notabot

Level 13
Emsisoft seems quite popular in these forums. It also has a cloud console feature, which I consider a must have so I'm considering it.

I don't understand why it's praised though (not implying it's not good, just don't see data backing the claim),

1) its BB is praised, however how does it compare to ASR rules, is there a complete list of what it blocks? is there a test suite like MS's test suite for ASR?
2) To the best of my understanding, it doesn't look like it supports AMSI, so I wonder how it scores against fileless.
3) there's little data from testing Labs so it's hard to rank it against other products.
4) it's not a full suite, eg while it has exploit mitigation my understanding is that it offers no exploit prevention module similar to MS' Exploit Guard and while its BB can protect from ransomware it lacks something like Controlled Folder Access should malware get past the BB.

I'm not trying to discredit the product, after all I haven't used it but it's hard to evaluate it without lab results and it looks like it's missing features like AMSI.
 

Umbra

Level 10
Verified
First, ex-Emsisoft Community Manager here.

Emsisoft seems quite popular in these forums. It also has a cloud console feature, which I consider a must have so I'm considering it.
And not the strongest features it has.

I don't understand why it's praised though (not implying it's not good, just don't see data backing the claim)
Because despite not being uber popular it has an history of unfailed reliability.

1) its BB is praised, however how does it compare to ASR rules, is there a complete list of what it blocks? is there a test suite like MS's test suite for ASR?
It's BB was originally a standalone product called Mamutu, pioneer of BBs.
In the past, you had access to every of its rules and could even modify them. Since Emsisoft decided to focus on Average Joe, most of those rules are now hidden to avoid misuses.

2) To the best of my understanding, it doesn't look like it supports AMSI, so I wonder how it scores against fileless
Was a year ago.

3) there's little data from testing Labs so it's hard to rank it against other products.
It uses to score very well, but lost points due to some FPs. Then Emsisoft seems the cost/benefits of participating in some test labs not worthy. Note than Emsisoft is a small company and can't afford wasting money on trivial stuff.

4) it's not a full suite, eg while it has exploit mitigation my understanding is that it offers no exploit prevention module similar to MS' Exploit Guard and while its BB can protect from ransomware it lacks something like Controlled Folder Access should malware get past the BB.
Don't compare Windows full spectrum built-in security with an AV.
EAM is only an AV, not a suite. All the security is powered via the dual-engine scanner and BB.

Emsisoft had a suite with homemade firewall but it was abandoned to refocus resources to EAM only. Also Emsisoft consider Windows Firewall good enough to manage connections and have a feature in the BB to reinforce it by preventing unwanted apps to modify its rules.
 

notabot

Level 13
First, ex-Emsisoft Community Manager here.


And not the strongest features it has.


Because despite not being uber popular it has an history of unfailed reliability.


It's BB was originally a standalone product called Mamutu, pioneer of BBs.
In the past, you had access to every of its rules and could even modify them. Since Emsisoft decided to focus on Average Joe, most of those rules are now hidden to avoid misuses.


Was a year ago.


It uses to score very well, but lost points due to some FPs. Then Emsisoft seems the cost/benefits of participating in some test labs not worthy. Note than Emsisoft is a small company and can't afford wasting money on trivial stuff.


Don't compare Windows full spectrum built-in security with an AV.
EAM is only an AV, not a suite. All the security is powered via the dual-engine scanner and BB.

Emsisoft had a suite with homemade firewall but it was abandoned to refocus resources to EAM only. Also Emsisoft consider Windows Firewall good enough to manage connections and have a feature in the BB to reinforce it by preventing unwanted apps to modify its rules.
Thanks for this. Did they score among eg top 3 in their latest lab score?

It's great that they support AMSI, I had found an older post in their forums where they said they didn't support it but it looks like it has been added.

Does Window's Exploit Guard still work when Emsisoft is installed then?

Also Windows Firewall is very good but it lacks a good UI, also being able to administer it via Cloud Console for all my machines would had been a 5-star feature on its own right.

Has quality dropped since the focus to the average consumer then? or the product remains good?
 

Umbra

Level 10
Verified
Thanks for this. Did they score among eg top 3 in their latest lab score?
Not in the top 3 but the rank doesn't means much, because a 0.2% or a one point difference on a scale of 6 is negligeable and can't reflect a product real world behavior.


Does Window's Exploit Guard still work when Emsisoft is installed then?
AFAIK, Windows Exploit Guard is not dependent of any AV.

Also Windows Firewall is very good but it lacks a good UI, also being able to administer it via Cloud Console for all my machines would had been a 5-star feature on its own right.
About WF lack of GUI, you can use Malwarebytes Windows Firewall Control.
Indeed the console is a plus non-negligeable.

Has quality dropped since the focus to the average consumer then? or the product remains good?
It is still good, obviously for tweaker like me, it losts attractiveness but most Average Joes like the way it is now.
 

notabot

Level 13
Not in the top 3 but the rank doesn't means much, because a 0.2% or a one point difference on a scale of 6 is negligeable and can't reflect a product real world behavior.



AFAIK, Windows Exploit Guard is not dependent of any AV.


About WF lack of GUI, you can use Malwarebytes Windows Firewall Control.
Indeed the console is a plus non-negligeable.


It is still good, obviously for tweaker like me, it losts attractiveness but most Average Joes like the way it is now.
Thanks for this, I view it a little different, given that WD is very good, for a paid product the default configuration and its maintenance with future Windows updates and application updates is part of what I pay and it should free up my time.
Of course this only works when the default baseline is already quite tightened without breaking apps, from that point I should have the option to further tighten the setup but a strong baseline and the time costs associated with its maintenance should be included in the price.

Re Malwarebytes firewall control, the downside is not having a unified UI for all security settings, I'm looking to consolidate everything-security into a cloud console and this kind of goes in the opposite direction.

Also, does Emsisoft install any kernel-level code, or it leverages on Windows APIs 100% and it doesn't come with its own kernel module ( I'd view being 100% userspace software as a huge plus ).
 

Umbra

Level 10
Verified
I think you should take a look at their forum, they will be able to answer most of your technical questions.
It will be more than 2 years I ended my contract with them so I'm not up to date of the changes they may have made.
 

Solarquest

Moderator
Verified
Staff member
Malware Hunter
Most of the questions were already answered and Fabian here or other Emsisoft employees on the Emsi forum can answer the more technical ones.
I use and test Emsi since many years.
Advantages are the great support (they answer), the focus on privacy, the performance (it's light) and in general the good protection it offers.
In the last (5+ months) static detection wasn't the best and BB isn't catching up as it did before.
It probably still offers a great protection for the normal user but not for the heavy and risky clicker that might be getting/ looking for a new samples.
 

notabot

Level 13
Most of the questions were already answered and Fabian here or other Emsisoft employees on the Emsi forum can answer the more technical ones.
I use and test Emsi since many years.
Advantages are the great support (they answer), the focus on privacy, the performance (it's light) and in general the good protection it offers.
In the last (5+ months) static detection wasn't the best and BB isn't catching up as it did before.
It probably still offers a great protection for the normal user but not for the heavy and risky clicker that might be getting/ looking for a new samples.
With the focus towards the median user, does it feel like a black box?
Eg WD does not feel like a black box, it's modules, what each one does and how it's configured are laid out more often than not. On the other hand SHP feels like a black box to me as I'm not aware of exactly what each module does.
How does Emsisoft feel like in that department?