EmsisoftAnti-Malware Tutorial |
|
|
These instructions for Emsisoft Anti-Malware relate to software version 5.0 and provide an easy to understand explanation of how to install and configure Emsisoft Anti-Malware.
1. Program DescriptionEmsisoft Anti-Malware monitors all active programs in real time for dangerous behavior (Behavior Blocking) and can detect new unknown Trojans, Worms, Viruses and other damaging programs (Zero-Day dangers) without daily updates. The signature-based security (Emsisoft and Ikarus double engine) ensures a very high recognition rate of known Malware such as Trojans, Worms and Viruses. 2. InstallationAlways download the latest setup file to install Emsisoft Anti-Malware: http://www.emsisoft.com/en/software/antimalware/ Start the downloaded file (a2AntiMalwareSetup.exe) and follow the instructions of the setup wizard. During installation, you can decide where the software is to be installed and whether shortcuts are to be created on the Desktop and in the Quick Launch Toolbar. After installation, start the Emsisoft Anti-Malware Security Wizard as recommended Deinstallation Deinstallation of Emsisoft Anti-Malware is done using the Uninstaller provided. You reach this via Start/Programs/Emsisoft Anti-Malware/Uninstall Emsisoft Anti-Malware or via the Windows Control Panel/Add or Remove Programs (Windows 2000/Windows XP) or Windows Control Panel/Programs and Features (Windows Vista/7). 2.1 Security Wizard
The Security Wizard automatically starts the first time you run Emsisoft Anti-Malware. The wizard helps you to set up an optimum security configuration on your PC and guides you step-by-step through the settings. You are first requested to select a suitable license scheme. Three schemes are available.
2.1.1 Creating a user account / Enabling an email address
A free user account is required for managing your license(s). This user account is assigned to all your licenses, including the 30-day test license and the Freeware license. The user account consists of a name, an email address and a password. After you click the "Create" button a data entry screen for creating a user account is displayed and you must enter the following information:
Subscription to the (free) newsletter is optional and can be cancelled at any later time. Click the "Register" button after you have filled out all the fields. An email is now sent to the specified email address but please note that this may take a couple of minutes to arrive. In addition to a greeting the email also contains an activation link. You must click this link once in order to finally activate your user account. 2.1.2 Logging in / Selecting a license
A license is required in order to use Emsisoft Anti-Malware without limitations for longer than 3 days. A user account is assigned to this license. The procedure for creating and enabling a user account is described in detail in 2.1.1 Creating a user account / Enabling an email address. The following section explains how to login to your user account and select the correct license for Emsisoft Anti-Malware. There are basically three types of license:
Every user account is initially automatically provided with two licenses: a Trial license and a Freeware license. Once you have entered your user name and associated password and confirmed these by clicking "Login" you will see the license selection screen. This screen shows all licenses assigned to this user account. One valid license must be selected for each system. Once you have selected a license click "Next" to continue with the configuration of Emsisoft Anti- Malware. If you have received a coupon code for an Emsisoft Anti-Malware license, e.g. if you purchased a license from a third-party dealer, then you can use the "Convert coupon code" hyperlink in the license dialog to convert your coupon into a license code. Enter your coupon code and confirm this by clicking "OK". The license is then automatically created in your user account and you can proceed as described above. 2.1.3 Updater Settings
Select the components to be taken into account for online updates by selecting or deselecting the check box for each desired option.
Once you have made all Updater Settings, confirm these by clicking "Next". The Updater will now search for all updates and install them to bring Emsisoft Anti-Malware up to the latest version. The time required for this can vary and it may take a while, depending on the size and number of update modules and the speed of your Internet connection. If you receive the message "Update process was finished successfully", then the Update was successful and you can continue with the Security Wizard by clicking "Clean Computer now". 2.1.4 Cleaning the computer
Emsisoft Anti-Malware provides you with a choice of scan methods.
