Emsisoft Now Has Script\Interpreter Protections

SloppyMcFloppy · Oct 9, 2015

Azure Phoenix said:
I haven't had any issue with updating Emsisoft or Windows Update.

Are you using the latest beta EIS?

Azure · Oct 9, 2015

user102 said:
Are you using the latest beta EIS?

No. Stable version

Deleted member 2913 · Oct 9, 2015

hjlbx said:
Sandboxie... I have to test, but I would think it would - but only if properly configured. Sounds familiar, right ?

With Sandboxie there is a lot of configuration possible... like Comodo. So I would be surprised if advanced configured "Secure" box did not protect.

I have to find script sample again... I lost it... Hee, hee...

IF there is bypass, of course I would let SBIE know about it by giving Invincea the script. Whether they can, or will, fix it is an entirely different matter.

Default Sandboxie box, I think, will not protect...

Does CIS default settings protects against the mentioned script?

hjlbx · Oct 9, 2015

yesnoo said:
Does CIS default settings protects against the mentioned script?

Comodo detects it as malicious.

If deactivate Comodo antivirus module, script will run in sandbox. It will delete Download folder contents... unless you add that folder to Protected Objects or virtualize the Download directory.

So, basically, yes...

Deleted member 2913 · Oct 9, 2015

hjlbx said:
Comodo detects it as malicious.

If deactivate Comodo antivirus module, script will run in sandbox. It will delete Download folder contents... unless you add that folder to Protected Objects or virtualize the Download directory.

So, basically, yes...

Ok...got it.

SloppyMcFloppy · Oct 10, 2015

I just visited Emsisoft support forum last night to check if they are going to release any version soon. Then i came across this one thread user asked one of Emsisoft staff when are they going to release new version to address Emsisoft firewall issue or whatever the heck is, and what astonished me is they have to WAIT FOR A MONTH to fix this issue. What a disappointed on you Emsisoft.

EIS cause Windows Update unable to connect to the internet. - Emsisoft Internet Security

cutting_edgetech · Oct 29, 2015

hjlbx said:
EAM\EIS is not anti-executable like AppGuard, NoVirus Thanks Exe Radar Pro or VooDooShield.

If a malicious script triggers the Behavior Blocker, then it will generate an alert. So, in other words, unless a file does something covered by the BB, EAM\EIS will not alert. I have submitted a really nasty WinKill script to Emsi that deletes the entire disk. The reply was they can't do anything about that (since there are valid scripts that perform deletions...). It is new feature, so let 'em figure it out...

I think anyone would want to know if something is attempting to delete the entire disk Lol. Who's worried about a false positive in that scenario. If the user really is trying to wipe their disk they can always just allow the action when prompted. They can even shut the protection down if needed.

hjlbx · Oct 29, 2015

cutting_edgetech said:
I think anyone would want to know if something is attempting to delete the entire disk Lol. Who's worried about a false positive in that scenario. If the user really is trying to wipe their disk they can always just allow the action when prompted. They can even shut the protection down if needed.

I agree, but I have learned from experience sometimes it is just best to leave it alone.

Search

Emsisoft Now Has Script\Interpreter Protections

SloppyMcFloppy

Level 13

Azure

Level 28

Deleted member 2913

hjlbx

Deleted member 2913

SloppyMcFloppy

Level 13

cutting_edgetech

Level 3

hjlbx

Similar threads