Q&A Emsisoft Surf Protection questions

Discussion in 'Emsisoft' started by bjm_, Nov 25, 2017.

  1. bjm_

    bjm_ Level 3

    May 17, 2015
    106
    180
    Zestafoni, Georgia
    Windows 10
    Microsoft
    ? #11, #12, #14 & #15 ?
     
  2. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,643
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    You have to do it several times, with reboot and uninstall/reinstall between to confirm the bug.
    On a VM or a clean system is better especially if you have other softs installed which could interfere and create the bug.
     
    harlan4096 likes this.
  3. bjm_

    bjm_ Level 3

    May 17, 2015
    106
    180
    Zestafoni, Georgia
    Windows 10
    Microsoft
    Okay, my observe, my bug. Thanks
     
  4. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,643
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    If you can reproduce it with a "clean machine" or in a VM, i can report it. Sometimes a re-installation of EAM may solve issues.
     
    harlan4096 likes this.
  5. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    437
    1,414
    Nurse
    On a journey
    Windows 10
    Emsisoft
    Could you help me? I installed Emsisoft again. This time I want it to work. Everything is smooth. However Surf Protection does not appear to be triggered when I visit malicious sites on its block lists.
    Running it on Windows 10 Pro, I use a local resolver (Deadwood DNS) that binds to 127.0.0.1, I have Windows built-in DNS client disabled
    I highly suspect this may be the issue at hand. Is there a way to have EAM check DNS requests sent to 127.0.0.1? If not that's okay. I hope to see it in the future however. :)
     
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,643
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Which site?

    EAM doesn't checks or analyzes traffic, it just blocks access to reported malicious domains.
     
    harlan4096 and DeepWeb like this.
  7. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS
    I found Emsisoft pretty good at blocking malicious TLD's. It's one of the products that alerted me to Mixpanel when nobody else would block Mixpanel.

    With that being said, I would pair it with uBlock at the browser level and Quad9 or FortiGuard DNS at the router level. If you have $60 and 30 minutes, put your own Pi-Hole on the network, add in curated blacklists and DNS forward to Quad9 or FortiGuard and you have a POWERFUL combo with Emsisoft. IMO

    I usually turn OFF Web Filtration on AV products because they are intrusive, ineffective, increase your threat surface and slow browsing. Emsisoft is one of the only ones I left online (that and FortiClient). Personally, I don't want my AV MiTM'ing my traffic, do you?
     
  8. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    437
    1,414
    Nurse
    On a journey
    Windows 10
    Emsisoft
    Lo and behold while I was testing to take some screencaps I found out that it does work in Firefox and Internet Explorer! :D

    So it is not working in Chrome and Edge... The URL I used is highlighted in my screenshot. I also randomly tested other URLs in the blocklist
    [​IMG]

    So Surf Protection DOES work flawlessly in my Firefox Nightly and Internet Explorer just not Chrome and Edge.
    [​IMG]

    I need to research what might be causing this. Thank you.
     
  9. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,090
    4,371
    Fortinet Engineer
    USA
    Other OS

    Perhaps cache issue? Wipe Chrome history, flush the cache, and possibly do a reset on it. Then flush the DNS Client on your windows box, reboot and try again.
     
    DeepWeb likes this.
  10. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    890
    6,302
    Caille
    Windows 10
    It is system-wide as far as I know, so it shouldn't be specifically for one browser and not the other. At the end of the day no matter which web-browser engine is used, the connections have to be made eventually and passed through the OS components and this is where Emsisoft will intercept from (Umbra can correct me if I'm wrong as he actually works there and I don't). So AFAIK it should work for all apps system-wide not just a browser process. Because apps other than the browser reach out to malicious hosts sometimes (e.g. Trojan downloaders).

    Anyway if I am wrong about the above then maybe Emsisoft inject into browser processes and hook APIs related to networking. This could be a possibility since you mention it doesn't work only for Microsoft Edge and Google Chrome, and guess what... Microsoft Edge and Google Chrome have stronger self-protection unlike Firefox which doesn't seem to try and block DLL injection at all (nor other forms of local code injection). Try disabling AppContainer for Google Chrome if it is enabled and see if Emsisoft Web Protection starts working for it then. I've seen issues about AC stopping Emsisoft injection before on other places but not for a very long time
     
  11. DeepWeb

    DeepWeb Level 9

    Jul 1, 2017
    437
    1,414
    Nurse
    On a journey
    Windows 10
    Emsisoft
    #31 DeepWeb, Dec 24, 2017
    Last edited: Dec 24, 2017
    @Opcode I checked again and it's indeed systemwide. Pinging the malicious website via cmd triggers Emsisoft to block it. I wonder if this may be because I whitelisted my local DNS resolver for speed... will remove it from the whitelist and reboot.

    Edit: Didn't work. All it did is slow down my local resolver so I whitelisted it again. So we are back to square one. Surf Protection is definitely working system-wide, in IE and Firefox. It is not working in Chrome and Edge which are the most secure browsers. I really think it's something I configured that is probably blocking the hooks in Chrome and Edge's app containers. But that's fine with me as long as I know that Surf Protection works for all non-browser applications that connect to the Internet. I have Google Safebrowsing, uBlock Origin and brain.exe for Chrome and Edge. (y)
     
    TerrakionSmash and Opcode like this.
  12. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,643
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    ok i tested it, on Chrome it is blocked (with the site posted above). flushing the DNS may help:
    in cmd type
    Code:
    ipconfig -flushdns
    Edge mess with Surf Protection probably because of Appcontainer (as said @Opcode)
     
    Opcode, harlan4096 and DeepWeb like this.
  13. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,643
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Also note that proxy and other stuff like browser extensions may prevent Surf Protection to work properly. EAM needs hooking the browser.
     
    Opcode and DeepWeb like this.
Loading...
Similar Threads Forum Date
Prevent malware from entering your PC with Emsisoft Surf Protection Emsisoft Feb 18, 2013
Emsisoft awarded VB100 certification in latest Virus Bulletin test Emsisoft Tuesday at 7:08 PM
On Sale! 50% OFF Folder Marker PRO with free Emsisoft Anti-Malware Discounts & Deals Tuesday at 4:01 AM