The Detail Scan is the default scan method but you can select a different method with a single mouse click. Click on "SCAN" to run the scan. Clicking the "Edit exceptions" link opens a dialog allowing you to define files or folders that are to be excluded from scans and/or real time monitoring. When the scan is finished the Diagnosis list shows the detected objects sorted by color according to their potential risk (red - high risk, yellow - medium risk). The extensions "IK" and "A2" identify the Scan Engine that identified the file as potentially damaging. IK stands for Ikarus and A2 for Emsisoft (formerly a-squared) Right-click in the Diagnosis list to open a context menu providing the following actions:
The actions "Quarantine selected objects", "Delete selected objects", and "Save report" are available after every scan. We recommend always selecting "Quarantine selected objects" because this is the only way of being able to undo the removal of false alerts (so-called false positives). The most recent scan result is always saved to My Documents/Anti-Malware/Logs/LastScan.txt even if you have not saved it manually. 2.1.5 Guard SettingsThe options "Enable background guard on system startup", "Activate file guard" and "Activate behavioral analysis" should always be activated otherwise you have no real-time Malware protection. The "Activate file guard" option ensures that every executed file is checked for damaging code by two signature-based scan engines before it is allowed to run. The "Activate behavioral analysis" option activates the real-time analysis of all running programs so that the system monitors these for damaging activities and thus detects previously unknown Malware. The "Activate surf protection" option provides an additional security layer when you are surfing the Internet. This layer notifies you when you access dubious websites that are suspected to be involved in the distribution of Malware or Spyware. You can also define host rules to allow or prohibit surfing to particular websites. The option "Download and install updates automatically" ensures that Emsisoft Anti-Malware is always up to date and you will not miss any program updates. Emsisoft Anti-Malware searches online for new updates each day and installs them if they are available. You can configure the update behavior of Emsisoft Anti-Malware via "Settings". The "Enable Scheduled Scans" option initiates a PC scan each Friday at 12:00. You can adjust the settings for Scheduled Scans via "Settings". You confirm the Guard settings by clicking "Next". 3. Security Status
The Emsisoft Anti-Malware start screen, called "Security Status", shows an overview of all program and configuration elements. The security status window is divided into three sections. The first part is the menu at the left, containing "Scan PC", "Quarantine", "Logs", "Guards", "Configuration" and "HiJackFree", and it provides easy access to all relevant program elements and configuration dialogs. The middle area provides a status overview of the major program components such as the Guard, Scanner and Update settings. Each component of Emsisoft Anti-Malware has a separate entry and can be directly switched on and off using the mouse. "Settings" brings you immediately to the corresponding configuration dialog for the respective component. "Emsisoft News" shows the latest Emsisoft headlines and keeps you up to date on the latest news.
The third and last area at the right provides you with access to the main Emsisoft Anti-Malware
resources, such as the Emsisoft Homepage, Customer Center, Discussions forum, Security Articles
and also allows you to send suspicious files to our experts for analysis. 4. Scanning the PC
The various scan methods have already been described in 2.1.4 Cleaning the computer but the section below explains the "Custom Scan" method in more detail. The "Custom Scan" method allows you to individually configure the scan behavior to suit your needs.
Use "Add folder" and "Remove folder" buttons to add or remove folders to be scanned. If you want to scan only the files within a certain folder, it is advisable to deactivate the options "Scan memory for active Malware", "Scan for Spyware Traces", and "Scan for Tracking Cookies". Click "Next" to start the Custom Scan. The selected folders are scanned using the chosen parameters. If you wish to repeat a Custom Scan in the future, you can save the configuration to a Scan Settings file via the "Save settings" button and load it anytime via the "Load settings" button. 4.1 Scan process
You can continue using your computer as normal while a Scan is running but please note that the performance of the computer is reduced while a Scan is running and the Scan will take longer if you heavily load the computer in your normal work. The upper area of the window shows the number of scanned areas. The number of detected damaging objects is also displayed here. The line below this shows the path of the object that is currently being scanned. The Diagnosis list shows the details of all detected objects. Please wait until the scan is finished before deleting or quarantining the detected objects. The "Pause" button temporarily pauses the scan until the user continues the scan by clicking the "Continue" button. The "Cancel" button aborts the current scan. If large numbers of files are to be scanned that take a long time then the "Actions on scan end" link allows you to define what Emsisoft Anti-Malware should do when the scan finishes. The default behavior is "Report only" and no other action will be automatically performed. The "Quarantine detected objects" option causes Emsisoft Anti-Malware to automatically move all detected objects into Quarantine immediately after the scan finishes. Both options can be combined with the "Shut down PC" option by selecting the check box of the same name. This option causes Emsisoft Anti-Malware to automatically shut down the computer when the scan finishes and the other options have been executed. This option is especially useful when the computer is to be scanned overnight for Malware.
