Emsisoft Anti-Malware Tutorial

These instructions for Emsisoft Anti-Malware relate to software version 5.0 and provide an easy to understand explanation of how to install and configure Emsisoft Anti-Malware.

1. Program Description
2. Installation
2.1 Security Wizard
2.1.1 Creating a user account / Enabling an email address
2.1.2 Logging in / Selecting a license
2.1.3 Updater Settings
2.1.4 Cleaning the Computer
2.1.5 Guard Settings
3. Security Status
4. Scanning the PC
4.1 Scan process
5. Quarantine
6. Logs
7. Guard
7.1 Application Rules
7.2 Behavior blocker
7.3 Alert Configuration
7.4 File guard
7.5 Surf Protection
7.6 Host Rules
8. Configuration
8.1 Guard settings
8.2 Scheduled Scan
8.3 Update Settings
8.4 Popups
8.5 Auto-Update
8.6 Log Settings
8.7 Permissions
8.7 License
9. Emsisoft Anti-Malware in Operation – Dealing with Alert Messages
10. Version Comparison
11. Ordering Information

1. Program Description

Emsisoft Anti-Malware monitors all active programs in real time for dangerous behavior (Behavior Blocking) and can detect new unknown Trojans, Worms, Viruses and other damaging programs (Zero-Day dangers) without daily updates. The signature-based security (Emsisoft and Ikarus double engine) ensures a very high recognition rate of known Malware such as Trojans, Worms and Viruses.

2. Installation

Always download the latest setup file to install Emsisoft Anti-Malware:
http://www.emsisoft.com/en/software/antimalware/

Start the downloaded file (a2AntiMalwareSetup.exe) and follow the instructions of the setup wizard. During installation, you can decide where the software is to be installed and whether shortcuts are to be created on the Desktop and in the Quick Launch Toolbar. After installation, start the Emsisoft Anti-Malware Security Wizard as recommended

Deinstallation

Deinstallation of Emsisoft Anti-Malware is done using the Uninstaller provided. You reach this via Start/Programs/Emsisoft Anti-Malware/Uninstall Emsisoft Anti-Malware or via the Windows Control Panel/Add or Remove Programs (Windows 2000/Windows XP) or Windows Control Panel/Programs and Features (Windows Vista/7).

2.1 Security Wizard

The Security Wizard automatically starts the first time you run Emsisoft Anti-Malware. The wizard helps you to set up an optimum security configuration on your PC and guides you step-by-step through the settings.

You are first requested to select a suitable license scheme. Three schemes are available.

  • 3-day free trial: If you want to immediately test Emsisoft Anti-Malware with a minimum of effort then select this scheme and click “Next”.
  • I want to test more thoroughly – 30-day trial: If you want to test Emsisoft Anti-Malware more thoroughly then select this scheme and click “Next”. You are now requested to create a user account. Fill out the “Name”, “Email” and “Password” fields and confirm your entries by clicking “Create account”. A confirmation link will be sent to the specified email address and you must click this link to start the trial period.
  • I have a full version: If you already have a valid license then select this scheme and click “Next”. You are now requested to register your license. To do this, enter your user information (your email address as the username and your password) and then confirm the information by clicking “Log in”. If the login was successful you will now see all licenses available for your user account. The trial license is always available by default. If you have several licenses, select the one you wish to use by clicking it and confirm your selection by clicking “Next”.

2.1.1 Creating a user account / Enabling an email address

A free user account is required for managing your license(s). This user account is assigned to all your licenses, including the 30-day test license and the Freeware license. The user account consists of a name, an email address and a password.

After you click the “Create” button a data entry screen for creating a user account is displayed and you must enter the following information:

  • Name – This name is used in emails and when communicating with the customer center
  • Email – The activation link for enabling your user account is sent to this email address. The email address is also your user name for logging in and using your Emsisoft Anti-Malware license(s). You must be sure to enter a valid email address here.
  • Password – This is your user account password that allows access to your license(s).

