Does Emsisoft AM/IS strip out PUPs?

Topic

New Reply

Does Emsisoft AntiMalware (or Internet Security combo) prevent downloaded software with a PUP from installing or will it peel off the PUP and allow the actual software to install?

My current AV/AM/firewall (Vipre, yes, I know) recognizes and alerts to the PUP, which is then prevented from running while the downloaded program (e.g., FileSync) is allowed to install without a problem or any evidence of a PUP. Will Emsisoft do this or just quarantine the entire downloaded FileSync update?

I’m looking to switch out and am seriously considering Emsisoft, but I do rather enjoy how Vipre handles PUPs. No infections ever (knock on wood), but I’m also pretty careful, even paranoid, with on-demand scanners and a very suspicious mind….:rolleyes:

Reply | Quote

Replies

To have a definitive answer, you should submit that question on Emsisoft’s own support forum (http://support.emsisoft.com). PUP detection is optional on EAM (EIS is the same, just adds a firewall), but you are asked if you want it activated when installing.

That said, I am not aware of the specific behavior when detecting PUPs. I am also careful with what I install and haven’t yet got a PUP detected, so I cannot tell you how EAM behaves.

Reply | Quote

Thanks, Rui. I wanted to see what experiences users here (and you) have had, or even if other better AV/AM programs do this. I have also emailed Emsisoft, as I’m not ready at this point to set up an account there; they can always choose to add this as a selling point, if this is a feature.

Reply | Quote

Found this on their support forum:

http://support.emsisoft.com/topic/13605-not-picking-up-pup-in-single-file-scan/

It seems to get preventative PUP detection, you should get the downloaded file to a specific folder and do a custom scan, as per the reasons explained, the engine that detects PUPs is not able to do it when you download the PUP containing file.

So, it seems it doesn’t work quite the way you described. It will detect PUPs after the fact and it won’t prevent an installer with PUP from running. It seems that it will be able to do it only after the installation is completed and then it is able to quarantine it without any need for user intervention (depending on how it is configured).

HTH

Reply | Quote

It seems that it will be able to do it only after the installation is completed and then it is able to quarantine it without any need for user intervention (depending on how it is configured).

Thanks for that, Rui.

I’ve run on-demand scans of these files with both my free MalwareBytes and Emsisoft, and they find the PUPs. The problem is, of course, that dealing with them after the installation is complete is a bit late — not that I zoom through installations without paying attention — I always check everything out as I install, even with routine software updates. I’m looking forward to Emsisoft’s response to my email.

Not really paranoid, just cautious from years of computer experience. (Remember “del *.*”?) 😆

Reply | Quote

Remember PUPs are not actually malware, so if they are removed post installation with success, that may be acceptable. This said, I do think the way you described Vipre to work seems quite a bit better.

Reply | Quote

Well, here’s Emsisoft’s generic response, not specifically addressing the issue of FreeFileSync, which is a preferred and essential program for me and from which installer the “lesser” Vipre easily splits off the associated PUP:

This depends, as many installers make it really hard to peel off the PUP part. We try to do this for things like the JAVA installer which adds ASK toolbar in which case we flag the ASK installer as PUP, but not the JAVA installer. But in many cases the PUPs are cycled and offered in such a shady way, that we consider the installer itself PUP as well.

So I’m left doubting my previous decision to switch out of Vipre and its carefully configured firewall, even though it has fallen in the AV/AM standings since its days as an excellent Sunbelt product, given my other layers of protection, including MBAE and a cautious layer between keyboard and chair-back.

Reply | Quote

Well, here’s Emsisoft’s generic response, not specifically addressing the issue of FreeFileSync, which is a preferred and essential program for me and from which installer the “lesser” Vipre easily splits off the associated PUP:

So I’m left doubting my previous decision to switch out of Vipre and its carefully configured firewall, even though it has fallen in the AV/AM standings since its days as an excellent Sunbelt product, given my other layers of protection, including MBAE and a cautious layer between keyboard and chair-back.

Our security products can be very personal choices, so I won’t say much about it, other than to say that I think there is a big difference between Vipre and EAM. I was also a Vipre user, when Sunbelt launched their renewed product and left a few years ago. PUPs are not malware, even if they are inconvenient.

I would suggest you take advantage of the EAM 30 day free trial and see how it behaves for you, especially with PUPs. If it doesn’t behave as you expect, you can always go back to Vipre.

Reply | Quote

Thanks for the nudge, Rui. Your voice continues to be one of reasoned and kind thoughtfulness.

I’m considering asking Emsisoft if they would switch me from free to a 30-day trial (which I had rejected when I installed it as an on-demand scanner) once my Vipre subscription runs out, since I’d have to uninstall Vipre first, given Vipre’s not playing well with others.

I’m also considering their IS product, rather than OA, being out of my depth on the more granular firewall issues and since, in your discussion with them in their forum, they indicated that they intend to rebuild OA with the new IS technology. I looked through the screenprints of IS that I could find to see if there is enough control there to make me happy when dealing with my more obstreperous programs, but an actual trial would tell me more.

Given their recent blog post, http://blog.emsisoft.com/2014/09/19/whats-the-point-of-having-a-firewall/, it would appear that IS would be sufficient if not “overkill” (their word) having any firewall at all when using a NAT router. That struck me as a rather strange post, coming from Emsisoft.