When the scan is finished the Diagnosis list shows the detected objects sorted by color according to their potential risk (red - high risk, yellow - medium risk). The extensions "IK" and "A2" identify the Scan Engine that identified the file as potentially damaging. IK stands for Ikarus and A2 for Emsisoft (formerly a-squared) Right-click in the Diagnosis list to open a context menu providing the following actions:
The actions "Quarantine selected objects", "Delete selected objects", and "Save report" are available
after every scan. The most recent scan result is always saved to My Documents/Anti-Malware/Logs/LastScan.txt even if you have not saved it manually 5. Quarantine
Quarantine provides a safe place for storing dangerous or suspicious files. Files in quarantine no longer present any kind of threat to your computer. A file can also be restored from quarantine when (e.g.) it was moved by mistake or as the result of a false alert. The quarantine table has Source (path), Behavior/Infection, Risk level, Date and Submitted columns. It also provides administration functions for these files. "Save copy" allows you to save a 1:1 copy of the file to any desired location, e.g. to manually examine the file. "Submit file" sends the file to the Anti-Malware Network, allowing the developers to perform further analysis. This helps to classify new currently unknown Malware and add it to the signature database. "New scan" causes all quarantined objects to be re-scanned using the latest signatures in order to correctly identify previously unknown files as Malware or provide a clean bill of health for previously suspected files and allow them to be restored. "Add file" allows you to move suspicious files into quarantine. "Restore" moves a file from quarantine back to its original location. "Delete" permanently removes the selected object(s) from the hard drive. These can then no longer be restored. Right-clicking in the quarantine table displays a popup menu with "Select All", "Select nothing" and "Invert" menu items to make selection and editing of multiple objects easier. 6. Logs
Logging is an important tool for tracing procedures. The logging screen has "Behavioral analysis", "Quarantine" and "Update" tabs:
"Export" allows you to export a log as a text file. This can be useful for providing extra information in the case of queries or problems. 7. GuardsThe Emsisoft Anti-Malware core, subdivided into "Application rules", "Behavior analysis", "Alerts", "File guard", "Surf protection" and "Host rules", allows easy fine tuning or removal of behavior rules. 7.1 Application Rules
"Application rules" lists all defined application rules, with filename and mode. The filename field shows the file path of the program for which the rule was created. The mode field shows whether the program is blocked (Block), excluded from monitoring (Excluded) or monitored (Monitor). "Monitored" means that particular behavior is allowed but the program will still be monitored by Emsisoft Anti-Malware for other suspicious behavior. Rules can be edited, deleted and added. The following section explains the dialog used for creating and editing a rule:
If a rule is to be created for program X, the first step is to click the "..." button next to the "Application path:" field and select the appropriate executable file so that the complete path is displayed.
7.2 Behavior blockerIn the "Behavior Blocker" tab you define the types of behavior that should be monitored system-wide by Emsisoft Anti-Malware. To exclude particular types of behavior from monitoring, remove the tick next to the relevant entry. Only deactivate Behavioral Analysis components if you are sure that this will not compromise your system security. 7.3 Alert Settings
Emsisoft Anti-Malware reports the behavior of programs that are sometimes clearly damaging but sometimes also only possibly damaging. With some benign programs a clear decision between benign and malicious behavior is not technically possible. Emsisoft Anti-Malware always reports this type of suspicious behavior unless you activate alert reduction to reduce the number of false alarms relating to benign programs.
7.4 File Guard
The File Guard is a new feature in Emsisoft Anti-Malware 5.0 that not only scans files before they are executed but, depending on the settings, also before all other file actions such as moving or downloading from the Internet. The following settings are available for customizing the behavior of the File Guard to suit your needs:
7.5 Surf Protection
The Surf Protection provides an extra layer of security to protect you from suspicious websites and control the use of Cookies when you are surfing the Internet. The following settings for controlling the use of cookies and monitoring the host can be individually set to "Don't block", "Alert", "Block and notify" or "Block silently".
7.6 Host Rules
The "Host Rules" module lists all created rules with blocked and allowed hosts and Cookies with "Hostname" and "Mode". The rules can be individually added, edited or removed. The action "Import hosts" allows to create single rules or lists of rules through typing in the respective host and choosing the desired action "Don't block", "Alert", "Block and notify" or "block silently". 8. ConfigurationThe Configuration area allows you to configure global options such as the Guard Settings, Scheduled Scans, Updates, Auto-Updates, Logging, Permissions and Licenses: 8.1 Guard Settings
The "Enable Guard on system startup" option should always be selected, otherwise the Guard is not automatically started and you then have no real-time Malware protection. The "Enable captcha protection at program end" option prevents unauthorized termination of the Guard by other programs or via the Task Manager. The Guard can only be terminated by entering and confirming a special numeric password. The "Activate self protection" option protects Emsisoft Anti- Malware from being terminated or deactivated by Malware. The "Activate Explorer integration" option allows scanning of individual files or folders via the Explorer context menu (right-click). The "Quarantine Re-Scan" option allows you to customize the re-scanning of Quarantined objects after each signature update to identify any falsely identified Malware (false alerts) and restore them if necessary. The "Language" drop-down menu allows you to define the language used for the user interface and Alerts. Around 30 different languages are currently available. 8.2 Scheduled Scan
The "Scheduled Scan" tab allows easy configuration of automated and scheduled scanning of your computer. You have very detailed control over the scheduling and frequency of scanning:
The run time can be configured as follows:
Additional Settings: If you have explicitly specified a configuration file for the scanner then it performs a Smart Scan by default. To reduce the scan time this only scans the most important directories on the hard drive and not all files. You can also specify your own custom configuration file. To do this, click the "..." button and select a scan settings file (.a2s). You can create scan settings files using the Scanner. To do this, start the Scanner, select "Custom Scan" and then click the "Scan" button. Select the desired scan options and then click the "Save settings" button. Silent scanning: You can configure automatic scans to run invisibly to prevent annoying windows while you are working on the computer. The "Use silent mode for scan process" option causes the scan to be started without a visible window. Only an animated Emsisoft Anti- Malware Scanner icon is displayed in the Taskbar. The Scanner window appears to provide you with information if Malware is detected. If nothing is detected the Scanner automatically terminates when it is finished. 8.3 Update
Select the components to be taken into account for online updates by selecting or deselecting the check box for each desired option.
