Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Emsisoft being a tad too responsive?


  • Please log in to reply
10 replies to this topic

#1 IllusionEclipse

IllusionEclipse

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chillin in my Compspace
  • Local time:06:31 AM

Posted 10 August 2014 - 07:05 AM

Now don't get me wrong here. I like Emsisoft and how it operates. But lately I've been playing my usual games from Steam and from some of my online games like Mortal Online and Elsword, when Emsisoft suddenly steps in saying they're giving off suspicious behaviour.

This has gotten my interest piqued as to why Emsisoft would react to my games like this, especially my Steam games. I recently got Planetside 2 and during play Emsisoft came up with 2-3 reactions.

Is this to be expected of Emsisoft? or would this be a cause for concern?


An illusion is as real as the person who sees it, but wouldn't that be an illusion in and of itself?


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,920 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 10 August 2014 - 07:29 AM

Hi IllusionEclipse,
If these games are official Steam games then I'd tend to say that these are false-positives. Any change you can upload the flagged file(s) to http://www.virustotal.com and post a link to the scan results here? I can then have a closer look at this.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:31 PM

Posted 10 August 2014 - 08:03 AM

Also, do you have your settings on the behaviour blocker set to Active Paranoid Mode? The behaviour block does occasionally flag on legit programs (such as AdwCleaner), you can always set up your own rules for Emsisoft to allow these "suspicious" behaviours on a certain file so it will not flag up.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 IllusionEclipse

IllusionEclipse
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chillin in my Compspace
  • Local time:06:31 AM

Posted 10 August 2014 - 08:14 AM

I'll split the list into Steam and Non Steam Games:

Steam:

Crypt of the Necrodancer (This one does use an outside web link within the game for "Specialized gameplay" which i'll explain after the links)
This one had about 2-3 alerts shot at it.

(This next one had 2 different parts shot at)
PlanetSide2
 

PlanetSide2_x86 (VT was having a time scanning the file and kept getting stuck on an endless loop so I'm unable to provide scan results for this file)

Non-Steam:

Mortal Online Launcher.exe

 

(Crypt of the Necrodancer uses a external website from within the game to process mp3 files to an adequate beat for the game to use. The said website is as follows: "https://essentia.epf.edu". However, the site appears to be nonexistant).
 


An illusion is as real as the person who sees it, but wouldn't that be an illusion in and of itself?


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,920 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 10 August 2014 - 10:19 AM

Thank you for the additional information. I can confirm that all these files are perfectly harmless. They are also not digitally signed, which is likely the cause of the alerts.

I modified this in Emsisoft's anti-malware network, meaning that from now on it will automatically trust these files and not show an alert. Please note that it may take a few hours before this change takes effect.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 IllusionEclipse

IllusionEclipse
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chillin in my Compspace
  • Local time:06:31 AM

Posted 10 August 2014 - 05:36 PM

Thanks Elise. 

@Toffee : I've had paranoia mode turned off while running these programs.


An illusion is as real as the person who sees it, but wouldn't that be an illusion in and of itself?


#7 guit30

guit30

  • Members
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Abington, Pa.
  • Local time:03:31 PM

Posted 15 August 2014 - 04:42 AM

I am using Emsisoft AV as a trial use, their support folk do not seem that friendly. I just noticed too, that Win 7 reads this as an anti virus program, so things are slowed down, Om my control panel it says I am running 2 anti virus programs. And Emsisoft has a anti virus program too, I do not run it on paranoid mode yet it is always picking up stuff, And it will not quarantine all of stuff picked up on real time, leaves it in it's log box. I can run a Norton NIS scan and pick up all of this stuff. Lots of complaints in emsisoft forums about it not working as good as It used to, if you need help, they tell you to do adware and something else and get back to the forum for help. They tell you not to e-mail support ,but to use their forums if you have problems,which more and more people are. I don't know what I'm going to do, don't like the slowdown because it is read as an anti virus. I was going to get rid of Norton to save money, but sometimes you get what you pay for. Any Ideas?

Jim      


Eset Nod32 vs 8

Super Anti Spyware

Secunia 2.0


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,920 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 15 August 2014 - 06:06 AM

Hi Jim,

Sorry to hear about your bad experience with Emsisoft. EAM is a full antivirus, which is also why it is recognized as such by the Action Center. Personally I find that EAM slows a system down a lot less than Norton products, but more importantly, independent tests show its detections are quite a lot better.

 

However, an AV is a personal choice, for which reason it is good there are trial versions for almost each security program. :) 

 

They tell you not to e-mail support ,but to use their forums if you have problems,which more and more people are.

 

 
Not sure where you find that E-mail support isn't used or discouraged, but I can assure you thats not the case. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 guit30

guit30

  • Members
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Abington, Pa.
  • Local time:03:31 PM

Posted 16 August 2014 - 07:24 AM

It is advertised as a Anti Malware!! In fact, for 10 more dollars, They claim to be a full AV/AM program. Can I just let my program files back into my computer?

Jim


Eset Nod32 vs 8

Super Anti Spyware

Secunia 2.0


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,920 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:31 PM

Posted 16 August 2014 - 07:49 AM

Malware really is a very generic term. It means anything that does anything malicious to your computer or personal data. Antivirus is a more traditional name, back when Windows was first targeted, this was often by means of a traditional computer virus (a virus is a piece of malware that adds code to an existing file). The first programs that protected a computer against this type of malware where therefore called "antivirus".

Today "antivirus" is just a name given to a program that protects against a large range of threats, just like an antimalware program does. What defines an antivirus as "complete" solution is really more technical (the ability to monitor all running processes, the ability to access them if they need to be stopped or removed, and so on).
 

Can I just let my program files back into my computer?

 

Not sure what you mean by this.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 GT500

GT500

    Authorized Emsisoft Representative


  • Security Colleague
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fortville, Indiana, USA
  • Local time:03:31 PM

Posted 19 August 2014 - 03:32 AM

I'm sorry if I'm a bit late to this discussion (I don't normally monitor BleepingComputer for topics about Emsisoft products), however there is a way to prevent everything in the Steam folder from being monitored by Emsisoft Anti-Malware's protection. Here's what to do:
  • Open Emsisoft Anti-Malware from the icon on the desktop.
  • Click Protection.
  • Select File Guard in the menu at the top.
  • On the right side, roughly in the middle, click on the Manage whitelist button.
  • In the box under Type click the little down arrow and select Folder (you may need to click in the box for the arrow appear).
  • Click in the gray box below Item to make a button with three dots (...) appear, and then click the ... button.
  • Navigate to the directory you wish to exclude, select it, and click OK at the bottom to add it.
  • Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.
For those who don't know, Steam can use the following folders on 32-bit editions of Windows:
C:\Program Files\Steam
C:\Program Files\Common Files\Steam
And the following folders on 64-bit editions of Windows:
C:\Program Files (x86)\Steam
C:\Program Files (x86)\Common Files\Steam
Please note that folder exclusions do not prevent the Behavior Blocker from creating hooks to processes that are running out of those folders, however it will cause the Behavior Blocker to ignore those processes rather than monitoring them. If you have issues that the folders exclusions don't fix, then you can add Process exclusions for individual executables as well to prevent the Behavior Blocker from creating hooks to those processes.

I'll try to keep an eye on this topic for any replies, but please note that I don't receive e-mail notifications from BleepingComputer for some reason, so I might not reply right away.

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users