New in 2018.1: Revamped Behavior Blocker user experience

  • Thread starter Deleted member 178
  • Start date

Do you like this change?

  • Yes

    Votes: 27 77.1%
  • No (explain why)

    Votes: 8 22.9%

  • Total voters
    35
Status
Not open for further replies.
D

Deleted member 178

Thread author
Jumping into the new year, we’re proud to announce the first significant update in our monthly release cycle that carries the major version “2018”. The main goal for our development team this month was to streamline and improve the user experience of our most important defence wall against new and unknown malware threats: The Behavior Blocker.

When you open the main user interface of Emsisoft Anti-Malware, you’ll notice that we have merged the panel of the Application Rules with that of the Behavior Blocker. This was a logical move as the two are closely related to the same thing: Defining which of the active programs shall be monitored, are trustworthy, or should be prevented from starting up. Instead of manually creating rules for specific program paths, you can now easily double-click one of the active processes to define a new “allow”, “monitor” (default) or “block” rule. The new application list also shows nicely which programs are excluded from monitoring as it integrates the Exclusions list too.

In the same set of improvements we’re launching a new feature to create application rule templates that professional users can now define via the Emsisoft Enterprise Console. In situations where a specific program needs to be excluded from protection across the entire network, or when a specific unwanted program needs to be blocked from running globally, it’s now an easy task to implement that with templates that also support wildcards and environment variables.

Read more here

About the BB's advanced options discontinuation:

Fabian Wosar (lead dev) said:
Those "advanced rules" will not come back. The reason for that is that over the next months we are going to roll out a new generation of our behaviour blocker technology. Unlike the existing behaviour blocker, where we have specific triggers that cause certain alerts to appear, the new system is built on a more holistic model. That means, alerts are not triggered by one action happening under a specific combination of circumstances, but by a whole bunch of actions, that stretch across multiple areas. As a result a clear mapping between trigger and alert becomes impossible
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I have been using Emsisoft since 2010 and this was a change that I really didnt like, it was very easy to spot potential threats and control programs with the "old" behavior blocker panel (something that Emsisoft even advertised!)

How to use the new behavior blocker panel to quickly spot potential threats

Old panel
ContextMenuBB_151805.png

New panel
y97hFuwMSBOkI7ILmS0OlQ.png

I understand those changes, but for me it is a "no no".
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
What does "monitored" written against a process/program means? Is it like Webroot's monitoring or simply that program is unknown in EAM cloud?

Not exactly, it means that Emisisoft behavior blocker has successfully injected "a2hooks.dll" (user mode) on the process, so it can be monitored at a very deep level for malicious behavior.

Some executables (like Windows System Files) cant be injected without risking OS stability, so it is show as "not monitored", but I cant explain the exact logic and rules behind this.
 

gin

Level 7
Verified
Jan 16, 2014
343

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
@Nightwalker only an handful of people used thiese options properly anyway. As Fabian, said now EAM's BB monitor the behaviors of the system in a "bigger picture" , not just individual behaviors.

I understand those changes, but what about the "Show or hide fully trusted programs" option that was removed?

For me this new panel is a feature regression, but ofcourse it is just my two cents.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Users who can fine-tune the behavior of software think that the previous setting is more convenient.
However, if you are dealing with suspicious activity while working on a PC, it may be reasonable to use settings like this task manager.

About displaying or hiding completely trustworthy programs
I agree with @ Nightwalker.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
@Umbra
I found some items that are "trusted". I think these are items that I allowed manually when EAM asked for my decision regarding them. Should they not be better marked as "monitored" when I manually allowed them to run?
 
Last edited:
D

Deleted member 178

Thread author
but what about the "Show or hide fully trusted programs" option that was removed?

For me this new panel is a feature regression, but ofcourse it is just my two cents.
You shouldn't have many trusted programs, so having a button for them isn't much necessary.
It is not a regression, it is an improvement for the masses, simpler for them to use EAM; of course geeks want their tweaking settings but it is not a good thing for most users.
These words came from one of the most tweaking-hungry guy in the forum ^^

@Umbra
I found some items that are "trusted". I think these are items that I allowed manually when EAM asked for my decision regarding them.
Indeed.
Should they not be better marked as "monitored" if i manually allow them to run?
if you allow them, mean you trust them, so no.
Monitored is mostly when a process has behaviors that could be considered as "potentially suspicious" or "malware-like".
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Hello@Umbra

I understood the purpose of "displaying or hiding a completely reliable program".
Incidentally, recently, the browse display specification of the log has been changed. If you can select the items displayed in such a format, I think that we can correspond widely with geeks in general.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
1. I'm not sure about the changes yet. I just want the option to hide fully trusted applications again and see the Behavior Blocker monitor unknown and known processes in real time like it used to be . I don't understand why you guys removed that feature when your intention is to simplify things. Seeing all processes feels overwhelming and not really helpful to me.

2. Another thing I don't like is how it is arranged.
Right now it's Surf Protection, File Guard, Behavior Blocker

It should be: Behavior Blocker, File Guard, Surf Protection
if that makes sense since Behavior Blocker replaces Application Rules. I don't understand why Surf Protection is the default tab. It's a tab that you only set once and then forget about. Same with File Guard, there isn't much to do. Behavior Blocker is clearly the heart of EAM so why not make it the default tab.

So those are really just UI/UX issues. I have no issues under the hood. Curious to see the next generation Behavior Blocker. (y)
 
Last edited:

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
1. I'm not sure about the changes yet. I just want the option to hide fully trusted applications again and see the Behavior Blocker monitor unknown and known processes in real time like it used to be . I don't understand why you guys removed that feature when your intention is to simplify things. Seeing all processes feels overwhelming and not really helpful to me.

2. Another thing I don't like is how it is arranged.
Right now it's Surf Protection, File Guard, Behavior Blocker

It should be: Behavior Blocker, File Guard, Surf Protection
if that makes sense since Behavior Blocker replaces Application Rules. I don't understand why Surf Protection is the default tab. It's a tab that you only set once and then forget about. Same with File Guard, there isn't much to do. Behavior Blocker is clearly the heart of EAM so why not make it the default tab.

So those are really just UI/UX issues. I have no issues under the hood. Curious to see the next generation Behavior Blocker. (y)

About the protection mechanism, I think that it is probably the flow of protection of online PC.
Filter the first web> Check the downloaded file> Monitor the passed malicious software
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top