[Contest] Emsisoft Anti-Malware 7 [Forum Exclusive]

Emsisoft is an Austrian-based developer of security software, with products acclaimed by industry professionals and enthusiasts alike for their streamlined functionality, excellent protection with great detection rates and very capable heuristic capabilities.

In a little more than 8 years, the company managed to grow from developing pure niche product against Trojans and worms supplementing classical antivirus software, to having a market share of over 1% of the security market and over 6 million users today.

Product Version
Emsisoft Anti-Malware 7 was released in October 2012 with a host of major improvements:

  • Completely new second scan engine from BitDefender (B) with even more efficient scans and greater detection rate.
  • Significantly less false alerts as they were usually caused by the former second scan engine.
  • Improved first scan engine (A) now runs faster than ever.
  • New performance settings for experts to configure the CPU use of the scanner.
  • Significantly better real-time protection performance. The active guard does not slow down your computer.
  • Optimized Malware cleaning to be able to restore registry entries that were affected by Malware.
  • Improved surf protection to block Malware-, phishing- and privacy risk websites with a brand new and more frequently updated database.
  • Faster online updates via smaller incremental downloads.

The current stable version of EAM is 7.0.0.12, released as a maintenance update for improved overall stability and performance.

Installation
The Offline installer of EAM is a substantial 245 MB and is being refreshed daily to include latest Malware signatures and to also avoid unnecessary download traffic during the initial online update after installation.

The installation process is very straightforward and consists of 3 uncomplicated steps:

  • Select Language – 27 language packs are available,
  • Accept License Agreement, and
  • Installation – program components and the dual-engine signatures

Setup Wizard
One aspect of the EAM installation process I like is the launch of Setup Wizard after the installation is finished. It includes 4 distinct steps to help you activate, update, scan your PC and adjust program settings.

Select License Type
You can test EAM with a trial license for 30 days. Acquiring the license is very simple as it is performed from the interface and doesn’t require lengthy, multistep process, with email verifications, replies, etc.
The Freeware Mode will disable any real-time features of the product and EAM will be used as a powerful on-demand scanner.

Update
This step will perform an update to download latest program components, Malware signatures and white/black lists.

Clean Computer
The next step after upgrading is performing an initial scan. There are 4 options available:

  • Quick Scan – scans for rootkits, active processes and the registry
  • Smart Scan – Quick Scan, as well as the Program Files and Windows folders
  • Deep Scan – the most comprehensive scan, with all files on all drives scanned for complete peace of mind
  • Custom Scan – select Folders, Malware categories and other scan options, such as direct disk access. Custom scans can be saved and loaded for subsequent use.

Prevent Infection
After the scan is finished, and hopefully your computer is clean or cleaned, you can turn on/off the individual components providing real-time protection, and also configure application rules, updates and scans.
Since EAM has been designed and developed with compatibility with other security applications in mind, there are hardly any conflicts with other software. Even so, it would be a good practice to set some mutual exclusions early in the process.

You don’t have to restart your computer to begin using Emsisoft’s protection, which will be activated and product started as soon as the Setup Wizard is closed.

Security Status
This is the main window of EAM and it provides an overview of the protection status, such as the 3 main layer s of protection, scanner and update status. The program version, the number of Malware signatures and the remaining days of the license are also displayed.

Settings
EAM manages to find the sweet spot of number of options, sensitivity and granularity. Although extensive and detailed, the settings are very well laid out, logically and ergonomically. The default settings already provide very good blend of protection, usability and performance.

Configuration
Contains the tabs for general settings, updates, notifications, logging, permissions and license information.

Automatic Updates – using the latest signatures is a good starting point for your protection and EAM will let you set the updates check interval to any value you’re comfortable with, going to as low as 30 minutes.
In terms of update settings, make sure you keep Join the Anti-Malware Network selected. Emsisoft implements hybrid protection, combining cloud service and conventional scanner to utilize the best of both technologies. This will provide real-time cloud checks and can help with community based alert reduction.

Be mindful if opting for Beta Updates, especially on a production computer. I haven’t experienced any issues with downloading the beta updates, however if you do, make sure you have backup/imaging routine implemented.