Subscription to the (free) newsletter is optional and can be cancelled at any later time.

Click the “Register” button after you have filled out all the fields. An email is now sent to the specified email address but please note that this may take a couple of minutes to arrive. In addition to a greeting the email also contains an activation link. You must click this link once in order to finally activate your user account.

2.1.2 Logging in / Selecting a license

A license is required in order to use Emsisoft Anti-Malware without limitations for longer than 3 days. A user account is assigned to this license. The procedure for creating and enabling a user account is described in detail in 2.1.1 Creating a user account / Enabling an email address. The following section explains how to login to your user account and select the correct license for Emsisoft Anti-Malware.

There are basically three types of license:

  • Full version license: Among other features this license allows unrestricted use of Emsisoft Anti-Malware for the selected license period (1 year, 2 years, 3 years). A detailed list of all advantages of a full version license is provided in 11. Ordering Information.
  • Trial license (test version): Provides unrestricted functionality free of charge for 30 days. After 30 days the software switches over to the free Scanner mode (see Freeware license).
  • Freeware license: All real-time functions are deactivated when you run Emsisoft Anti-Malware with a Freeware license. You can still use the program to manually check your computer for Malware and remove any infections.

Every user account is initially automatically provided with two licenses: a Trial license and a Freeware license.

Once you have entered your user name and associated password and confirmed these by clicking “Login” you will see the license selection screen. This screen shows all licenses assigned to this user account. One valid license must be selected for each system. Once you have selected a license click “Next” to continue with the configuration of Emsisoft Anti- Malware.

If you have received a coupon code for an Emsisoft Anti-Malware license, e.g. if you purchased a license from a third-party dealer, then you can use the “Convert coupon code” hyperlink in the license dialog to convert your coupon into a license code. Enter your coupon code and confirm this by clicking “OK”. The license is then automatically created in your user account and you can proceed as described above.

2.1.3 Updater Settings

Select the components to be taken into account for online updates by selecting or deselecting the check box for each desired option.

  • Install program help – Select this option if you need help with Emsisoft Anti-Malware or want to keep up to date. The help files require about 1 Mb of extra disk space.
  • Install additional languages – Select this option if you wish to install and update additional language support. If this option is deselected then only the language package you are currently using will be updated. The additional language packages require about 6 MB of extra disk space.
  • Install beta updates – Select this option only if you always want to use the latest, untested Beta versions of the program files. We recommend that only experienced users select this option, or when you are requested to do this for fault-finding purposes. Beta updates may still contain bugs and cause unpredictable problems.
  • Submit names of detected Malware – Select this option if you want to submit the names of detected Malware to Emsisoft for statistical purposes.
  • Join the Anti-Malware Network – Select this option to send data on found objects as needed and to use the community-based alert reduction feature.
  • Verify program modules versions – Select this option to check that all program components are the correct versions.

Once you have made all Updater Settings, confirm these by clicking “Next”.

The Updater will now search for all updates and install them to bring Emsisoft Anti-Malware up to the latest version. The time required for this can vary and it may take a while, depending on the size and number of update modules and the speed of your Internet connection.

If you receive the message “Update process was finished successfully”, then the Update was successful and you can continue with the Security Wizard by clicking “Clean Computer now”.

2.1.4 Cleaning the computer

Emsisoft Anti-Malware provides you with a choice of scan methods.

  • Quick Scan – Scans all active programs, Spyware Traces and Tracking Cookies.
  • Smart Scan – Good and fast result, but only important folders will be scanned.
  • Deep Scan – Slowest scan, all files on all hard disks will be scanned deeply.
  • Custom Scan – All scanner settings can be manually set and stored for later use.

The Deep Scan is the default scan method but you can select a different method with a single mouse click. Click on “SCAN” to run the scan.

Clicking the “Edit exceptions” link opens a dialog allowing you to define files or folders that are to be excluded from scans and/or real time monitoring.

