Petrovic

Level 63
Verified
Joined
Apr 25, 2013
Messages
5,285
#1

spaceoctopus

Level 14
Verified
Joined
Jul 13, 2014
Messages
662
Operating System
Windows 10
Antivirus
Malwarebytes
#2
Emsisoft's BB showing some fatigue these days. It's not what it was a few years back. Although it is still a great product. On the other side malwares have become more sophisticated too.Thanx for sharing.
 

SumTingWong

Level 20
Verified
Joined
Apr 2, 2018
Messages
963
Operating System
Windows 10
Antivirus
Emsisoft
#3
Emsisoft's BB showing some fatigue these days. It's not what it was a few years back. Although it is still a great product. On the other side malwares have become more sophisticated too.Thanx for sharing.
Same thing with Qihoo 360 QVME engine. In the past, it is the best against unknown threats. Nowadays, it is a let down.
 

Raiden

Level 7
Content Creator
Verified
Joined
May 7, 2018
Messages
316
Operating System
Windows 10
Antivirus
Emsisoft
#4
Emsisoft's BB showing some fatigue these days. It's not what it was a few years back. Although it is still a great product. On the other side malwares have become more sophisticated too.Thanx for sharing.
I think it just goes to show that any product can miss malware, regardless of what features it may have (ie BB, Ai, etc..). There's no magical silver bullet that will protect you from every single piece of malware. It's still very much a cat and mouse game. Secuirty products get an edge for a while, hackers develop malware to get around them. Its a never ending cycle that will always continue.
 

Fabian Wosar

From Emsisoft
Developer
Verified
Joined
Jun 29, 2014
Messages
120
#6
The behaviour blocker did actually notice the encryption taking place, however: It decided to let the encryption continue since GPG is a legit tool.

It's more an issue with the way EAM trusts processes. Currently, trust is given on a per-process basis. So GPG for example is either trusted or not, no matter the circumstances. We are currently reworking the way trust works in EAM, so it assigns trust based on a trust-chain. That means, GPG may be trusted when it is started by a trusted process, but not if it is started by an unknown or untrusted process.

So you running GPG in your command line window will be okay, as your command line window was started by Explorer, which was started by UserInit, which was started by WinLogon, which was started by the OS during initialisation, all of which are considered trustworthy. However, a batch script running GPG, would result in GPG not being trusted, as the batch script isn't trusted.

There is no ETA yet for when this change will roll out, but it won't be this year ;)
 

SHvFl

Level 35
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,450
Operating System
Windows 10
#8
The behaviour blocker did actually notice the encryption taking place, however: It decided to let the encryption continue since GPG is a legit tool.

It's more an issue with the way EAM trusts processes. Currently, trust is given on a per-process basis. So GPG for example is either trusted or not, no matter the circumstances. We are currently reworking the way trust works in EAM, so it assigns trust based on a trust-chain. That means, GPG may be trusted when it is started by a trusted process, but not if it is started by an unknown or untrusted process.

So you running GPG in your command line window will be okay, as your command line window was started by Explorer, which was started by UserInit, which was started by WinLogon, which was started by the OS during initialisation, all of which are considered trustworthy. However, a batch script running GPG, would result in GPG not being trusted, as the batch script isn't trusted.

There is no ETA yet for when this change will roll out, but it won't be this year ;)
Lol, i really hope this year means 2018 and not 2019 :p
 
Last edited:
Likes: Eng_Mohamed