the entire disk Lol. Who's worried about a false positive in that scenario. If the user really is trying to wipe their disk they can always just allow the action when prompted. They can even shut the protection down if needed.
Click to expand...

I agree, but I have learned from experience sometimes it is just best to leave it alone.
 
Status
Not open for further replies.

You may also like...