When the scan is finished the Diagnosis list shows the detected objects sorted by color according to their potential risk (red – high risk, yellow – medium risk). The extensions “IK” and “A2″ identify the Scan Engine that identified the file as potentially damaging. IK stands for Ikarus and A2 for Emsisoft (formerly a-squared)

Right-click in the Diagnosis list to open a context menu providing the following actions:

  • Select all – selects all objects in the list
  • Select nothing – deselects all objects on the list
  • Invert – deselects all selected objects and selects all unselected objects
  • Add to exceptions – add all selected objects to the exceptions list. These objects will then be ignored by the next scan.
  • Submit as false alert – Automatically submits the file to our Malware Lab for checking as a possible false alert.

The actions “Quarantine selected objects”, “Delete selected objects”, and “Save report” are available after every scan. We recommend always selecting “Quarantine selected objects” because this is the only way of being able to undo the removal of false alerts (so-called false positives).

The most recent scan result is always saved to My Documents/Anti-Malware/Logs/LastScan.txt even if you have not saved it manually.

2.1.5 Guard Settings

The options “Enable background guard on system startup”, “Activate file guard” and “Activate behavioral analysis” should always be activated otherwise you have no real-time Malware protection.

The “Activate file guard” option ensures that every executed file is checked for damaging code by two signature-based scan engines before it is allowed to run.

The “Activate behavioral analysis” option activates the real-time analysis of all running programs so that the system monitors these for damaging activities and thus detects previously unknown Malware.

The “Activate surf protection” option provides an additional security layer when you are surfing the Internet. This layer notifies you when you access dubious websites that are suspected to be involved in the distribution of Malware or Spyware. You can also define host rules to allow or prohibit surfing to particular websites.

The option “Download and install updates automatically” ensures that Emsisoft Anti-Malware is always up to date and you will not miss any program updates. Emsisoft Anti-Malware searches online for new updates each day and installs them if they are available. You can configure the update behavior of Emsisoft Anti-Malware via “Settings”.

The “Enable Scheduled Scans” option initiates a PC scan each Friday at 12:00. You can adjust the settings for Scheduled Scans via “Settings”.

You confirm the Guard settings by clicking “Next”.

3. Security Status

The Emsisoft Anti-Malware start screen, called “Security Status”, shows an overview of all program and configuration elements. The security status window is divided into three sections.

The first part is the menu at the left, containing “Scan PC”, “Quarantine”, “Logs”, “Guards”, “Configuration” and “HiJackFree”, and it provides easy access to all relevant program elements and configuration dialogs.

The middle area provides a status overview of the major program components such as the Guard, Scanner and Update settings. Each component of Emsisoft Anti-Malware has a separate entry and can be directly switched on and off using the mouse. “Settings” brings you immediately to the corresponding configuration dialog for the respective component. “Emsisoft News” shows the latest Emsisoft headlines and keeps you up to date on the latest news.

The third and last area at the right provides you with access to the main Emsisoft Anti-Malware resources, such as the Emsisoft Homepage, Customer Center, Discussions forum, Security Articles and also allows you to send suspicious files to our experts for analysis.

The lower part of this area shows the exact version number of Emsisoft Anti-Malware, the number of signatures used for scanning and the number of days remaining before your license expires.

4. Scanning the PC

The various scan methods have already been described in 2.1.4 Cleaning the computer
but the section below explains the “Custom Scan” method in more detail. The “Custom Scan” method allows you to individually configure the scan behavior to suit your needs.

Use “Add folder” and “Remove folder” buttons to add or remove folders to be scanned.

If you want to scan only the files within a certain folder, it is advisable to deactivate the options “Scan memory for active Malware”, “Scan for Spyware Traces”, and “Scan for Tracking Cookies”. Click “Next” to start the Custom Scan. The selected folders are scanned using the chosen parameters. If you wish to repeat a Custom Scan in the future, you can save the configuration to a Scan Settings file via the “Save settings” button and load it anytime via the “Load settings” button.

