Wraith

Level 13
Verified
Malware Tester
It seems that Emsisoft doesn't monitor the child processes if it's a trusted process. Fcrypt used cmd to encrypt the files and since cmd is a trusted windows component, the BB ignored it's actions. I wonder how OSArmor would fare in such a situation.
 

Arequire

Level 23
Verified
Content Creator
Big Emsisoft flaw. You must correct that.:p
It's being worked on:
We are currently reworking the way trust works in EAM, so it assigns trust based on a trust-chain. That means, GPG may be trusted when it is started by a trusted process, but not if it is started by an unknown or untrusted process.

There is no ETA yet for when this change will roll out ...