If your Internet connection uses a Proxy Server then you can make the corresponding settings such as server address and user information in the dialog displayed when you click the "Connection settings" link. 8.4 Popups
You can configure the behavior of all popups such as News, Update and Alarm popups in the "Popups" tab. 8.5 Auto-Update
Use the "Auto-Update" tab to configure when and how often updates should be automatically loaded. You have very detailed control over how often updates should be searched for:
The run time can be configured as follows:
8.6 Logging
Define the maximum number of log messages for Update, Quarantine and Malware-IDS messages. Use a value of 0 for unlimited logging. The default value is 3000. 8.7 Permissions
If your system has multiple Windows user accounts then you can prevent individual users from changing the configuration of Emsisoft Anti-Malware. The default settings allow all users unrestricted access to all Emsisoft Anti-Malware functions. Open this dialog as an Administrator and select a non-administrator user that you wish to restrict. Then select the functions that this user is allowed to access. If your PC belongs to a domain, then select "Use domain users" to change the user list. Permissions are an effective way of (e.g.) preventing children from using possibly dangerous programs. You can use an "Always block this application" application rule to prevent specific programs from running. 8.8 LicenseHere you can manage your license(s) or convert coupon codes into new licenses. The license list shows the license number, type, start date and end date of each license. A non-expired license must be selected in this list in order for Emsisoft Anti-Malware to function correctly. The "Connection settings" hyperlink allows you to configure your Proxy settings if necessary. The "Freeware license" is assigned to every user account by default and never expires. Selecting the "Freeware license" greatly limits the range of functions provided by Emsisoft Anti-Malware. Only manual scanning and cleaning functions are then available. Please note that this does not provide you with sufficient protection from Malware infections. 9. Emsisoft Anti-Malware in operationAn Emsisoft Anti-Malware Alert message has the following layout:
The most important basic rule when using Emsisoft Anti-Malware is: "Keep calm!". You have plenty of time to make a decision because the reported program has been immediately interrupted and rendered inoperative as soon as the alert occurs. Read the alert message carefully and check the source of the indicated file (file name and path). This is often a good indication as to whether this is a suspicious or benign application. Did you start the program yourself or was it started in the background? Does the program come from a trustworthy source? What information is can be obtained from the file properties (Details tab) of the reported file? For false alerts relating to benign programs the community-based alert reduction can help in many cases. Programs used by many users are often evaluated. You can then see the decisions of other users in the form of a bar graph. When most users have allowed a program to run then Emsisoft Anti-Malware recommends that you do the same. If you are still unsure after checking, then take no risks and first move the file to quarantine. Then contact our support team at the Customer center or Support forum and give them all readable information, such as path, file properties, diagnosis, Mamutu version, Windows version and what you were doing when the alert appeared. 10. Version ComparisonThe following page provides a comparison of the functions available in Emsisoft Anti-Malware, Emsisoft Emergency Kit, Emsisoft Mamutu and Emsisoft Anti-Dialer: http://www.emsisoft.com/en/software/compare/ 11. Ordering InformationImportant! Important! To fully test Emsisoft Anti-Malware before purchasing it, please download and install the free 30-day trial version. This provides the full range of features.
Emsisoft Anti-Malware costs US $39.95 per year or US $69.95 for two years. What do I receive when purchasing Emsisoft Anti-Malware?
Order at: http://www.emsisoft.com/en/order/antimalware/ Enabling your license: The license is added to your user account. To adopt the license on your PC, click "Refresh licenses" in the License dialog and select the full version. Then perform an online update. A functioning Internet connection is required for enabling licenses. Have a nice (Malware-free) day! |
|