4.1 Scan process

You can continue using your computer as normal while a Scan is running but please note that the performance of the computer is reduced while a Scan is running and the Scan will take longer if you heavily load the computer in your normal work.

The upper area of the window shows the number of scanned areas. The number of detected damaging objects is also displayed here. The line below this shows the path of the object that is currently being scanned. The Diagnosis list shows the details of all detected objects. Please wait until the scan is finished before deleting or quarantining the detected objects.

The “Pause” button temporarily pauses the scan until the user continues the scan by clicking the “Continue” button. The “Cancel” button aborts the current scan.

If large numbers of files are to be scanned that take a long time then the “Actions on scan end” link allows you to define what Emsisoft Anti-Malware should do when the scan finishes. The default behavior is “Report only” and no other action will be automatically performed. The “Quarantine detected objects” option causes Emsisoft Anti-Malware to automatically move all detected objects into Quarantine immediately after the scan finishes. Both options can be combined with the “Shut down PC” option by selecting the check box of the same name. This option causes Emsisoft Anti-Malware to automatically shut down the computer when the scan finishes and the other options have been executed. This option is especially useful when the computer is to be scanned overnight for Malware.

When the scan is finished the Diagnosis list shows the detected objects sorted by color according to their potential risk (red – high risk, yellow – medium risk). The extensions “IK” and “A2″ identify the Scan Engine that identified the file as potentially damaging. IK stands for Ikarus and A2 for Emsisoft (formerly a-squared)

Right-click in the Diagnosis list to open a context menu providing the following actions:

  • Select all – selects all objects in the list
  • Select nothing – deselects all objects on the list
  • Invert – deselects all selected objects and selects all unselected objects
  • Add to exceptions – add all selected objects to the exceptions list. These objects will then be ignored by the next scan.
  • Submit as false alert – automatically submits the file to our Malware Lab for checking as a possible false alert.

The actions “Quarantine selected objects”, “Delete selected objects”, and “Save report” are available after every scan.

We recommend always selecting “Quarantine selected objects” because this is the only way of being able to undo the removal of false alerts (so-called false positives).

The most recent scan result is always saved to My Documents/Anti-Malware/Logs/LastScan.txt even if you have not saved it manually

5. Quarantine

Quarantine provides a safe place for storing dangerous or suspicious files. Files in quarantine no longer present any kind of threat to your computer. A file can also be restored from quarantine when (e.g.) it was moved by mistake or as the result of a false alert.

The quarantine table has Source (path), Behavior/Infection, Risk level, Date and Submitted columns. It also provides administration functions for these files.

“Save copy” allows you to save a 1:1 copy of the file to any desired location, e.g. to manually examine the file. “Submit file” sends the file to the Anti-Malware Network, allowing the developers to perform further analysis. This helps to classify new currently unknown Malware and add it to the signature database. “New scan” causes all quarantined objects to be re-scanned using the latest signatures in order to correctly identify previously unknown files as Malware or provide a clean bill of health for previously suspected files and allow them to be restored. “Add file” allows you to move suspicious files into quarantine. “Restore” moves a file from quarantine back to its original location. “Delete” permanently removes the selected object(s) from the hard drive. These can then no longer be restored.

Right-clicking in the quarantine table displays a popup menu with “Select All”, “Select nothing” and “Invert” menu items to make selection and editing of multiple objects easier.

6. Logs

Logging is an important tool for tracing procedures. The logging screen has “Behavioral analysis”, “Quarantine” and “Update” tabs:

  • Behavioral analysis – This lists all actions of the Behavioral analysis system by “Date/Time”, PID (Process ID), Source (file path), Event and Behavior/Infection columns. For example, the last column shows if a program has been permitted as the result of an alert reduction.
  • Quarantine – List all quarantine functions with Date, Source (Path), Event and Behavior/Infection columns.
  • Update – All update actions are listed here. These can be manual or automatic updates. The “View Details” button provides more information on each update action, such as the number and names of updated program elements and the size of the updates.

