Q&A Emsisoft Surf Protection questions

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,790
OS
Windows 10
Antivirus
Default-Deny
#22
? #11, #12, #14 & #15 ?
You have to do it several times, with reboot and uninstall/reinstall between to confirm the bug.
On a VM or a clean system is better especially if you have other softs installed which could interfere and create the bug.
 
Likes: harlan4096

bjm_

Level 3
Joined
May 17, 2015
Messages
128
OS
Windows 10
Antivirus
Microsoft
#23
You have to do it several times, with reboot and uninstall/reinstall between to confirm the bug.
On a VM or a clean system is better especially if you have other softs installed which could interfere and create the bug.
Okay, my observe, my bug. Thanks
 
Joined
Jul 1, 2017
Messages
593
OS
Windows 10
Antivirus
Emsisoft
#25
If you can reproduce it with a "clean machine" or in a VM, i can report it. Sometimes a re-installation of EAM may solve issues.
Could you help me? I installed Emsisoft again. This time I want it to work. Everything is smooth. However Surf Protection does not appear to be triggered when I visit malicious sites on its block lists.
Running it on Windows 10 Pro, I use a local resolver (Deadwood DNS) that binds to 127.0.0.1, I have Windows built-in DNS client disabled
I highly suspect this may be the issue at hand. Is there a way to have EAM check DNS requests sent to 127.0.0.1? If not that's okay. I hope to see it in the future however. :)
 

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,790
OS
Windows 10
Antivirus
Default-Deny
#26
However Surf Protection does not appear to be triggered when I visit malicious sites on its block lists.
Which site?

Running it on Windows 10 Pro, I use a local resolver (Deadwood DNS) that binds to 127.0.0.1, I have Windows built-in DNS client disabled
I highly suspect this may be the issue at hand. Is there a way to have EAM check DNS requests sent to 127.0.0.1? If not that's okay. I hope to see it in the future however. :)
EAM doesn't checks or analyzes traffic, it just blocks access to reported malicious domains.
 

Slyguy

Level 32
Joined
Jan 27, 2017
Messages
2,102
OS
Other OS
#27
I found Emsisoft pretty good at blocking malicious TLD's. It's one of the products that alerted me to Mixpanel when nobody else would block Mixpanel.

With that being said, I would pair it with uBlock at the browser level and Quad9 or FortiGuard DNS at the router level. If you have $60 and 30 minutes, put your own Pi-Hole on the network, add in curated blacklists and DNS forward to Quad9 or FortiGuard and you have a POWERFUL combo with Emsisoft. IMO

I usually turn OFF Web Filtration on AV products because they are intrusive, ineffective, increase your threat surface and slow browsing. Emsisoft is one of the only ones I left online (that and FortiClient). Personally, I don't want my AV MiTM'ing my traffic, do you?
 
Joined
Jul 1, 2017
Messages
593
OS
Windows 10
Antivirus
Emsisoft
#28
Which site?


EAM doesn't checks or analyzes traffic, it just blocks access to reported malicious domains.
Lo and behold while I was testing to take some screencaps I found out that it does work in Firefox and Internet Explorer! :D

So it is not working in Chrome and Edge... The URL I used is highlighted in my screenshot. I also randomly tested other URLs in the blocklist


So Surf Protection DOES work flawlessly in my Firefox Nightly and Internet Explorer just not Chrome and Edge.


I need to research what might be causing this. Thank you.
 

Slyguy

Level 32
Joined
Jan 27, 2017
Messages
2,102
OS
Other OS
#29
Lo and behold while I was testing to take some screencaps I found out that it does work in Firefox and Internet Explorer! :D

So it is not working in Chrome and Edge... The URL I used is highlighted in my screenshot. I also randomly tested other URLs in the blocklist


So Surf Protection DOES work flawlessly in my Firefox Nightly and Internet Explorer just not Chrome and Edge.


I need to research what might be causing this. Thank you.

Perhaps cache issue? Wipe Chrome history, flush the cache, and possibly do a reset on it. Then flush the DNS Client on your windows box, reboot and try again.
 
Likes: DeepWeb

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#30
I need to research what might be causing this. Thank you.
It is system-wide as far as I know, so it shouldn't be specifically for one browser and not the other. At the end of the day no matter which web-browser engine is used, the connections have to be made eventually and passed through the OS components and this is where Emsisoft will intercept from (Umbra can correct me if I'm wrong as he actually works there and I don't). So AFAIK it should work for all apps system-wide not just a browser process. Because apps other than the browser reach out to malicious hosts sometimes (e.g. Trojan downloaders).

Anyway if I am wrong about the above then maybe Emsisoft inject into browser processes and hook APIs related to networking. This could be a possibility since you mention it doesn't work only for Microsoft Edge and Google Chrome, and guess what... Microsoft Edge and Google Chrome have stronger self-protection unlike Firefox which doesn't seem to try and block DLL injection at all (nor other forms of local code injection). Try disabling AppContainer for Google Chrome if it is enabled and see if Emsisoft Web Protection starts working for it then. I've seen issues about AC stopping Emsisoft injection before on other places but not for a very long time
 
Joined
Jul 1, 2017
Messages
593
OS
Windows 10
Antivirus
Emsisoft
#31
@Opcode I checked again and it's indeed systemwide. Pinging the malicious website via cmd triggers Emsisoft to block it. I wonder if this may be because I whitelisted my local DNS resolver for speed... will remove it from the whitelist and reboot.

Edit: Didn't work. All it did is slow down my local resolver so I whitelisted it again. So we are back to square one. Surf Protection is definitely working system-wide, in IE and Firefox. It is not working in Chrome and Edge which are the most secure browsers. I really think it's something I configured that is probably blocking the hooks in Chrome and Edge's app containers. But that's fine with me as long as I know that Surf Protection works for all non-browser applications that connect to the Internet. I have Google Safebrowsing, uBlock Origin and brain.exe for Chrome and Edge. (y)
 
Last edited:

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,790
OS
Windows 10
Antivirus
Default-Deny
#32
ok i tested it, on Chrome it is blocked (with the site posted above). flushing the DNS may help:
in cmd type
Code:
ipconfig -flushdns
Edge mess with Surf Protection probably because of Appcontainer (as said @Opcode)
 

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,790
OS
Windows 10
Antivirus
Default-Deny
#33
Also note that proxy and other stuff like browser extensions may prevent Surf Protection to work properly. EAM needs hooking the browser.