Emsisoft Internet Security 220.127.116.1165 short review and some observations
I have always been a HIPS fan and experience/used the HIPS of Comodo, Online Armor Premium, Eset Smart Security and Outpost Firewall Pro. But as I started migrating (late migration) to Windows 8.1 Pro (from Win 7 Ultimate) I encountered issues with my then CIS firewall. That made me switch to using a complete suite. I chose Emsisoft Internet Security - EIS.
I find it to be light and effective security suite almost as if it seems to be an install and forget application. Almost. Well the devs are aiming for that and if I remember correctly they are geared towards less user interaction (as much as possible) and let the application decide what's best for them. Seems a bit odd for those of us who have been accustomed to setting his security application piece by piece but the rationality about this (from the devs) is the more the user is asked for inputs by the application he (the user) is more inclined to set "allow" because he doesn't want to be bothered as he works. Take the scenario of a user working on something important and then his security applications throws a pop-up on a program that his security application thinks needs further clarification (from him). Then it hit's him, he does not know what to do....to "allow" or "block" it. And then after blocking it a couple of more pop-ups are thrown again and again and again...making the user click "Allow" so he will not be bothered again.
Maybe one of us have gone through the same scenario, well maybe even once or twice. Sometimes the pop-ups are too much that they hinder what we do and test our temper. Annoyance to the max! That annoyance (especially when working or doing something very important) will force any user to "allow" that particular event and there lies the problem thus the reasoning of the devs. Emsisoft aims to be that way for the normal user. A sort of "Trust me I will protect you!". Well if you don't trust your security application to do it's job then your in trouble or better yet not use it altogether
Anyway, here are some info on Emsisoft Internet Security 11 as I see and use it.
The main gui shows 4 quick access panels:
Protection - which has the Surf Protection, File Guard, Behavioral Blocker and the firewall.
Scan - which shows what you can do with scanning your pc whether it be quick scan, malware scan or custom scan.
Quarantine - shows you the number of items that are quarantined from the last scans that you did.
Logs - which shows you the EIS's data from protecting you.
Along with it you can see the "Updates" which shows the status of your EIS update. The license which shows you the countdown left till your license expires. Support where you can get in touch with Emsisoft if you need any assistance.
In the top most portion of the gui are 6 main tabs namely: Overview, Protection, Scan, Quarantine, Logs and Settings.
The main gui itself with all the quick access panels and everything you need to click to set EIS up.
Has 5 tabs to protect you. Application Rules, Surf Protection, File Guard, Behavioral Blocker and Firewall.
This is where you can set the individual application rules for each application program installed in your pc. Setting up an application rule is pretty straight forward here. Just right-click>edit and the application rules window will appear. There you can set a program/application to not run with the "Always block this application(impossible to run)" or "Monitor this application, but allow/block specific activities". That particular specific activities can be set up with the Behavioral Blocker and Firewall rules (incoming/outgoing).
Take the case of Google Chrome browser. Well you can't block that as you need it because it's a browser you use (but if you want it blocked --you can via the "Always block this application(impossible to run)". Custom rules are pretty straight forward too. You can set "Allow" or "Block" on specific activities in the Behavioral Blocker tab.
In the Firewall rules you can set it to "All Allowed", "Custom rules" or "All Blocked". In the case of Google Chrome the custom rules has a preset "Web Server Rule" which is appropriate enough for incoming rules and "Web Browser Rule" for outgoing. Setting that is quite alright and anything else called out by chrome.exe to elicit an incoming/outgoing connection will merit a pop-up. Here I'd like an additional rule (I see in Avast Firewall) "all other connections" --Block.
Surf Protection protects your internet activity, block websites which are known malware magnets or malware haven. Here you can import host files and set action for those sites either Block silently, Don't block, Alert, and Block and notify. You can also set rules for individual websites. Just enter a hostname or IP address and and set action for those sites either Block silently, Don't block, Alert, and Block and notify.
As the word implies "File Guard" guards every inch or your files inside your computer. Sort of a "to protect and defend". Set scan level for scanning your files whether it be Fast(scans when the files is started), Balanced (scans when they are modified) or Thorough (scans when they are read). Filetype scanning can also be set to further EIS's protection. You can either add (include) or remove (exclude) a specific file type from File Guard's scanning.
For any detection (which is either of a "Malware" kind or a potentially unwanted program (PUP) you can set the appropriate action to be done by EIS, whether it be Alert, Quarantine or Quarantine silently. I choose to be alerted as I always want to be informed of any detection. You can also set a whitelist for your trusted files like your other layer security application or any file for that matter. Just place it there in the whitelist and it will not be scanned and guarded as you set it via your preferences. Email notifications are also there if malware is detected though I seldom use it.