“Export” allows you to export a log as a text file. This can be useful for providing extra information in the case of queries or problems.

7. Guards

The Emsisoft Anti-Malware core, subdivided into “Application rules”, “Behavior analysis”, “Alerts”, “File guard”, “Surf protection” and “Host rules”, allows easy fine tuning or removal of behavior rules.

7.1 Application Rules

“Application rules” lists all defined application rules, with filename and mode. The filename field shows the file path of the program for which the rule was created. The mode field shows whether the program is blocked (Block), excluded from monitoring (Excluded) or monitored (Monitor). “Monitored” means that particular behavior is allowed but the program will still be monitored by Emsisoft Anti-Malware for other suspicious behavior.

Rules can be edited, deleted and added. The following section explains the dialog used for creating and editing a rule:

If a rule is to be created for program X, the first step is to click the “…” button next to the “Application path:” field and select the appropriate executable file so that the complete path is displayed.

  • “Don’t alert updates of this executable file”: Only use this option when you are sure that the file cannot be manipulated or changed. Otherwise this setting should remain deactivated by default.
  • “Monitor this application, but allow/block specific activities”: Use this option to exactly define what behavior program X is allowed to perform or not. All other possibly dangerous behavior will still be recognized and reported. Select the desired options in the behavior type list in the lower part of the settings dialog to define the permitted or blocked behavior.
  • “Always block this application”: Completely blocks program X so that it can no longer run. Emsisoft Anti-Malware reliably prevents program X from running, without modifying the program file. Another possibility is to place the program in quarantine. This moves the file to a secure environment from where it can no longer be started.
  • “Always allow this application”: Program X is completely excluded from all monitoring by Emsisoft Anti-Malware and can run whenever it is started. Only use this option when you are sure that you can trust the program. You can also set this option to avoid conflicts (program crashes) with other programs that use similar techniques to Emsisoft Anti-Malware.
  • “Protect this application from process manipulations”: Activate this option to prevent other programs from writing to the memory used by program X. Please note that some programs will only work correctly when this option is not activated. Only activate this feature when you are sure that program X does not require this functionality.

7.2 Behavior blocker

In the “Behavior Blocker” tab you define the types of behavior that should be monitored system-wide by Emsisoft Anti-Malware. To exclude particular types of behavior from monitoring, remove the tick next to the relevant entry. Only deactivate Behavioral Analysis components if you are sure that this will not compromise your system security.

7.3 Alert Settings

Emsisoft Anti-Malware reports the behavior of programs that are sometimes clearly damaging but sometimes also only possibly damaging. With some benign programs a clear decision between benign and malicious behavior is not technically possible. Emsisoft Anti-Malware always reports this type of suspicious behavior unless you activate alert reduction to reduce the number of false alarms relating to benign programs.

  • Set [Create rule] as default for alerts – when this option is activated Emsisoft Anti-Malware creates an associated application rule for every alert.
  • Activate intelligent alert reduction – Emsisoft Anti-Malware performs a technical analysis of the program file of a suspected program to identify whether it is benign or not. Good examples of false alerts are Explorer.exe (Windows Explorer), Internet Explorer or Firefox. When starting, all these programs exhibit behavior that is also used by Malware. For example, changing the browser settings or generating network traffic without a visible user interface. If intelligent alarm reduction is not activated, then warning alerts are generated each time these programs start. With activated intelligent alert reduction, Emsisoft Anti-Malware recognizes that these are legitimate programs and does not generate warning alerts. The intelligent alert reduction is deactivated by default because in rare situations it is possible that dangerous programs may also become active.
  • Community-based alert reduction – Emsisoft Anti-Malware relies on the intelligence of the masses. An online query to the Anti-Malware Network is made and the decisions of all Emsisoft Anti-Malware users on what to do with a reported program (allow, block, quarantine, exclude from monitoring) are displayed as a colored graphic. Emsisoft Anti-Malware uses this to provide a recommendation of how to proceed with the reported program.
  • You can use percentage threshold values to define whether a program is automatically blocked or permitted using community-based alert reduction. The default values are a threshold of 90% for each. If 90% of Emsisoft Anti-Malware users have allowed the program to start then it will be automatically allowed on your system and an application rule is created for future program starts.
  • Activate paranoid mode – Reports additional suspicious program starts and applications with a suspicious or Malware-similar file layout. The option is deactivated by default because it can produce many false alerts and is only recommended for advanced users.

