Comments on: How to use the Behavior Blocker panel to quickly spot potential threats

By: Mariska

Mariska — Fri, 05 Jun 2015 02:43:00 +0000

In reply to LodeHere.

Are you part of our Emsisoft Anti-Malware Network? This is our online database of millions of programs (good and bad) and EIS performs online lookups of suspicous (or good) programs against the databse. You can be part by adjusting this in the Settings tab of EIS. Either way it would be great if you can submit the program to our support staff (support@emsisoft.com) so they can take a look and determine whether it was a false positive that needs to be labeled as “good” in our database. To learn more, see: http://blog.emsisoft.com/2015/05/08/is-this-file-safe-re-launch-of-the-emsisoft-anti-malware-network/ Thanks!

By: LodeHere

LodeHere — Fri, 29 May 2015 17:47:00 +0000

PS:
I just realized EIS would also detect eventual keyloggers with its behaviour monitoring of all processes. So I don’t really need SpyShelter on top of EIS, even thought SpyShelter is a good program. I’m going to trust EIS fully and remove SpyShelter.

By: LodeHere

LodeHere — Wed, 27 May 2015 04:37:00 +0000

I have SpyShelter, which utilizes HIPS (just as Online Armor also does.) But SpyShelter is listed as “Bad” under reputation in my Behavior Blocker list, while I don’t know why it has been given the category of being bad. As far as I know it is not bad at all.

So I have All Allowed given it, but EIS is still monitoring it, and I can’t change the reputation nor the monitoring status.

I consider this a false positive, but luckily I can still utilize the program. So in the end it doesn’t really matter in the practical sense. But it is giving SpyShelter a bad reputation while it deserves better.

By: techienumber1

techienumber1 — Sat, 23 May 2015 15:08:00 +0000

I used to have trouble blocking all the free loaders on my network so all I did was contact my bro whos account in on the connection and got him to change the wifi frequency to a different one now I have no trouble with free loaders because the frequency is one they cant connect to because its too high for their dongles to connect with

By: Christian

Christian — Fri, 22 May 2015 18:11:00 +0000

In reply to AdolfV. While Malware can be written/modified in a way that signature based detection fails, it can hardly hide its behavior. That's where our behavior blocker succeeds. So far we didn't see many real world samples that can not be detected by this technique. We already detected several state trojans years before anyone knew they even exist. We didn't know that it's state trojans, but we knew that it's trojans. That's enough to protect from them. Giving a 100% guarantee would be unprofessional, but our historic records give a pretty clean picture on that.

By: Alexander Stiven

Alexander Stiven — Fri, 22 May 2015 16:16:00 +0000

About Behavior Blocker, Where is “Monitored Behavior”?.

By: AdolfV

AdolfV — Fri, 22 May 2015 11:03:00 +0000

In reply to Christian. Before professional viruses/malwares, are released out to the targets, the virus writers they do test on all general antivirus manufacturers software, to be ensure this new viruses will stay undiscovered as long as possible. Proof for that I can't find out, because its state secrets as a part of military political, economical strategy, but I still remember Win.32. Duqu/Stuxnet. This you already know Christian. And can you guarantee me I will be 100% secure against state Trojans using Emsisoft? Then I will use Emsisoft IS.

By: Christian

Christian — Thu, 21 May 2015 19:27:00 +0000

In reply to AdolfV. Can you show any proof of that assumption? We would be quite happy to get a malware sample that can't be detected by our behavior blocker. So far we didn't see many.

By: AdolfV

AdolfV — Thu, 21 May 2015 16:21:00 +0000

Behavior blocker, can’t find all threats. There is a lots of kind developed by hackers in suspect countries, and this category threat can’t be detected even not with Emsisoft, or any other antivirus creator.

By: DJRiful

DJRiful — Wed, 20 May 2015 23:36:00 +0000

Nice guide