Behavior Blocker with Double Pulsar Mitigation
More than six weeks have gone by since the global outbreak of the WannaCry ransomware and it’s safe to say we’re still feeling its effects. In fact, just days ago, news emerged that 55 traffic cameras in Victoria, Australia, had been infected by the malware. WannaCry uses Double Pulsar, an exploit tool supposedly developed by the NSA, to infect Windows computers that are not updated with the latest security patches.
Our ransomware response team is continuously working to help victims around the world out of their misery, but one general problem for computer techs remains: When installing an operating system on a new computer, there’s a time gap of up to an hour between connecting it to the Internet and getting all updates installed. With countless botnets constantly scanning the entire Internet for unpatched computers, it usually only takes a couple of seconds for a machine to get infected during this exceptionally vulnerable window of time.
To mitigate these attacks, our lab has improved our advanced behavior blocker module of Emsisoft Anti-Malware and Emsisoft Internet Security, which can now detect and block any attempts to use the leak that allows Double Pulsar to enter your computer. While you still have a responsibility to update the latest security patches, it does give you more time to complete the obligatory Windows Update procedure. The Emsisoft behavior blocker instantly shuts down any processes that try to use the exploit and shows you a notification box like this:
Advanced Email Notifications
A frequently requested feature, especially by network admins, was the ability to receive notification emails on various events of our protection software. For those who manage attended or unattended computers remotely, it’s critical to know immediately when certain events take place – say, the exact time malware was found or when reboots are required to complete an online update of the software’s core protection components.
We listened to your feedback. The new email notifications feature can be found in the “Settings” – “Notifications” section of Emsisoft Anti-Malware and Emsisoft Internet Security. Granular settings allow you to choose which events you want to receive notifications for.
All 2017.6 updates in a nutshell
- New Double Pulsar exploit mitigation in behavior blocker.
- New advanced Email Notifications feature.
- Improved: Scheduled scans now also run when no user is logged on to the computer.
- Improved: Support for Windows Store (universal) apps.
- Several minor tweaks and fixes.
- Improved product stability and general fine tuning.
- Improved Update Proxy, relocated cache folder to ProgramData.
- Fixed client connectivity issues.
- Fixed reporting issues.
- Several minor tweaks and fixes.
- New feature for easy switching to Emsisoft Anti-Malware.
How to obtain the new version
As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages.
Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.
Have a great (ransomware-free) day!