7.4 File Guard

The File Guard is a new feature in Emsisoft Anti-Malware 5.0 that not only scans files before they are executed but, depending on the settings, also before all other file actions such as moving or downloading from the Internet.

The following settings are available for customizing the behavior of the File Guard to suit your needs:

  • Scan only programs before they are started – This setting causes executable files to be scanned immediately before they run. This setting has the least effect on the performance of your system while still providing sufficient protection.
  • Additionally scan all files when they are created or modified – This setting causes all files to be scanned when they are created or written to. For example, this occurs when a file is downloaded or copied onto your computer from a USB stick.
  • Additionally scan all files when they are read – This setting causes all files to be scanned before every read operation, so that simply selecting a file is sufficient to cause it to be scanned. This setting has the greatest effect on your system performance and should only be used on high performance systems.
  • Scan only files with the following extension: – When this check box is selected then the File Guard only scans files having file extensions contained in the list below. On the one hand this setting can improve the speed of your system because only some files on the hard drive are scanned but on the other hand this also reduced the level of system protection.
  • Alert Riskware – When this check box is selected the File Guard also raises an alert for so-called Riskware. Riskware is usually defined as benign software that can be used for malicious purposes by Malware authors. In the case of a Riskware alert you should always check whether you installed the program intentionally or not.
    A detailed article on Riskware is available in the Emsisoft knowledge base: What is Riskware?

7.5 Surf Protection

The Surf Protection provides an extra layer of security to protect you from suspicious websites and control the use of Cookies when you are surfing the Internet.

The following settings for controlling the use of cookies and monitoring the host can be individually set to “Don’t block”, “Alert”, “Block and notify” or “Block silently”.

  • Tracking Cookies – Tracking Cookies are small info files that the web browser can save on your PC by command of a visited web page. This allows you to be recognized the next time you visit the site. Advertising companies use these in a targeted manner to record your surfing habits. Banner ads are thus tailored to your interests. Although Tracking Cookies are not a direct menace for the security of your PC, they can possibly harm your privacy.
    A detailed article on Cookies is available in the Emsisoft knowledge base: Baking Biscuits – A Closer Look at Cookies
  • Ad/tracking hosts – hosts used for advertising and tracking purposes.
  • Malware Hosts – hosts that are involved in spreading Malware (e.g. Adware, Spyware, Trojans, and Viruses, etc).
  • Exploiting hosts – hosts that try to exploit the browser, the operating system or Social Engineering.
  • Fraudulent hosts – hosts that try to spread or sell fake or fraudulent software, for example: SpyHunter, SpyFalcon, SpywareQuake, AdwareAlert, etc
  • HiJacking hosts – hosts that are involved in HiJacking (operating system, bandwidth, DNS etc.).
  • Phishing hosts – hosts that are involved in phishing. Phishing is a method that uses fake websites to spy out passwords and other private data.
  • Warez hosts – hosts that are involved in spreading, distribution or supporting warez (includes for example key generators, serials, cracks, etc.).
  • Other malicious hosts – hosts that are not yet classified in detail but that are suspected of spreading Malware or represent a risk.

7.6 Host Rules

The “Host Rules” module lists all created rules with blocked and allowed hosts and Cookies with “Hostname” and “Mode”. The rules can be individually added, edited or removed.

The action “Import hosts” allows to create single rules or lists of rules through typing in the respective host and choosing the desired action “Don’t block”, “Alert”, “Block and notify” or “block silently”.

