Advice Request Emsisoft Surf Protection questions

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
D

Deleted member 178

? #11, #12, #14 & #15 ?
You have to do it several times, with reboot and uninstall/reinstall between to confirm the bug.
On a VM or a clean system is better especially if you have other softs installed which could interfere and create the bug.
 
  • Like
Reactions: harlan4096

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
You have to do it several times, with reboot and uninstall/reinstall between to confirm the bug.
On a VM or a clean system is better especially if you have other softs installed which could interfere and create the bug.
Okay, my observe, my bug. Thanks
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
If you can reproduce it with a "clean machine" or in a VM, i can report it. Sometimes a re-installation of EAM may solve issues.
Could you help me? I installed Emsisoft again. This time I want it to work. Everything is smooth. However Surf Protection does not appear to be triggered when I visit malicious sites on its block lists.
Running it on Windows 10 Pro, I use a local resolver (Deadwood DNS) that binds to 127.0.0.1, I have Windows built-in DNS client disabled
I highly suspect this may be the issue at hand. Is there a way to have EAM check DNS requests sent to 127.0.0.1? If not that's okay. I hope to see it in the future however. :)
 
D

Deleted member 178

However Surf Protection does not appear to be triggered when I visit malicious sites on its block lists.
Which site?

Running it on Windows 10 Pro, I use a local resolver (Deadwood DNS) that binds to 127.0.0.1, I have Windows built-in DNS client disabled
I highly suspect this may be the issue at hand. Is there a way to have EAM check DNS requests sent to 127.0.0.1? If not that's okay. I hope to see it in the future however. :)
EAM doesn't checks or analyzes traffic, it just blocks access to reported malicious domains.
 
F

ForgottenSeer 58943

I found Emsisoft pretty good at blocking malicious TLD's. It's one of the products that alerted me to Mixpanel when nobody else would block Mixpanel.

With that being said, I would pair it with uBlock at the browser level and Quad9 or FortiGuard DNS at the router level. If you have $60 and 30 minutes, put your own Pi-Hole on the network, add in curated blacklists and DNS forward to Quad9 or FortiGuard and you have a POWERFUL combo with Emsisoft. IMO

I usually turn OFF Web Filtration on AV products because they are intrusive, ineffective, increase your threat surface and slow browsing. Emsisoft is one of the only ones I left online (that and FortiClient). Personally, I don't want my AV MiTM'ing my traffic, do you?
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Which site?


EAM doesn't checks or analyzes traffic, it just blocks access to reported malicious domains.
Lo and behold while I was testing to take some screencaps I found out that it does work in Firefox and Internet Explorer! :D

So it is not working in Chrome and Edge... The URL I used is highlighted in my screenshot. I also randomly tested other URLs in the blocklist
0AZtCU4.jpg


So Surf Protection DOES work flawlessly in my Firefox Nightly and Internet Explorer just not Chrome and Edge.
wx0rLMy.jpg


I need to research what might be causing this. Thank you.
 
F

ForgottenSeer 58943

Lo and behold while I was testing to take some screencaps I found out that it does work in Firefox and Internet Explorer! :D

So it is not working in Chrome and Edge... The URL I used is highlighted in my screenshot. I also randomly tested other URLs in the blocklist
0AZtCU4.jpg


So Surf Protection DOES work flawlessly in my Firefox Nightly and Internet Explorer just not Chrome and Edge.
wx0rLMy.jpg


I need to research what might be causing this. Thank you.


Perhaps cache issue? Wipe Chrome history, flush the cache, and possibly do a reset on it. Then flush the DNS Client on your windows box, reboot and try again.
 
  • Like
Reactions: DeepWeb
D

Deleted member 65228

I need to research what might be causing this. Thank you.
It is system-wide as far as I know, so it shouldn't be specifically for one browser and not the other. At the end of the day no matter which web-browser engine is used, the connections have to be made eventually and passed through the OS components and this is where Emsisoft will intercept from (Umbra can correct me if I'm wrong as he actually works there and I don't). So AFAIK it should work for all apps system-wide not just a browser process. Because apps other than the browser reach out to malicious hosts sometimes (e.g. Trojan downloaders).

Anyway if I am wrong about the above then maybe Emsisoft inject into browser processes and hook APIs related to networking. This could be a possibility since you mention it doesn't work only for Microsoft Edge and Google Chrome, and guess what... Microsoft Edge and Google Chrome have stronger self-protection unlike Firefox which doesn't seem to try and block DLL injection at all (nor other forms of local code injection). Try disabling AppContainer for Google Chrome if it is enabled and see if Emsisoft Web Protection starts working for it then. I've seen issues about AC stopping Emsisoft injection before on other places but not for a very long time
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
@Opcode I checked again and it's indeed systemwide. Pinging the malicious website via cmd triggers Emsisoft to block it. I wonder if this may be because I whitelisted my local DNS resolver for speed... will remove it from the whitelist and reboot.

Edit: Didn't work. All it did is slow down my local resolver so I whitelisted it again. So we are back to square one. Surf Protection is definitely working system-wide, in IE and Firefox. It is not working in Chrome and Edge which are the most secure browsers. I really think it's something I configured that is probably blocking the hooks in Chrome and Edge's app containers. But that's fine with me as long as I know that Surf Protection works for all non-browser applications that connect to the Internet. I have Google Safebrowsing, uBlock Origin and brain.exe for Chrome and Edge. (y)
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top