Monitors all the running processes in your computer. For every process running you are given options to either, "Create rule"(if rules have not been created or edit a particular rule), "Lookup online" check the process online to see if it is malicious or not, "Quarantine program", "End/terminate the particular process", "Open file location" and see it's "File properties".
For programs or processes that are showing suspicious behavior but at the moment cannot be verified you can set how EIS will inform you. Depending on your preference you can either "Display alert window", "Always allow the program", Use recommended option or Always quarantine the program.
Most importantly the comprehensive firewall allows you to setup/manage all your networks, incoming/outgoing connections as well as protocols and ports used. Firewall rules are pretty straight forward for any beginner too. For any given program you can set a name for your rule, say, office applications where in the Action - you can either "Allow" the connection, "Block" the connection or let the firewall decide "According to the application rules" you created.
The advanced firewall settings are divided between Trustworthy programs and Unknown programs. there you can set it either to "Allow" the connection, "Block" the connection or "Ask" your input if you will either allow/deny a connection.
Network management the same with other firewall you can set your connections to either Public or Private Network.
It is and should be a "must" for us all that we scan our system often or "frequently" depending on your preference and usage behavior. Nowadays it seems to be a burden to some to stop and scan their system because it takes too long to finish or they are just plain busy to do it. Some say, "what for..my AV will do that for me". Bzzzzzt!!! Wrong! Some viruses are silent and stealthy enough that they evade capture based on your settings and the non-updated signatures of the AV itself (so regularly update your AV) and thus be able to spread malicious mischief all over your beloved system. For EIS it should not be a bother because you can set custom scans to your desire and preference. When and how. For most a "Quick scan" is enough (should be warranted in us all) or the usual "Malware scan" if you want to check a specific file if it's malicious or not.
The Scan tab will show you options for a New Scan (Scan Now) and Scheduled Scans.
Scan Now (New Scan)
You are shown with 3 modes you can select. The "Quick scan" will only scan active programs for Malware traces. The "Malware scan" will scan all places that Malware typically infects and the "Custom scan" where you can configure your own setting according to your own preference.
The Performance settings will let you set the number of processors to be used with the scan, number of threads, scan thread priority. The "On scan completion" will give you options to either Report only or Quarantine detected objects. You can also opt to shutdown your computer or not after the scheduled scan. The Manage Whitelist is based on the whitelisted programs you added previously in File Guard. As in File Guard you can tick/untick what you want a whitelisted program and "exempt/exclude it". (-- exclude from Scanner, File Guard, BB-Behavioral Blocker)
To go further, in the Custom Scan window you are given the options to "Add/Remove" drives or folder from scanning. Set "Scan Objects" to be scanned (Scan for active Rootkits, Scan memory for active Malware and Scan for Malware Traces). For Scan settings you can either tick/untick categories (Detect PUP, Scan in compressed archives, Use file extension filter and Use direct disk access). Settings can be saved and loaded again at your preference.
Here you can configure your scan preferences and to scan "what", "when" and "how" EIS will execute it. Scheduled scan types are with categories (Quick Scan, Malware Scan and Custom Scan). The "Configure" button will show a window similar to the "custom scan" with the same options for "Add/Remove" drives or folder, Scan Objects and Scan Settings.
As with the Scan Computer, the Performance settings will let you set the number of processors to be used with the scan, number of threads, scan thread priority. The "On scan completion" will give you options to either Report only or Quarantine detected objects. You can also opt to shutdown your computer or not after the scheduled scan. The Manage Whitelist is based on the whitelisted programs you added previously in File Guard. As in File Guard you can tick/untick what you want a whitelisted program and "exempt/exclude it". (-- exclude from Scanner, File Guard, BB-Behavioral Blocker)
The Quarantine tab shows all the detections and files manually placed (--pending further malware analysis). It is the safest place (some call it a vault) for suspicious files as when placed there it cannot do any damage to your system. Details of the source, detection, risk level and their respective dates of detection are displayed there. It also shows whether that file has been submitted to Emsisoft for further analysis or not.
As the word implies contain all the important details of actions performed by EIS. Here you can view past logs of EIS's protection.
The Settings tab has 6 modules namely: General, Privacy, Updates, Notifications, Permissions and License.
Here you can configure Guard Settings (Enable real-time protection at startup, Enable self-protection, Enable captcha protection at program shutdown and Activate memory usage optimization).
Explorer integration and logging you can either tick/untick and set maximum log records. The Backup and Restore Settings has 3 buttons for you to "export settings", Factory default (reset to factory default settings) and Import settings you have saved previously.
Language as the word implies you can set to your preference as well as the Quarantine Re-Scan options of
Automatic, Manual or No re-scan.