8. Configuration

The Configuration area allows you to configure global options such as the Guard Settings, Scheduled Scans, Updates, Auto-Updates, Logging, Permissions and Licenses:

8.1 Guard Settings

The “Enable Guard on system startup” option should always be selected, otherwise the Guard is not automatically started and you then have no real-time Malware protection.

The “Enable captcha protection at program end” option prevents unauthorized termination of the Guard by other programs or via the Task Manager. The Guard can only be terminated by entering and confirming a special numeric password.

The “Activate self protection” option protects Emsisoft Anti- Malware from being terminated or deactivated by Malware.

The “Activate Explorer integration” option allows scanning of individual files or folders via the Explorer context menu (right-click).

The “Quarantine Re-Scan” option allows you to customize the re-scanning of Quarantined objects after each signature update to identify any falsely identified Malware (false alerts) and restore them if necessary.

The “Language” drop-down menu allows you to define the language used for the user interface and Alerts. Around 30 different languages are currently available.

8.2 Scheduled Scan

The “Scheduled Scan” tab allows easy configuration of automated and scheduled scanning of your computer.

You have very detailed control over the scheduling and frequency of scanning:

  • Monthly on a particular day in the month, e.g. the 1st of every month.
  • Weekly on a particular day of the week, e.g. only on Fridays and Saturdays.
  • Daily.

The run time can be configured as follows:

  • Run at a particular time.
  • At specified intervals (the smallest allowable interval is 30 minutes).
  • Time windows for the interval, e.g. every two hours but only between 7:00 AM and 5:00 PM.

Additional Settings:

If you have explicitly specified a configuration file for the scanner then it performs a Smart Scan by default. To reduce the scan time this only scans the most important directories on the hard drive and not all files.

You can also specify your own custom configuration file. To do this, click the “…” button and select a scan settings file (.a2s). You can create scan settings files using the Scanner. To do this, start the Scanner, select “Custom Scan” and then click the “Scan” button. Select the desired scan options and then click the “Save settings” button.

Silent scanning:

You can configure automatic scans to run invisibly to prevent annoying windows while you are working on the computer. The “Use silent mode for scan process” option causes the scan to be started without a visible window. Only an animated Emsisoft Anti- Malware Scanner icon is displayed in the Taskbar. The Scanner window appears to provide you with information if Malware is detected. If nothing is detected the Scanner automatically terminates when it is finished.

8.3 Update

Select the components to be taken into account for online updates by selecting or deselecting the check box for each desired option.

  • Install program help – Select this option if you need help with Emsisoft Anti-Malware or want to keep up to date. The help files require about 1 Mb of extra disk space.
  • Install additional languages – Select this option if you wish to install and update additional language support. If this option is deselected then only the language package you are currently using will be updated. The additional language packages require about 6 MB of extra disk space.
  • Install beta updates – Select this option only if you always want to use the latest, untested Beta versions of the program files. We recommend that only experienced users select this option, or when you are requested to do this for fault-finding purposes.
  • Submit names of detected Malware – Select this option if you want to submit the names of detected Malware to Emsisoft for statistical purposes.
  • Join the Anti-Malware Network – Select this option to send data on found objects as needed and to use the community-based alert reduction feature.
  • Verify program modules versions – Select this option to check that all program components are up to date and authentic each time the program starts.

If your Internet connection uses a Proxy Server then you can make the corresponding settings such as server address and user information in the dialog displayed when you click the “Connection settings” link.

8.4 Popups

You can configure the behavior of all popups such as News, Update and Alarm popups in the “Popups” tab.

8.5 Auto-Update

Use the “Auto-Update” tab to configure when and how often updates should be automatically loaded.

You have very detailed control over how often updates should be searched for:

  • Monthly on a particular day in the month, e.g. the 1st of every month.
  • Weekly on particular days of the week, e.g. only from Monday to Friday.
  • Daily (recommended).

