Q&A File Guard questions

Discussion in 'Emsisoft' started by bjm_, Nov 25, 2017.

  1. bjm_

    bjm_ Level 3

    May 17, 2015
    106
    180
    Zestafoni, Georgia
    Windows 10
    Microsoft
    #1 bjm_, Nov 25, 2017
    Last edited: Nov 25, 2017
    Feature Settings Check – Download of Compressed Malware » AMTSO
    zip and zipx pass after I add zipx extension. jar is pass. Pass means Alert dialog w Quarantine.
    7zip, winrar, targz, ace, cab, lzh, rar-sfx and zip-sfx = fail...after adding their extensions (targz added also as tgz).
    Fail means no Alert dialog.
    File Guard.png
    1890.png
    1892.png
    Um, is there a way to make fail extensions pass?
    Thanks
     
    bribon77 and upnorth like this.
  2. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    891
    6,322
    Caille
    Windows 10
    #2 Opcode, Nov 25, 2017
    Last edited: Nov 25, 2017
    I believe it is related to Emsisoft Anti-Malware and archive scanning support; as far as I am aware, there is none. However, even if this is really the case, this is not so much of a big deal... When you unpack the archive, the File Guard will scan the extracted objects and will flag them if there is an available detection for those objects.

    If I am incorrect about archive scanning support, hopefully someone who works for the vendor like @Umbra will be able to correct me. :)
     
    bribon77 and bjm_ like this.
  3. bjm_

    bjm_ Level 3

    May 17, 2015
    106
    180
    Zestafoni, Georgia
    Windows 10
    Microsoft
    #3 bjm_, Nov 25, 2017
    Last edited: Nov 25, 2017
    Yes, I'm somewhat familiar with on-demand scan for archives as some AV just look at raw file. I thought since Emsisoft offered adding extensions. And since adding zipx worked. I thought adding other extensions would work too.
    As you see on-demand worked for 7z and rar.
    1895.png 1896.png
    Presume on-demand will work with other extensions that failed.

    And on-access worked for 7z and rar.
    1897.png 1898.png

    So, question now is. Does it work because I've added 7z and rar extensions?
    Did I need to add extensions for Emsisoft to recognize archive sample?
    And what happens if I uncheck Only scan files with specific extensions?
    1899.png
    Does Emsisoft then scan samples with any & all extensions by default?

    Edit: reset all settings to default.
    on-demand & on-access appear to work as above.
    Just testing from Amtso site allows 7z, rar and 6 other files to reach my desktop.
    And what happens if I uncheck Only scan files with specific extensions?

    I'm on Trial so, just trying to see whats what.
    Regards w Respect
     
  4. Nightwalker

    Nightwalker Level 7

    May 26, 2014
    325
    1,287
    Lawyer
    Windows 10
    Emsisoft
    [​IMG]

    Try those settings above, it will scan and detect what you want, but personally I dont see the point in this configuration, the malware is inactive and will be scanned anyway if it try to execute.

    I actually use the "Fast Scan level" (scan on execution only) with very satisfactory results.

    Thats how I use and recommend:


    [​IMG]
     
    bribon77, bjm_ and Azure Phoenix like this.
  5. bjm_

    bjm_ Level 3

    May 17, 2015
    106
    180
    Zestafoni, Georgia
    Windows 10
    Microsoft
    Thanks. Appreciate your advice.
     
    bribon77 likes this.
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,165
    29,659
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Fast scan is good if you have, like me, a static system (means you don't install new apps all the time). If not the balanced one is what i recommend to average users.
     
    Azure Phoenix and Opcode like this.
  7. Nightwalker

    Nightwalker Level 7

    May 26, 2014
    325
    1,287
    Lawyer
    Windows 10
    Emsisoft
    [​IMG]

    Emsisoft Anti-Malware and Emsisoft Internet Security 9.0 Public Beta

    I have been using these settings since I read Fabian insights and never had a problem with it ...
     
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,165
    29,659
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    yes me too i always uses "Fast", good enough to me.
     
    Azure Phoenix likes this.
Loading...
Similar Threads Forum Date
AppGuard Customers Protected Against Process Doppelgänging - Fileless Attack AppGuard (Blue Ridge Networks) Dec 10, 2017
Q&A AdGuard Installer doesn't allow me to download files General Security Discussions Oct 8, 2017
SOLVED Can not run Malwarebytes or Avast. (Have file called SafeGuard32.dll and SafeGuard64.dll) Malware Removal Assistance For Windows Mar 20, 2016