Status
Not open for further replies.

SeriousHoax

Level 9
Verified
Malware Tester
Hello Fabian, I was testing Emsisoft's behavior blocker against some popular ransomwares(These) and it was able to detect and quarantine all of them but still one of them(I forgot which one) did some damage because Emsisoft asked me to reboot my system but it failed to boot. I had to reinstall the OS. You are probably familiar with what I'm trying to say here. TBH, I was testing some other AV's too and some of their BB couldn't even detect anything.
My actual question is, if I face such issues and email it to the support email, will they forward that to your team so that you guys can have a look and maybe update something to prevent this from happening? Or maybe you recommend some other ways to reach you?
 

Fabian Wosar

From Emsisoft
Verified
Developer
My actual question is, if I face such issues and email it to the support email, will they forward that to your team so that you guys can have a look and maybe update something to prevent this from happening? Or maybe you recommend some other ways to reach you?
You can send them to submit@emsisoft.com. Make sure to mention explicitly that it is a behaviour blocker bypass. They will make sure it ends up where it needs to be. :)
 

Solarquest

Level 33
Verified
Staff member
Malware Hunter
Hello Fabian,
Few new questions from my side:
- how good is resetting a router in deleting a malware on the device? Do you know (many) malware that "survive" a reset?
- does Emsi in a VM, e.g virtualbox, provide the same protection& detection as on a normal partition (without VM)?
- Emsisoft normally trusts signed files, can a (paranoid) user disable this?
- what are Emsisoft's weaknesses and what can user do to mitigate these (what additional programs do you recommend using)?

Thank you!
 

Fabian Wosar

From Emsisoft
Verified
Developer
- how good is resetting a router in deleting a malware on the device? Do you know (many) malware that "survive" a reset?
Define a reset. If you mean the reset button, then no. It's not enough. That just resets the settings. If by reset you mean you reflash the router. Then yes. That will get rid of it.

- does Emsi in a VM, e.g virtualbox, provide the same protection& detection as on a normal partition (without VM)?
Yes.

- Emsisoft normally trusts signed files, can a (paranoid) user disable this?
No.

- what are Emsisoft's weaknesses and what can user do to mitigate these (what additional programs do you recommend using)?
I am not a fan of stacking lots of applications on top of each other. That is usually only going to end in a major headache. I would recommend:
  • an anti-virus that works well on your system
  • Edge, Chrome, or a Chromium-based browser; Firefox will be my pick once they implement proper sandboxing
  • uBlock Origin (the only ad-blocker worth using; rest is either worse than uBlock or simply not trustworthy)
  • cloud-based backup (Carbonite is decent but they throttle; Backblaze is also decent but doesn't support proper zero-knowledge; SpiderOak is great if you can get over their horrible UI and don't mind paying a premium)
That's it for the most part. Feel free to uninstall Windows Scripting Host, Powershell and everything else you don't need them or restrict components via Group Policies. But personally, I don't even bother with that.
 

Solarquest

Level 33
Verified
Staff member
Malware Hunter
@Fabian Wosar ,

Thank you. (y)
With reflashing the router do you mean connecting a Ethernet cable and in the router menu replacing/updating the firmware with a clean copy of it or a special procedure?
Isn't it possible for a malware to avoid this and even fake the update/flashing of the firmware?
If possible, how many malware do you know that can do it?
 

Nevi

Level 4
Verified
Hi Fabian
Do you have any custom rules,aka host names or IPs that could be implemented in surf protection?
I remember Mamuto, and I still think it would be a big hit if you made it available to the masses again. You dont have any plans about that I imagine? Right now there are a big hole as no one offer something like a BB as stand alone solution.It would be a HIT.:D
 
  • Like
Reactions: rockstarrocks

Fabian Wosar

From Emsisoft
Verified
Developer
With reflashing the router do you mean connecting a Ethernet cable and in the router menu replacing/updating the firmware with a clean copy of it or a special procedure?
No. Just reinstall the firmware. Often routers even have a recovery mode in case a firmware flash went wrong that sits on a separate non-writeable chip that can't be touched by malware. I know my ASUS router has at least.

Isn't it possible for a malware to avoid this and even fake the update/flashing of the firmware?
In theory, yes. I don't think anyone goes that far yet though. Plus there are also recovery flash modes as mentioned above. Most IOT malware doesn't even survive just rebooting the device.

If possible, how many malware do you know that can do it?
I am not an IOT malware expert. So if there is one, I don't know about it.

Do you have any custom rules,aka host names or IPs that could be implemented in surf protection?
If I had one, they would be inside the surf protection database already. ;)

I remember Mamuto, and I still think it would be a big hit if you made it available to the masses again. You dont have any plans about that I imagine? Right now there are a big hole as no one offer something like a BB as stand alone solution.It would be a HIT.:D
It wouldn't be. It would be a big hit here and maybe Wilders. People would wait for huge discounts or free offers or ask for it to be free to begin with and nobody would want to pay for it. When we cancelled Mamutu it has less than 100 paying customers. And yes, back then nobody else was offering BB as a standalone solution either. Literally, nothing has changed since then.
 

Burrito

Level 20
Verified
Fabian,

You have made stated in some way (I don't remember exactly) that free AVs are never really free.

Free AVs serve as ad servers, they monetize your data in possibly multiple ways, they lack key components that AVs should have, they have no support...

With Avast and Kaspersky, I've heard rumors (from people in the industry) of worse with their free products.

Is everything stated above correct from your perspective?

Is there more..?


Thank you.

v/r Burrito
 

Fabian Wosar

From Emsisoft
Verified
Developer
Is everything stated above correct from your perspective?
Yeah. Just keep in mind not all do this. I mean all try to upsell you in one way or another, but some are less bad than others.

What antivirus engine does Emsisoft use?
Bitdefender and our own engine.

Yeah, sorry for the misunderstanding. Do you believe right now and in the future it will be a really required position? Thanks in advance...
Once your company has a certain size, definitely.
 

SumTingWong

Level 22
Verified
1) Any new feature going to be add soon?

2) Do you visit the DeepWeb to track newest malware, attack, exploit, and other tactics hackers are planning?

3) Do you use VPN? If yes what is your favorite VPN?
 

Fabian Wosar

From Emsisoft
Verified
Developer

Robbie

Level 28
Verified
Content Creator
What do you think about general online privacy? About moanings about Google monitoring, Microsoft, Facebook? Do you think all the telemetry is necessary for offering better services? Does it involve a risk to our security or privacy?
 
Status
Not open for further replies.