Emsisoft Surf Protection questions
- Thread starter bjm_
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
You have to do it several times, with reboot and uninstall/reinstall between to confirm the bug.
On a VM or a clean system is better especially if you have other softs installed which could interfere and create the bug.
- May 17, 2015
- 714
If you can reproduce it with a "clean machine" or in a VM, i can report it. Sometimes a re-installation of EAM may solve issues.
- Jul 1, 2017
- 1,396
Could you help me? I installed Emsisoft again. This time I want it to work. Everything is smooth. However Surf Protection does not appear to be triggered when I visit malicious sites on its block lists.
Running it on Windows 10 Pro, I use a local resolver (Deadwood DNS) that binds to 127.0.0.1, I have Windows built-in DNS client disabled
I highly suspect this may be the issue at hand. Is there a way to have EAM check DNS requests sent to 127.0.0.1? If not that's okay. I hope to see it in the future however.
Which site?
EAM doesn't checks or analyzes traffic, it just blocks access to reported malicious domains.Running it on Windows 10 Pro, I use a local resolver (Deadwood DNS) that binds to 127.0.0.1, I have Windows built-in DNS client disabled
I highly suspect this may be the issue at hand. Is there a way to have EAM check DNS requests sent to 127.0.0.1? If not that's okay. I hope to see it in the future however.
I found Emsisoft pretty good at blocking malicious TLD's. It's one of the products that alerted me to Mixpanel when nobody else would block Mixpanel.
With that being said, I would pair it with uBlock at the browser level and Quad9 or FortiGuard DNS at the router level. If you have $60 and 30 minutes, put your own Pi-Hole on the network, add in curated blacklists and DNS forward to Quad9 or FortiGuard and you have a POWERFUL combo with Emsisoft. IMO
I usually turn OFF Web Filtration on AV products because they are intrusive, ineffective, increase your threat surface and slow browsing. Emsisoft is one of the only ones I left online (that and FortiClient). Personally, I don't want my AV MiTM'ing my traffic, do you?
With that being said, I would pair it with uBlock at the browser level and Quad9 or FortiGuard DNS at the router level. If you have $60 and 30 minutes, put your own Pi-Hole on the network, add in curated blacklists and DNS forward to Quad9 or FortiGuard and you have a POWERFUL combo with Emsisoft. IMO
I usually turn OFF Web Filtration on AV products because they are intrusive, ineffective, increase your threat surface and slow browsing. Emsisoft is one of the only ones I left online (that and FortiClient). Personally, I don't want my AV MiTM'ing my traffic, do you?
- Jul 1, 2017
- 1,396
Lo and behold while I was testing to take some screencaps I found out that it does work in Firefox and Internet Explorer!
So it is not working in Chrome and Edge... The URL I used is highlighted in my screenshot. I also randomly tested other URLs in the blocklist
So Surf Protection DOES work flawlessly in my Firefox Nightly and Internet Explorer just not Chrome and Edge.
I need to research what might be causing this. Thank you.
Lo and behold while I was testing to take some screencaps I found out that it does work in Firefox and Internet Explorer!
So it is not working in Chrome and Edge... The URL I used is highlighted in my screenshot. I also randomly tested other URLs in the blocklist
So Surf Protection DOES work flawlessly in my Firefox Nightly and Internet Explorer just not Chrome and Edge.
I need to research what might be causing this. Thank you.
Perhaps cache issue? Wipe Chrome history, flush the cache, and possibly do a reset on it. Then flush the DNS Client on your windows box, reboot and try again.
It is system-wide as far as I know, so it shouldn't be specifically for one browser and not the other. At the end of the day no matter which web-browser engine is used, the connections have to be made eventually and passed through the OS components and this is where Emsisoft will intercept from (Umbra can correct me if I'm wrong as he actually works there and I don't). So AFAIK it should work for all apps system-wide not just a browser process. Because apps other than the browser reach out to malicious hosts sometimes (e.g. Trojan downloaders).
Anyway if I am wrong about the above then maybe Emsisoft inject into browser processes and hook APIs related to networking. This could be a possibility since you mention it doesn't work only for Microsoft Edge and Google Chrome, and guess what... Microsoft Edge and Google Chrome have stronger self-protection unlike Firefox which doesn't seem to try and block DLL injection at all (nor other forms of local code injection). Try disabling AppContainer for Google Chrome if it is enabled and see if Emsisoft Web Protection starts working for it then. I've seen issues about AC stopping Emsisoft injection before on other places but not for a very long time
- Jul 1, 2017
- 1,396
@Opcode I checked again and it's indeed systemwide. Pinging the malicious website via cmd triggers Emsisoft to block it. I wonder if this may be because I whitelisted my local DNS resolver for speed... will remove it from the whitelist and reboot.
Edit: Didn't work. All it did is slow down my local resolver so I whitelisted it again. So we are back to square one. Surf Protection is definitely working system-wide, in IE and Firefox. It is not working in Chrome and Edge which are the most secure browsers. I really think it's something I configured that is probably blocking the hooks in Chrome and Edge's app containers. But that's fine with me as long as I know that Surf Protection works for all non-browser applications that connect to the Internet. I have Google Safebrowsing, uBlock Origin and brain.exe for Chrome and Edge.
Edit: Didn't work. All it did is slow down my local resolver so I whitelisted it again. So we are back to square one. Surf Protection is definitely working system-wide, in IE and Firefox. It is not working in Chrome and Edge which are the most secure browsers. I really think it's something I configured that is probably blocking the hooks in Chrome and Edge's app containers. But that's fine with me as long as I know that Surf Protection works for all non-browser applications that connect to the Internet. I have Google Safebrowsing, uBlock Origin and brain.exe for Chrome and Edge.
Last edited:
ok i tested it, on Chrome it is blocked (with the site posted above). flushing the DNS may help:
in cmd type
Edge mess with Surf Protection probably because of Appcontainer (as said @Opcode)
in cmd type
Code:
ipconfig -flushdnsEdge mess with Surf Protection probably because of Appcontainer (as said @Opcode)
Also note that proxy and other stuff like browser extensions may prevent Surf Protection to work properly. EAM needs hooking the browser.
- Status
Similar threads