Privacy gives you options to use SSL encryption for all server comms and submit crash/usage reports to Emsisoft as well as the Emsisoft's Anti-Malware Network settings wherein you can tick/untick options like Submit info about detected Malware, Submit application and host rules, Lookup reputation of programs, Auto allow programs with good reputation and Automatically quarantined programs that are bad.
Set settings for program updates are done here. The frequency and time of program/definitions updates, connection settings (how many and what kind f updates either Stable, Beta or delayed).
Pop-ups and alerts settings and how long or the duration it is displayed.
Here you can set a password for EIS, Restricted users as well as the allowed actions the restrict user is able to do. You can either tick/untick a category to your preference.
Here you can view your license and up until when will it be valid. You can change the license as you please with a new one when it expires. From here you can also renew your license and obtain a new one.
Emsisoft Internet Security 11 is a full security suite that isn't too hard to setup and understand. It can be as easy as it is for a newbie or beginner or for anyone who has already setup his security application's settings. The installation setup is pretty much fast and upon connection to the internet it will validate your license and update the definitions accordingly. When using the pc it is smooth and there are hardly any pop-ups to deal with in comparison to it's relative and now dead Online Armor which will almost every-time annoy you with pop-ups if program rules are not setup properly.
To mention again setting up EIS to your preference is easy with what was shown above as the gui is user friendly enough plus there are presets to help you out like the one I mentioned with Google Chrome browser setting. Firewall rules creation is pretty much straight-forward. As they said "easy to set up and clearly presented in the layout". I like the Behavioral Blocker presets which you can just tick/untick a behavior to be Allowed/Blocked. The always block this application from running is also good as it can really block an application from executing.
Customer Support is where they excel as you can just send them an email and they will tackle what it is that is the issue with your installation. I have been blessed more than once with CS representatives that are so attentive/caring with my issues until they are solved.
Detection (with BitDefender engine and Emsisot's rolled into one) is a no compromise here the scores that Emsisoft obtained from the AV testing companies speak for itself. I have not tested Online Banking until now because I do not bank-online. I go to the bank personally when I can.
Of course no security suite is a perfect one. Some observations:
Computer freezes when EIS blocks a program
This has happened to me a couple of times and is REALLY ANNOYING. All stops because I think EIS and the program blocked are both clashing. Sometimes I can use KillSwitch to terminate whatever is being blocked by EIS but oftentimes you really can't do anything except watch the mouse pointer turn to the cian-blue circle going round and round and round. If you wait it will seem like it's forever. Most of the time I reboot via the restart button of the cpu. To date there has been no incidences like this one but I am still observing. Other than that when EIS throws a pop-up and I answer it everything is well.
Some experience it, some do not but it remains a point to ponder.
GUI is too big!
The gui to me is too darn big and have been pointed out previously especially in the ver9 beta trials. For those with small monitors that is a problem and may not so often like it when it is displayed because it will eat up most of the monitor space. Sad that Emsisoft is not thinking about making the gui a bit smaller. Some, because of long use, do not mind anymore.
On me I still wish just a bit more smaller please I mean look at the actual size below.
Updates issue with gui and tray icon
There is also this update issue in connection with the gui, sometimes the tray icon will "pulsate" which is a sign that automatic updates is running and that updates are being downloaded but when you open the gui there is no inkling that EIS is updating. It's suppose to show "initializing" and then "updating". When you point the mouse pointer to the tray icon it will show that it is "updating xx%". I have for sometime now have observed this phenomenon. It is intermittent. Running the update via the gui also has some intermittent issues. Sometimes it will run, will show "Initializing" and then after a couple of seconds "Updating". Mostly when you click "Update" nothing happens. You'd have to check the tray icon if EIS is updating. I have also heared this same behavior for EAM - Emsisoft Anti-Malware.
Workarounds I discovered:
1. To log-off and try again in the gui or right-click the tray icon and choose "Update" and then wait and see. Further you can just reboot and try again.
2. Let it stand and wait for EIS to update itself. Don't do anything. Wait for the tray icon to pulsate and let if finish.
Quite annoying but I can live with it for now. I do not want to do an uninstall and re-install as I am busy at the moment.
A clean install might solve this one but as mentioned I am busy at the moment
Emsisoft Anti-Malware is similar to set and use. It is EIS minus the firewall so I may not be doing a short spin of EAM for the the being. Or if I have the time I will uninstall EIS after my license expires and use EAM + Tinywall or hmmmmm....not yet decided what firewall to use there.
So for Emsisoft Internet Security 11 other than those I have observed and have written above I believe that's about it. I like using it. I have relied on it for about a year or so, will still rely on it for my protection. You should try it guys and get the feel for yourself
For those who have not yet tried EIS you can