Hi
hjlbx Yeah I know that as a long time user of it's HIPS. I like the granularity. I was under the impression of what
Alexstrasza meant to state that BB can do block that trigger-mechanism the same as HIPS can. Bu then again OA is dead now
Kaspersky can block that too! Nice and sweet! Love your posts about Kaspersky
Emsisoft is very good software. It has some advanced protections but they are not well documented or explained.
One of EAM\EIS weaknesses is malicious scripts that call interpreters (e.g. cmd.exe, wscript.exe, etc) to perform hidden downloads and other malicious actions. In EAM\EIS interpreters should not be assigned the default "Allowed" rule but instead a "Custom" one.
Same should be done when using Kaspersky.
Comodo on the other hand treats any unknown script the same as any unknown application; it generates HIPS and firewall alerts for any Unrecognized script - dependent upon that script's behavior.
I never bothered with Online Armor as it was clear to me that it was going to be phased out; all the signs were there that Emsi would drop OA.
* * * * *
I understand both your argument and Alex's.
Alex is simply stating that if one application launches another, that in itself, is not malicious... so the Emsi Behavior Blocker doesn't even monitor that type of behavior.
You wish to block "ET call home" syndrome... and that's fine too.
Securing a system following one paradigm versus another is entirely a personal matter involving one's motivation, paranoia level and tolerance for certain inconveniences, maintenance, interface hassles, etc.