App Review The Emsisoft Enterprise Security challenge.

[Andy Ful]

@Andy Ful

This is Kevin from Emsisoft, we received a report about the issue you reported here on the Mawlaretips forums. Please send us all the files you used to bypass our software to support@emsisoft.com. Please include my name in the subject, to ensure that our support team can route the ticket to me. I will forward the files and the link to your video to our development team.

Hi,

I sent the details via support@emsisoft.com.

In the future, we would appreciate if you sent such issues directly to us. This ensures that we get the information promptly and can act on it quickly.

I do not have good experience in submitting POCs. In most cases (unrelated to Emsisoft), the POC's signature is created Instead of solving the issue, and I have a strong impression that I am talking with a bot and not with a human. I hope that this time things will go better.

 

[Kevin at Emsisoft]

@Andy Ful

Thank you for the information and files used to bypass our software. I have forwarded the ZIP archive, and video link to our development team, and tagged our lab team to take a look at the issue.

I understand the reluctance to submit a POC directly to software vendors/developers. Many are unresponsive or just slow to act. We are a small team and split our time between software improvements, new features, and bug fixes. We do have a bug bounty program and I encourage you to participate. Forgive me if I do not post the link here, as we wish to limit the amount of spam we are receiving on our vulnerability reports channel.

 

[Digmor Crusher]

Kevin, thanks for the interest and reply in this forum. As far as I know your the only vendor who has posted here about this issue.

 

[Trident]

@Kevin at Emsisoft you've just made Emsisoft look a lot more trustworthy - kudos!

Like @Andy Ful I also have poor experience with submitting PoCs as well as real malware samples (not gonna name and shame but one vendor, out of a huge bunch, classified 4-5 as malicious).

So far, we have Emsisoft replying here and Check Point and Kaspersky contacting Andy directly. Some dismissed it as "non-programmatical" attack.

 

[Kevin at Emsisoft]

@Trident if the attack vector allows the malware to bypass active protection, then that is an issue. Our team is looking at the issue and we will take whatever action is necessary to protect against this attack vector. The problem is that it is difficult to differentiate between legitimate and malicious activity in this type of attack. Ideally, it should be intercepted before admin rights are achieved.

 

[Ahmed Uchiha]

@Kevin at Emsisoft you've just made Emsisoft look a lot more trustworthy - kudos!

Like @Andy Ful I also have poor experience with submitting PoCs as well as real malware samples (not gonna name and shame but one vendor, out of a huge bunch, classified 4-5 as malicious).

So far, we have Emsisoft replying here and Check Point and Kaspersky contacting Andy directly. Some dismissed it as "non-programmatical" attack.

So, did Kaspersky contact Andy without the bypass video?
Also, what about ESET and Bitdefender didn't they make a contact for this exploit?

 

[Ahmed Uchiha]

@Trident if the attack vector allows the malware to bypass active protection, then that is an issue. Our team is looking at the issue and we will take whatever action is necessary to protect against this attack vector. The problem is that it is difficult to differentiate between legitimate and malicious activity in this type of attack. Ideally, it should be intercepted before admin rights are achieved.

will the fix patch be applied to home products too or it's just for enterprise version only?

 

[Kevin at Emsisoft]

will the fix patch be applied to home products too or it's just for enterprise version only?

Any patch we issue will apply to all editions of our product. Some of the drivers and the service being bypassed are common in all editions. Some of the drivers are business & enterprise-specific drivers.

 

[Harputlu]

Any patch we issue will apply to all editions of our product. Some of the drivers and the service being bypassed are common in all editions. Some of the drivers are business & enterprise-specific drivers.

I renewed the home version for another 1 year
If there are no new product enhancements and features coming, Should I switch to occupational safety?

 

[Kevin at Emsisoft]

I renewed the home version for another 1 year
If there are no new product enhancements and features coming, Should I switch to occupational safety?

@Harputlu The Home edition is the core product that the Business and Enterprise Editions are built on. The protection is identical across all editions. The Business and Enterprise editions have additional features that are specific to those use cases. Such as the ability to install on Windows Server, leverage AD, and EDR, just to name some additional features. Any new Core feature we add to our product line will be deployed across all editions. If the new feature is use case specific it will be applied to the appropriate edition.

Our focus is on developing a lightweight, bloat-free product that focuses on protecting the system. Any feature that does not foster that goal will not be added to our product line. Bloat is something that all the big players in the end-point protection market space suffer from. Having the Home edition installed does not mean you are less protected, you are getting the same level of protection as provided by the Enterprise edition.

 

[Shadowra]

@Kevin at Emsisoft
Well done for reacting, at least you're listening to the testers
(I'm preparing a full review of Emsisoft 2024 )

 

[BigWrench]

@Kevin at Emsisoft
Well done for reacting, at least you're listening to the testers
(I'm preparing a full review of Emsisoft 2024 )

Soon, hopefully. Looking forward to it