Guard

File Guard
3 options are available for selection. The default setting is the compromise between the best performance and best protection. Setting File Guard as anti-executable only will be best if used on less powerful PC.
Editable extensions filter and white list will further help in finding the optimal configuration for your needs.

The default Alerts option provides the best protection and feedback – threats are blocked automatically, quarantined and a notification is displayed. You can also opt for blocking silently. As good as this is for usability, be mindful you may need to inspect logs, and also investigate and tweak program rules.
Alert is the interactive option best suited to advanced users, preferring to make a decision themselves whether to allow or block behaviour.

Behavior Blocker
Manages the configuration of malicious behavior monitoring. The BB in EAM, also available as as a separate product – the excellent, and considered by many professionals as the best stand-alone BB today, Emsisoft Mamutu.

Alert Settings
Used to configure Behavior Blocker prompts. Acknowledging that these could be challenging and tiresome to answer, and also disruptive, you can utilize a number of options to make BB as quiet as possible, such as Activate intelligent alert reduction [can reduce detection quality] and Community based alert reduction, which would perform online checks with Anti-Malware Network.

The alerts are very descriptive, containing high level overview of the behavior and plenty of technical details.
Usability is guaranteed with options to allow/block certain behaviour or allow/block all, as well as the option to create a rule or just apply your selection once.

Quarantining

Depending on the perceived severity of the behavior, the lower part of the prompt frame will be in different color to draw attention. If the online product behavior lookup is enabled, a suggestion will be displayed containing the decisions of EAM user base to date.

Surf Protection
The default settings for Malware and Phishing hosts are fine, I personally have Privacy Risks set to Block Silently, which to me is the best option for both protection and usability.

Performance
In terms of disk space, EAM takes approximately 285 MB after installation. It’s interesting to note that the Malware signatures are separated, with Bitdefender set located in separate folder.

EAM creates a single service – Emsisoft Anti-Malware 7.0 Service, which is used for both scanning the PC for unwanted software and providing protection from malicious code.
The 3 running EAM processes are hardly noticeable during normal operation.

During scans, the resource usage would naturally increase, and even then, it is pretty civilized with averages of 15 – 60% CPU and 40 – 150 MB RAM working set. And this is far better than some definitely more intensive and way slower scanners out there. While some may feel that the initial scan speed is just acceptable, it’s the advanced caching mechanism that greatly improves the subsequent scan durations. Other options for optimizing performance when scanning can include setting of threads, priority and processors to use.

Test Results
EAM has an excellent record in MRG Effitas 0-day and Banking Malware tests. In the Banking Malware test, EAM scored perfect 100% Pass, alongside competitors like avast, DefenseWall and Kaspersky, which utilize sandboxing and browser virtualization to achieve these results, a proof of the excellent real-world real-time protection provided by Emsisoft.
It has also proved very capable in VB100 tests, scoring excellent results for both reactive and proactive protection.

Minor Issues
I have noticed on occasions that the Malware protection components may not be always on after installation and there can be some difficulties enabling protection. In that case, a restart would quickly resolve the issue.

Another point of consideration would be Action Center alerts that no active Malware protection is enabled. Again, there is an easy fix for that – simply turn off and then back on the File Guard to fix the Action Center issue.

Occasional increases in RAM and CPU can also happen, these spikes tend to be very short time-wise.

Since EAM started using Bitdefender’s SDK and signatures as a second engine, the size of definition updates has increased noticeably. Also, the Bitdefender [BD] updates feel subjectively slower compared to BD’s own update process.

Conclusion
While the excellent detection was associated with heavy resource usage, slow scans and False Positives before, EAM 7 has optimized resource usage, minimal to modest effect on the boot time and general PC operation.
These are definitely the most improved aspects about EAM, along with the seamless integration of dual scanning engines and impressive gains in scan times.

With 3 distinct layers of protection – File Guard, Behavior Blocker and Surf Guard, 2 excellent scanners, a company with commendable ethics and beliefs; an enviable vision; and technical ability, Emsisoft Anti-Malware is no longer an exotic niche or a second opinion product – it is a competent contender, providing excellent protection; easily comparable, and often better than the well established names in the PC security industry.

Reviewer: NathanF1

Click here to join this giveaway!


Filed Under: Contests wonGiveaways and contests

Tags: