App Review The Emsisoft Enterprise Security challenge.

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,226
@Andy Ful

This is Kevin from Emsisoft, we received a report about the issue you reported here on the Mawlaretips forums. Please send us all the files you used to bypass our software to support@emsisoft.com. Please include my name in the subject, to ensure that our support team can route the ticket to me. I will forward the files and the link to your video to our development team.
Hi,

I sent the details via support@emsisoft.com.

In the future, we would appreciate if you sent such issues directly to us. This ensures that we get the information promptly and can act on it quickly.

I do not have good experience in submitting POCs. In most cases (unrelated to Emsisoft), the POC's signature is created Instead of solving the issue, and I have a strong impression that I am talking with a bot and not with a human. I hope that this time things will go better.:)
 

Kevin at Emsisoft

From Emsisoft
Verified
Developer
Mar 25, 2024
5
@Andy Ful

Thank you for the information and files used to bypass our software. I have forwarded the ZIP archive, and video link to our development team, and tagged our lab team to take a look at the issue.

I understand the reluctance to submit a POC directly to software vendors/developers. Many are unresponsive or just slow to act. We are a small team and split our time between software improvements, new features, and bug fixes. We do have a bug bounty program and I encourage you to participate. Forgive me if I do not post the link here, as we wish to limit the amount of spam we are receiving on our vulnerability reports channel.
 
Last edited:

Trident

Level 29
Verified
Top Poster
Well-known
Feb 7, 2023
1,817
@Kevin at Emsisoft you've just made Emsisoft look a lot more trustworthy - kudos!

Like @Andy Ful I also have poor experience with submitting PoCs as well as real malware samples (not gonna name and shame but one vendor, out of a huge bunch, classified 4-5 as malicious).

So far, we have Emsisoft replying here and Check Point and Kaspersky contacting Andy directly. Some dismissed it as "non-programmatical" attack.
 

Kevin at Emsisoft

From Emsisoft
Verified
Developer
Mar 25, 2024
5
@Trident if the attack vector allows the malware to bypass active protection, then that is an issue. Our team is looking at the issue and we will take whatever action is necessary to protect against this attack vector. The problem is that it is difficult to differentiate between legitimate and malicious activity in this type of attack. Ideally, it should be intercepted before admin rights are achieved.
 

Ahmed Uchiha

Level 2
Feb 5, 2021
57
@Kevin at Emsisoft you've just made Emsisoft look a lot more trustworthy - kudos!

Like @Andy Ful I also have poor experience with submitting PoCs as well as real malware samples (not gonna name and shame but one vendor, out of a huge bunch, classified 4-5 as malicious).

So far, we have Emsisoft replying here and Check Point and Kaspersky contacting Andy directly. Some dismissed it as "non-programmatical" attack.
So, did Kaspersky contact Andy without the bypass video?
Also, what about ESET and Bitdefender didn't they make a contact for this exploit?
 
  • Like
Reactions: [correlate]

Ahmed Uchiha

Level 2
Feb 5, 2021
57
@Trident if the attack vector allows the malware to bypass active protection, then that is an issue. Our team is looking at the issue and we will take whatever action is necessary to protect against this attack vector. The problem is that it is difficult to differentiate between legitimate and malicious activity in this type of attack. Ideally, it should be intercepted before admin rights are achieved.
will the fix patch be applied to home products too or it's just for enterprise version only?
 

Harputlu

Level 5
Verified
Well-known
Dec 26, 2016
215
Any patch we issue will apply to all editions of our product. Some of the drivers and the service being bypassed are common in all editions. Some of the drivers are business & enterprise-specific drivers.
I renewed the home version for another 1 year
If there are no new product enhancements and features coming, Should I switch to occupational safety?
 
  • Like
Reactions: [correlate]

Kevin at Emsisoft

From Emsisoft
Verified
Developer
Mar 25, 2024
5
I renewed the home version for another 1 year
If there are no new product enhancements and features coming, Should I switch to occupational safety?
@Harputlu The Home edition is the core product that the Business and Enterprise Editions are built on. The protection is identical across all editions. The Business and Enterprise editions have additional features that are specific to those use cases. Such as the ability to install on Windows Server, leverage AD, and EDR, just to name some additional features. Any new Core feature we add to our product line will be deployed across all editions. If the new feature is use case specific it will be applied to the appropriate edition.

Our focus is on developing a lightweight, bloat-free product that focuses on protecting the system. Any feature that does not foster that goal will not be added to our product line. Bloat is something that all the big players in the end-point protection market space suffer from. Having the Home edition installed does not mean you are less protected, you are getting the same level of protection as provided by the Enterprise edition.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top