Raiden

Level 9
Content Creator
Verified
Emsisoft's BB showing some fatigue these days. It's not what it was a few years back. Although it is still a great product. On the other side malwares have become more sophisticated too.Thanx for sharing.
I think it just goes to show that any product can miss malware, regardless of what features it may have (ie BB, Ai, etc..). There's no magical silver bullet that will protect you from every single piece of malware. It's still very much a cat and mouse game. Secuirty products get an edge for a while, hackers develop malware to get around them. Its a never ending cycle that will always continue.
 

Fabian Wosar

From Emsisoft
Developer
Verified
The behaviour blocker did actually notice the encryption taking place, however: It decided to let the encryption continue since GPG is a legit tool.

It's more an issue with the way EAM trusts processes. Currently, trust is given on a per-process basis. So GPG for example is either trusted or not, no matter the circumstances. We are currently reworking the way trust works in EAM, so it assigns trust based on a trust-chain. That means, GPG may be trusted when it is started by a trusted process, but not if it is started by an unknown or untrusted process.

So you running GPG in your command line window will be okay, as your command line window was started by Explorer, which was started by UserInit, which was started by WinLogon, which was started by the OS during initialisation, all of which are considered trustworthy. However, a batch script running GPG, would result in GPG not being trusted, as the batch script isn't trusted.

There is no ETA yet for when this change will roll out, but it won't be this year ;)
 

SHvFl

Level 35
Content Creator
Trusted
Verified
The behaviour blocker did actually notice the encryption taking place, however: It decided to let the encryption continue since GPG is a legit tool.

It's more an issue with the way EAM trusts processes. Currently, trust is given on a per-process basis. So GPG for example is either trusted or not, no matter the circumstances. We are currently reworking the way trust works in EAM, so it assigns trust based on a trust-chain. That means, GPG may be trusted when it is started by a trusted process, but not if it is started by an unknown or untrusted process.

So you running GPG in your command line window will be okay, as your command line window was started by Explorer, which was started by UserInit, which was started by WinLogon, which was started by the OS during initialisation, all of which are considered trustworthy. However, a batch script running GPG, would result in GPG not being trusted, as the batch script isn't trusted.

There is no ETA yet for when this change will roll out, but it won't be this year ;)
Lol, i really hope this year means 2018 and not 2019 :p
 
Last edited:
Reactions: DDE_Server

Similar Threads

Similar Threads