Overview:
Sometimes, applications as games, small customized apps or even business software are erroneously flagged as dangerous, even though they are safe to use. This may happen when an application is not digitally signed.
In a perfect world, all legitimate software would be digitally signed. Code signing is the process of digitally signing executables and scripts to confirm the software author and to guarantee that the code has not been altered or corrupted from the moment of his publication.
Malware is known for not being digitally signed. For this reason, unsigned apps will be flagged by your Anti-Malware as a precaution, giving you the choice to allow them into your system or block them.

How do deal with quarantined program:
If a program is flagged as dangerous and you are not sure if it is safe to use or not, it is best to leave it in the Quarantine.
Emsisoft gives you the possibility to share the info of this software to our lab for analysis directly, comfortably from the Quarantine panel. Here’s how:

1. Open the local Emsisoft app on the computer.
2. Click on: Quarantine in the blue tab: Scan & Clean
3. Highlight the file
4. Then click on: False Detection. Please include your accurate email address so we can reply. Please make sure to also fill out the info about the alert and the program.
5. Then please click the: Send button

Once our lab receives the files information, we can analyze how safe that software is.
If it is safe, we will then whitelist it if it is legitimate and allow it through the anti-malware. Will reply to you, so that you can then restore the file by clicking on the file in the Quarantine and by clicking: Restore.

You can also submit the file causing the detection via email to our lab: fp@emsisoft.com so we can analyze and correct the suspected false detection.
If the file is too large to send, please upload it to Virustotal and send us the web address of the scan result via email to submit@emsisoft.com or send us the file via wetransfer.com to submit@emsisoft.com

Files that were tested by us and are not digitally signed need to be added to Monitoring Exclusions, otherwise it will be flagged again each time it is updated without the necessary certificate.
If you are CERTAIN that the program is OK, you can add it directly to the Monitoring Exclusions.

The post False positives: Why did Emsisoft quarantine a safe program? appeared first on Emsisoft Help.

Risk levels include:

• PUP: PUPs are potentially unwanted programs. These programs are often installed as part of bundles by unsuspecting users.
• PUM: PUMs are potentially unwanted modifications. These are setting modifications made by applications and malware that restrict or hinder access to your system.
• Malware: Malware is malicious software, an umbrella term for all kinds of digital pests and threats like computer viruses, trojans, or ransomware. In essence, everything detected that is not a PUP or PUM.

Right-click in the diagnosis list to open a context menu providing the following actions:

• Select all – Selects all objects in the list
• Select none – Deselects all objects on the list
• Invert – Deselects all selected objects or selects all unselected objects
• Add to exclusions – Add all selected objects to exclusions so that these objects will then be ignored by the next scan.
• Submit as false alert – Submit the file to our Malware Lab for investigation as a possible false alert.
• Open file location – Opens the folder where the file is located on your computer.

The buttons Quarantine selected and Delete selected allow for management of any detected objects. We recommend always selecting Quarantine selected because this is the only way of being able to recover any files that were removed due to false alerts (so-called false positives).

The New scan button takes you back to the main Scan section where you can again choose a scan type and begin a new scan.

The View report button opens a log file showing detailed information about the scan. Scan reports can also be accessed later from the Logs section of the program.

The post How to handle detected threats appeared first on Emsisoft Help.

• Detect Potentially Unwanted Programs (PUPs) – PUPs are programs that are not dangerous by definition, but are usually unwanted by most users as they display ads or manipulate browsers. 
• Performance impact – Advises Windows to give the scanning threads the specified priority over other running processes. Priority can be set to a minimum to avoid negatively affecting the performance of other active tasks, e.g. when running lengthy background scans. 
  • Scan with highest priority for best speed – Define whether all CPU cores will be used with highest thread priority for best speed. 
  • Reduced priority for improved multitasking – Define whether two CPU cores will be saved for improved multitasking. 
• On scan completion – If you are scanning a large number of files that are expected to take a long time then you may wish to use the On scan completion setting to define what the program should do when the scan finishes: 
  • Report only – Report the results of the scan but do not automatically perform any other actions. 
  • Report only + computer shutdown – Report the results of the scan but do not automatically perform any other actions and shutdown the computer. 
  • Quarantine detections – Automatically move all detected objects into quarantine immediately after the scan finishes. 
  • Quarantine detections + computer shutdown – Automatically move all detected objects into quarantine immediately after the scan finishes and shutdown the computer. 

The post Scanner Settings appeared first on Emsisoft Help.

Scheduled scans can run unattended, which means they can run without showing the scan screen or scan progress to the user. Unattended scans can run if no user is logged on in Windows. The animated scan icon (magnifier glass in the system tray) indicates that an unattended scan is running. You can open the scanner window by clicking on the animated system tray icon. If you close the scanner window, the scan will continue. Unattended scan results are notified as follows:

• If no administrator account is logged in: the scan results are saved to the scan log.
• If one administrator account is logged in: the Scanner window will appear, to provide you with information.
• If more than one administrator account is logged in: a notification will be shown to all administrator accounts. For the administrator whom confirms first, the Scanner window will appear. notifications for the other administrator accounts will be closed automatically.
• Don’t start scheduled scans in Game Mode – Prevents interruptions in resource intensive games by ensuring that scheduled scans don’t start if Game Mode is active.