Reply | Quote

Their support is pretty good in terms of dealing with requests such as the one you mention. I have seen similar situations in their forum and they respond fast and usually in a satisfactory manner.

Regardind EIS vs. EAM + OA, I was disappointed by EIS. I don’t dispute the fact that EIS has a great firewall, but it loses big time to EAM + OA in terms of malware protection. The great characteristic of OA is not the firewall, but the HIPS features, especially the fact that it whitelists all the programs and components that run in your computer. This means every program that runs on your computer needs to be authorized by OA. I see no better way to protect you against unknown malware.

EIS just adds a firewall to EAM and doesn’t include the HIPS features. Although a firewall is still relevant, especially for mobile devices that are used in multiple networks, if it were just for the firewall itself, the native Windows firewall would be enough. That’s why I tried EIS and went back to EAM + OA (with their help, since I had converted my licenses to EIS and they converted them back to EAM + OA).

EAM does behavior blocking and is good at it, but it won’t catch everything (as nothing but whitelisting can do). That’s why I think EAM + OA’s whitelisting is the ultimate combination.

About the blog post, I think that is Emsisoft being Emsisoft. There simply is no reason to fool customers by saying things that are not totally correct or misleading. I think the post describes the reasons to have software firewalls rather well, although I would emphasize a little more the advantage of controlling outgoing traffic – if you do get infected it won’t prevent the infection but it can give you an early warning about it and it can prevent malware from calling home with your data.

Anyway, on my interactions with them, on their forum, they were always honest about their products weaknesses and strong points. That does increase the credibility of Emsisoft, at least for me. They don’t simply try to make a sale, they are honest about what their products do well and what they could do better (the firewall in OA being one such case).

Reply | Quote

Thanks again, Rui. I appreciate your careful analysis and recommendations, which I will probably follow, getting the separate OA. I do, after all, have and use HIPS in my current firewall. I often feel so over my head that it’s good to be able to get advice from more knowledgeable people like you.

Reply | Quote

Thanks again, Rui. I appreciate your careful analysis and recommendations, which I will probably follow, getting the separate OA. I do, after all, have and use HIPS in my current firewall. I often feel so over my head that it’s good to be able to get advice from more knowledgeable people like you.

Please be aware that it may not be a bumpless ride. OA can be a difficult beast to rule and you may need to do somethings as shutting it down before applying Windows Updates or monitoring CPU use and shut it down if it takes too much. I have used for several years and some of my habits may be out of date, as well. Even with all the quirks, I still find invaluable, security wise. I have it on the two laptops used by the family too, so that may be a useful indicator, as well.

I ever can be of help, just come here and shout :).

Reply | Quote

Just received a follow-up response from Emsisoft re FreeFileSync installation:

You should be able install FreeFileSync from their official website without troubles. I just tested and as Tune Up Utilities is not really a PUP, but signed by AVG instead, our security program will not prevent the installation. Although you need to click “no” if you don’t want to install Tune Up during the installation.

Reply | Quote

Just received a follow-up response from Emsisoft re FreeFileSync installation:

Hmm… not quite a very useful reply, is it?

Reply | Quote

Hmm… not quite a very useful reply, is it?

😀 Well, I was glad to note that at least they tested it for me. Sounds like I’ll have to deal with the adware myself. I’d like to see them come up to the level of Vipre and strip those things automatically or with user approval.

Please be aware that it may not be a bumpless ride. OA can be a difficult beast to rule and you may need to do somethings as shutting it down before applying Windows Updates or monitoring CPU use and shut it down if it takes too much. I have used for several years and some of my habits may be out of date, as well. Even with all the quirks, I still find invaluable, security wise. I have it on the two laptops used by the family too, so that may be a useful indicator, as well.

I ever can be of help, just come here and shout .

It’s periodically been a bit bumpy using my current HIPS and now EMET 5.0 — programs are like the people who create them — they don’t all get along. 😆 But I’m a stubborn ol’ cuss, so even if it takes a while, I’ll be danged if the ‘puter “wins”! I may have given my horse her head sometimes, but my computer gets no such quarter. :evilgrin:

Reply | Quote

:).

Reply | Quote

A quick followup: Emsisoft has indeed allowed me to convert my free versions of Emsisoft for both computers to full trial versions, together with trial versions of their Online Armor. A very quick response from them, and I appreciate their generosity in allowing me the time to test and adjust their software to my needs.

Reply | Quote

A quick followup: Emsisoft has indeed allowed me to convert my free versions of Emsisoft for both computers to full trial versions, together with trial versions of their Online Armor. A very quick response from them, and I appreciate their generosity in allowing me the time to test and adjust their software to my needs.

Excellent :).

Reply | Quote

Can one of you help me out with this: I have Emsisoft and Avast set to remove and quarantine a whole zipfile rather than auto-fix or remove only the problem. Have you had great success with auto-fix of a zipfile [cotaining several or many files]? I’m not exactly sure just constitutes a PUP to Avast and Emsisoft. Should I start a new thread?

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

Roland,

Yes, I would start a new thread with your question, so others will notice and respond to your specific question.

I am unaware of any specific setting in Emsisoft that tells it to strip out bad or questionable files from a zip file instead of quarantining the entire archive, though I would be interested in others’ experience with that; it’s quite possible that it does that on its own in some cases without any user setting. I have no experience with Avast.

MA

Reply | Quote

gone to new thread…thanks Mountain Aerie!

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote