This is how it works:

Every time you visit a new website, it sends a calculated hash value of the domain name to our servers once, and then receives a list of matching patterns that are applied locally on your computer. Those patterns are then kept for successive visits of pages on the same host/domain, which not only significantly speeds up the matching, but also ensures that Emsisoft and its employees will never know what you’re doing on a particular website.

Note that most similar browser extensions send each visited website address to some cloud servers, allowing their vendors to track all your web browsing activities.

Installation

When running Emsisoft Anti-Malware, it will ask you to install Emsisoft Browser Security, if the setting “Browser Security verification” in “Notifications” settings is enabled:

• Install now: Will open the browser extension store where you then can easily click the install button
• Later:  You will be reminded again in 4 hours.
• Don’t install: No more installation requests. Disables the “Notifications” setting “Browser Security verifications”.

Note that the option “Don’t show again” is not available to users who do not have admin permissions in Emsisoft Anti-Malware.

Manual installation is required because browser extensions run in a separated security context that prevents direct communication with Emsisoft Anti-Malware. The extension gets continuously updated through the extension stores.

Emsisoft Browser Security works independently of Emsisoft Anti-Malware. It manages its own Exclusions list, which is synchronized across your devices by your browser when logged in.

Emsisoft Browser Security can be obtained free of charge from the extension stores:

• Get Emsisoft Browser Security for Chrome
• Get Emsisoft Browser Security for Firefox
• Get Emsisoft Browser Security for Edge

The extension can also be used by other Chromium based browsers that come with support for Chrome extensions, such as Opera and others. Please see their user guides for how to install Chrome extensions.

The post Emsisoft Browser Security appeared first on Emsisoft Help.

• Monitored – by the Behavior Blocker.
• Not monitored – i.e. system processes, whose monitoring is not supported.
• Trusted – by means of an application rule.
• Blocked – by means of an application rule.
• Excluded – by means of a matching exclusion.

Note: Anti-Ransomware and Behavior Blocker features are connected because they rely on the same core technology.

The search box above the list allows you to search the list for specific processes, Id’s, descriptions, companies or status.

Right-click on a process in the list to open a context menu providing the following actions:

• Edit rule – Opens the Application Rules dialog to a blank rule for this process (or an existing rule if one is available), providing fast access to rule creation for the process.
• Quarantine program – Sends the process to Quarantine.
• End process – Terminates the process.
• Open file location – Opens the folder where this process is located on your computer.
• File properties – Opens a dialog displaying information on the file including file path, file hashes, publisher details, whether the file is digitally signed and the file’s Anti-Malware Network reputation.

You can also configure the default action that the Behavior Blocker takes when it encounters a suspicious program:

• Suspicious programs – Choose whether the Behavior Blocker should [Auto resolve, notifications for threats only], [Auto-resolve with lookup notifications] or [Alert] from the drop down menu. Both [Auto resolve, notifications for threats only] and [Auto-resolve with lookup notifications] require that [Lookup reputation of programs] is enabled in Settings/Privacy.
• Add application rule – Opens the Application Rules dialog to a blank rule, providing fast access to rule creation for a process.
• Edit rule – Opens the Application Rules dialog to a blank rule for this process (or an existing rule if one is available), providing fast access to rule creation for the selected process.

For more information regarding the Behavior Blocker, please see our comprehensive guide.

The post Behavior Blocker and Anti-Ransomware appeared first on Emsisoft Help.

The following options are available for customization of the File Guard:

• Scan level – The slider control allows you to balance the File Guard’s scan level between best performance and best protection as follows:
  • Default – Scans programs when they are started. This option has the least effect on the performance of your system while still ensuring that Malware is prevented from executing. Inactive malware may remain undetected until you run a manual scan. This is the recommended setting.
  • Thorough – Scans all files when they are created or modified, for example when a file is downloaded or copied onto your computer from a USB stick. Since files are not an immediate threat unless they are executed, this option may find inactive malware sooner, but your machine is still protected with the default setting. If you do not experience performance issues, this is still a reasonable setting to use.
  • Paranoid – Scans all files when they are read by any program so that simply selecting a file is sufficient to cause it to be scanned. On a typical computer, there are usually thousands of files being read in the background every minute, so this option naturally slows down the overall performance of your computer quite dramatically. We don’t recommend making use of it, but keep it available for those who want to be absolutely sure everything gets immediately detected without delays. This can be useful for temporary use in situations where Emsisoft Anti-Malware is installed on an already-infected computer, to aid in cleanup.

You can configure the default actions to take for each of the following types of File Guard detections:

• Malware detections – Choose how you want the File Guard to behave when Malware is detected by selecting either [Alert], [Quarantine silently], or [Quarantine with notification] from the drop down menu.
• PUP detections – Choose how you want the File Guard to behave when Potentially Unwanted Programs are detected by selecting either [Alert], [Quarantine silently], [Quarantine with notification], or [No detection] from the drop down menu.

For more information regarding File Guard, please see our comprehensive guide.

The post File Guard appeared first on Emsisoft Help.

What does Web Protection actually do?

Web Protection keeps watch as you browse the web and warns you when you try to access a malicious website. By blocking your connection to dangerous hosts, Web Protection prevents data from being exchanged and minimizes the risk of malware infecting your machine.

A host can be defined as a website domain such as www.google.com or an IP address that might contain data for several domains. Hackers often use single physical servers with unique IP addresses that dozens of different domains point to. Emsisoft’s Web Protection is able to detect new malware domains reliably and halts all exchange of data – unless you as the user explicitly grant access.

Emsisoft Web Protection Notification

One of the key benefits of Web Protection is that it intercepts connections at the Windows system level. This ensures that Web Protection not only works with browsers but almost all programs, and doesn’t require compatibility updates whenever a new version of your browser is released.

How does Emsisoft’s Web Protection recognize suspicious hosts?

In addition to a massive collection of conventional malware signatures, Emsisoft Anti-Malware also has a huge database of known malicious and otherwise dangerous hosts. The data is gathered from publicly available lists, intel from specialized companies that Emsisoft has partnered with, and verified user submissions. To keep the database up to date and provide maximum security against the latest malicious websites, new threats are continually added and the list is updated every 15 minutes.

There are different categories of suspicious hosts:

• Malicious hosts: Suspected to spread malicious software such as bots, ransomware, trojans, adware, rootkits or viruses, and phishing hosts that attempt to steal your passwords via fake clones of well-known websites.
• Unwanted hosts: Engaged in distribution of potentially unwanted programs.

How to configure Web Protection

Emsisoft Anti-Malware’s default settings offer maximum security and are simple to use. However, you can change the settings at any time to meet your individual needs.

Emsisoft Web Protection settings

How to add a new host rule

You can add your own custom host rules that overwrite the built-in blocklist by clicking ‘Add new rule’. There you can specify if you want to use a simple text based matching on the host name/IP, or a more complex Regular Expression based matching pattern. See: What is a RegEx?

How to change custom host rules

Double-click a rule or select a rule and click ‘Edit rule’ to open the edit window.

Host rules feature the following actions:

• Don’t block: Allows access to the host without asking.
• Alert: Alerts about access, and lets you decide whether to block or to allow it.
• Block and notify: Blocks the connection automatically and displays a notification pop-up window to let you know about it.
• Block silently: Blocks the connection, but does not show any notification.

We recommend using the default setting “Block and notify” so that you will know immediately when a connection has been blocked. This may keep you from wondering why a certain website has not loaded.

How to import a third party hosts file

The hosts file is part of Windows and is located in c:\windows\system32\drivers\. It is used for overriding DNS settings by redirecting certain domains to certain IP addresses in a targeted manner. Various hosts file lists are available to download online and this has been a popular method used by people to build their own form of “web protection” with tools that come with Windows. Malicious domains are then redirected to the local IP 127.0.0.1 or the invalid endpoint 0.0.0.0, which both neutralize them.

There are some disadvantages to this approach, though. You never know when a connection has been redirected, and a large hosts file can slow down your system’s performance. There are also no automatic updates, so you have to keep your hosts file list up-to-date yourself.

If you wish to use third-party hosts file lists, we recommend you import them directly into Emsisoft Anti-Malware instead, by using the “Import hosts file” option which allows you to import individual entries as well as larger lists in one go. Unlike using a custom Windows host file, importing a third-party list into Emsisoft Anti-Malware’s Web Protection, will not slow down your system. Use of third-party lists is purely optional – most entries are already on the built-in list that is updated every 15 minutes.

How is Web Protection different to Browser Security?

The difference is in the technical approach. Web Protection works like a local firewall that blocks connections to known bad domains/IPs. That works system-wide with all programs, not just browsers.

Browser Security on the other hand is a browser extension that runs inside the (typically sandboxed) browser process and therefore can look at the full URL path, not just the domain/IP. That means it can do more sophisticated filtering using RegEx matching to alert specific areas of a website only.

Imagine a malware file is stored somewhere on drive.google.com. Web Protection would only be able to block Google Drive as a whole, which is impractical as it would also block access of millions of users to their data too. But the browser extension can match with a single path where the malware file is located.

See Browser Security for details.

The post Web Protection appeared first on Emsisoft Help.