Clicking on the Add new scan button (or clicking an existing scan job tile if you wish to edit it) opens a dialog with the following tabs for configuring scan time, frequency and other advanced options:

When

Scan the computer

• Every [x] hour [x] min between [x] and [x] – At specified hour/minute intervals during selected time frames (e.g every 5 hours between 12:00 AM and 11:59 PM).
• At [x] – Run at a set time (e.g 1.00 PM).
• After – PC startup/Online update

Recur

• Monthly – On a particular day of the month (e.g. the 1st of every month).
• Weekly – On selected days of the week ( e.g. only on Fridays and Saturdays).
• Daily – Every day.

The checkbox Enabled indicates whether this specific scan is currently enabled or disabled. The Run now button allows you to manually start this scan and the Delete schedule button allows you to remove this scan from the list of scheduled scans.

What

Scan type – The dropdown menu allows you select from either [Quick Scan], [Malware Scan], or [Custom Scan]. If Custom Scan is selected, a Configure button will be visible and open a further dialog with all Custom Scan settings.

Advanced settings

• Update before scanning – Configures the software to check for updates before performing the scheduled scan, if the last update was more than 30 minutes ago. It is recommended that you enable this option if automatic updates are disabled or set to a long interval. This option will be unavailable when “After online update” is selected in the “When” tab.
• Scan silently – Configures the scheduled scan to run invisibly to prevent disruption to your work. An animated system tray icon is displayed to indicate the active scan. You can open the scanner window by clicking on the animated system tray icon.
• Run missed scans on next startup – If the computer is not turned on at the specified time, the missed scan will be executed when you next start the computer, unless more than a third of the time before the next scan interval has already passed.
• Detect Potentially Unwanted Programs (PUPs) – PUPs are programs that are not dangerous by definition, but are usually unwanted by most users as they display ads or manipulate browsers. Value is copied from Scanner settings but can be changed here.
• Performance impact – Advises Windows to give the scanning threads the specified priority over other running processes. Priority can be set to a minimum to avoid negatively affecting the performance of other active tasks, e.g. when running lengthy background scans. Value is copied from Scanner settings but can be changed here.
• On scan completion– If you are scanning a large number of files that are expected to take a long time then you may wish to use the On scan completion setting to define what the program should do when the scan finishes. Value is copied from Scanner settings but can be changed here.

The checkbox Enabled indicates whether this specific scan is currently enabled or disabled. The Run now button allows you to manually start this scan and the Delete schedule button allows you to remove this scan from the list of scheduled scans.

The post Scheduled Scan appeared first on Emsisoft Help.

Use the Add folder and Remove folder buttons to add or remove folders to be scanned.

Under Scan Objects you can enable or disable the following options:

• Scan memory for active Malware – Scans all currently loaded programs and their components.
• Scan for Malware Traces – Malware Traces are manipulated registry settings or non-executable Malware data or configuration files that are indicative of an infection.

If you only want to scan files within a certain folder, you will want to disable the above options as they apply to scanning for Malware system wide rather than only in selected folders.

Under Scan Settings you can configure detailed settings for the actual scan by enabling or disabling the following options:

• Detect Potentially Unwanted Programs (PUPs) – PUPs are applications that are usually bundled with and installed alongside other useful programs, which causes many users to install them accidentally. Although they are not a security risk, they can affect your computer’s performance and speed, and in some cases cause a change in behavior.
• Scan in compressed archives (zip, rar, cab) – Malware sometimes hides in compressed archives. Please note that scanning of archives may take extra time.
• Scan in email data files – Supported formats include Outlook, Thunderbord, The Bat! and more. Please note that scanning of such files may take a while.
• Scan in NTFS Alternate Data Streams – Data streams are hidden layers in regular files that may be used to hide malicious code.

If you wish to repeat a Custom Scan in the future, you can save the configuration to a scan settings file via the Save settings. button and load it at any time via the Load settings button.

Click the Next button to start the Custom Scan.

The post Custom Scan appeared first on Emsisoft Help.

• Quick Scan – Scans only active programs and checks for Malware traces. Run a Quick Scan if you are sure that the system is clean (e.g. if you have a freshly installed operating system and want to complete setup quickly.)
• Malware Scan – Scans all places that Malware typically infects. A Malware Scan is the best choice for most users. It’s fast and thoroughly examines the whole computer for any active Malware infections.
• Custom Scan – All scanner settings can be manually set and stored for later use. This is particularly useful if you want to scan additional drives for any inactive Malware files.

If you would like to learn more about the scan types, please read this article.

You can continue using your computer as usual while a scan is running but please note that the performance of the computer is reduced while a scan is running and the scan will take longer if your normal work is very resource intensive.

During the scan, the diagnosis list shows the details of all detected objects. The progress bar shows the percentage of the scan that has been completed and lists the path of the object that is currently being scanned. The statistics below the progress bar display the number of objects that have been scanned, detected and cleaned.

The Pause button temporarily pauses the scan until the user continues the scan by clicking the Resume button. The Stop button aborts the current scan. Please wait until the scan has finished before deleting or quarantining detected objects. The On scan completion button described earlier remains available while the scan is in progress.

The post Understanding the different types of scans appeared first on Emsisoft Help.