Advice Request What's good about Emsisoft?

Please provide comments and solutions that are helpful to the author of this topic.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Emsisoft seems quite popular in these forums. It also has a cloud console feature, which I consider a must have so I'm considering it.

I don't understand why it's praised though (not implying it's not good, just don't see data backing the claim),

1) its BB is praised, however how does it compare to ASR rules, is there a complete list of what it blocks? is there a test suite like MS's test suite for ASR?
2) To the best of my understanding, it doesn't look like it supports AMSI, so I wonder how it scores against fileless.
3) there's little data from testing Labs so it's hard to rank it against other products.
4) it's not a full suite, eg while it has exploit mitigation my understanding is that it offers no exploit prevention module similar to MS' Exploit Guard and while its BB can protect from ransomware it lacks something like Controlled Folder Access should malware get past the BB.

I'm not trying to discredit the product, after all I haven't used it but it's hard to evaluate it without lab results and it looks like it's missing features like AMSI.
 
F

ForgottenSeer 823865

First, ex-Emsisoft Community Manager here.

Emsisoft seems quite popular in these forums. It also has a cloud console feature, which I consider a must have so I'm considering it.
And not the strongest features it has.

I don't understand why it's praised though (not implying it's not good, just don't see data backing the claim)
Because despite not being uber popular it has an history of unfailed reliability.

1) its BB is praised, however how does it compare to ASR rules, is there a complete list of what it blocks? is there a test suite like MS's test suite for ASR?
It's BB was originally a standalone product called Mamutu, pioneer of BBs.
In the past, you had access to every of its rules and could even modify them. Since Emsisoft decided to focus on Average Joe, most of those rules are now hidden to avoid misuses.

2) To the best of my understanding, it doesn't look like it supports AMSI, so I wonder how it scores against fileless
Was a year ago.

3) there's little data from testing Labs so it's hard to rank it against other products.
It uses to score very well, but lost points due to some FPs. Then Emsisoft seems the cost/benefits of participating in some test labs not worthy. Note than Emsisoft is a small company and can't afford wasting money on trivial stuff.

4) it's not a full suite, eg while it has exploit mitigation my understanding is that it offers no exploit prevention module similar to MS' Exploit Guard and while its BB can protect from ransomware it lacks something like Controlled Folder Access should malware get past the BB.
Don't compare Windows full spectrum built-in security with an AV.
EAM is only an AV, not a suite. All the security is powered via the dual-engine scanner and BB.

Emsisoft had a suite with homemade firewall but it was abandoned to refocus resources to EAM only. Also Emsisoft consider Windows Firewall good enough to manage connections and have a feature in the BB to reinforce it by preventing unwanted apps to modify its rules.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
First, ex-Emsisoft Community Manager here.


And not the strongest features it has.


Because despite not being uber popular it has an history of unfailed reliability.


It's BB was originally a standalone product called Mamutu, pioneer of BBs.
In the past, you had access to every of its rules and could even modify them. Since Emsisoft decided to focus on Average Joe, most of those rules are now hidden to avoid misuses.


Was a year ago.


It uses to score very well, but lost points due to some FPs. Then Emsisoft seems the cost/benefits of participating in some test labs not worthy. Note than Emsisoft is a small company and can't afford wasting money on trivial stuff.


Don't compare Windows full spectrum built-in security with an AV.
EAM is only an AV, not a suite. All the security is powered via the dual-engine scanner and BB.

Emsisoft had a suite with homemade firewall but it was abandoned to refocus resources to EAM only. Also Emsisoft consider Windows Firewall good enough to manage connections and have a feature in the BB to reinforce it by preventing unwanted apps to modify its rules.

Thanks for this. Did they score among eg top 3 in their latest lab score?

It's great that they support AMSI, I had found an older post in their forums where they said they didn't support it but it looks like it has been added.

Does Window's Exploit Guard still work when Emsisoft is installed then?

Also Windows Firewall is very good but it lacks a good UI, also being able to administer it via Cloud Console for all my machines would had been a 5-star feature on its own right.

Has quality dropped since the focus to the average consumer then? or the product remains good?
 
F

ForgottenSeer 823865

Thanks for this. Did they score among eg top 3 in their latest lab score?
Not in the top 3 but the rank doesn't means much, because a 0.2% or a one point difference on a scale of 6 is negligeable and can't reflect a product real world behavior.


Does Window's Exploit Guard still work when Emsisoft is installed then?
AFAIK, Windows Exploit Guard is not dependent of any AV.

Also Windows Firewall is very good but it lacks a good UI, also being able to administer it via Cloud Console for all my machines would had been a 5-star feature on its own right.
About WF lack of GUI, you can use Malwarebytes Windows Firewall Control.
Indeed the console is a plus non-negligeable.

Has quality dropped since the focus to the average consumer then? or the product remains good?
It is still good, obviously for tweaker like me, it losts attractiveness but most Average Joes like the way it is now.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Not in the top 3 but the rank doesn't means much, because a 0.2% or a one point difference on a scale of 6 is negligeable and can't reflect a product real world behavior.



AFAIK, Windows Exploit Guard is not dependent of any AV.


About WF lack of GUI, you can use Malwarebytes Windows Firewall Control.
Indeed the console is a plus non-negligeable.


It is still good, obviously for tweaker like me, it losts attractiveness but most Average Joes like the way it is now.

Thanks for this, I view it a little different, given that WD is very good, for a paid product the default configuration and its maintenance with future Windows updates and application updates is part of what I pay and it should free up my time.
Of course this only works when the default baseline is already quite tightened without breaking apps, from that point I should have the option to further tighten the setup but a strong baseline and the time costs associated with its maintenance should be included in the price.

Re Malwarebytes firewall control, the downside is not having a unified UI for all security settings, I'm looking to consolidate everything-security into a cloud console and this kind of goes in the opposite direction.

Also, does Emsisoft install any kernel-level code, or it leverages on Windows APIs 100% and it doesn't come with its own kernel module ( I'd view being 100% userspace software as a huge plus ).
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Most of the questions were already answered and Fabian here or other Emsisoft employees on the Emsi forum can answer the more technical ones.
I use and test Emsi since many years.
Advantages are the great support (they answer), the focus on privacy, the performance (it's light) and in general the good protection it offers.
In the last (5+ months) static detection wasn't the best and BB isn't catching up as it did before.
It probably still offers a great protection for the normal user but not for the heavy and risky clicker that might be getting/ looking for a new samples.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Most of the questions were already answered and Fabian here or other Emsisoft employees on the Emsi forum can answer the more technical ones.
I use and test Emsi since many years.
Advantages are the great support (they answer), the focus on privacy, the performance (it's light) and in general the good protection it offers.
In the last (5+ months) static detection wasn't the best and BB isn't catching up as it did before.
It probably still offers a great protection for the normal user but not for the heavy and risky clicker that might be getting/ looking for a new samples.

With the focus towards the median user, does it feel like a black box?
Eg WD does not feel like a black box, it's modules, what each one does and how it's configured are laid out more often than not. On the other hand SHP feels like a black box to me as I'm not aware of exactly what each module does.
How does Emsisoft feel like in that department?
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
WD offers no available settings, unless you use GPO or tools like ConfigDefender which is out of reach of Average Joe.

depends what you mean, eg GPO is well documented and has a good UI, I consider it a good inteface for a single machine ( but not willing to pay intune+E5 to manage all my machines, I'm a person, not an enterprise)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top