The run time can be configured as follows:

  • Run at a particular time.
  • At specified intervals (the smallest allowable interval is 30 minutes).
  • Time windows for the interval, e.g. every 30 minutes between 7:00 AM and 5:00 PM (recommended).

8.6 Logging

Define the maximum number of log messages for Update, Quarantine and Malware-IDS messages. Use a value of 0 for unlimited logging. The default value is 3000.

8.7 Permissions

If your system has multiple Windows user accounts then you can prevent individual users from changing the configuration of Emsisoft Anti-Malware. The default settings allow all users unrestricted access to all Emsisoft Anti-Malware functions. Open this dialog as an Administrator and select a non-administrator user that you wish to restrict. Then select the functions that this user is allowed to access. If your PC belongs to a domain, then select “Use domain users” to change the user list.

Permissions are an effective way of (e.g.) preventing children from using possibly dangerous programs. You can use an “Always block this application” application rule to prevent specific programs from running.

8.8 License

Here you can manage your license(s) or convert coupon codes into new licenses. The license list shows the license number, type, start date and end date of each license. A non-expired license must be selected in this list in order for Emsisoft Anti-Malware to function correctly. The “Connection settings” hyperlink allows you to configure your Proxy settings if necessary.

The “Freeware license” is assigned to every user account by default and never expires. Selecting the “Freeware license” greatly limits the range of functions provided by Emsisoft Anti-Malware. Only manual scanning and cleaning functions are then available. Please note that this does not provide you with sufficient protection from Malware infections.

9. Emsisoft Anti-Malware in operation

An Emsisoft Anti-Malware Alert message has the following layout:

The most important basic rule when using Emsisoft Anti-Malware is: “Keep calm!”. You have plenty of time to make a decision because the reported program has been immediately interrupted and rendered inoperative as soon as the alert occurs. Read the alert message carefully and check the source of the indicated file (file name and path). This is often a good indication as to whether this is a suspicious or benign application. Did you start the program yourself or was it started in the background? Does the program come from a trustworthy source? What information can be obtained from the file properties (Details tab) of the reported file?

For false alerts relating to benign programs the community-based alert reduction can help in many cases. Programs used by many users are often evaluated. You can then see the decisions of other users in the form of a bar graph. When most users have allowed a program to run then Emsisoft Anti-Malware recommends that you do the same.

If you are still unsure after checking, then take no risks and first move the file to quarantine. Then contact our support team at the Customer center or
Support forum and give them all readable information, such as path, file properties, diagnosis, Mamutu version, Windows version and what you were doing when the alert appeared.

10. Version Comparison

The following page provides a comparison of the functions available in Emsisoft Anti-Malware, Emsisoft Emergency Kit, Emsisoft Mamutu and Emsisoft Anti-Dialer: http://www.emsisoft.com/en/software/compare/

11. Ordering Information

Important! Important! To fully test Emsisoft Anti-Malware before purchasing it, please download
and install the free 30-day trial version. This provides the full range of features.

Emsisoft Anti-Malware costs US $39.95 per year or US $69.95 for two years.

The 3-pack – one year for home or business use costs US $59.95.

The 5-pack – one year for home or business use costs US $99.95

What do I receive when purchasing Emsisoft Anti-Malware?

  • The full version of Emsisoft Anti-Malware including the File Guard, Behavioral Analysis, Surf Protection, HiJackFree and automatic updates for the selected time period.
  • Multiple Signature updates each day, i.e. new Malware definitions.
  • Technology guarantee: New software versions included. New program versions do not need to be purchased!
  • Access to personal support via the Customer center
    or email.
  • When the license expires you can order additional years at a special discount via the Customer Center.

Order at: http://www.emsisoft.com/en/order/antimalware/

Enabling your license:

The license is added to your user account. To adopt the license on your PC, click “Refresh licenses” in the License dialog and select the full version. Then perform an online update. A functioning Internet connection is required for enabling licenses.

Have a nice (Malware-free) day!

Your Emsisoft Team
www.emsisoft.com