New in 2018.1: Revamped Behavior Blocker user experience

New in 2018.1: Revamped Behavior Blocker user experience


Jumping into the new year, we’re proud to announce the first significant update in our monthly release cycle that carries the major version “2018”. The main goal for our development team this month was to streamline and improve the user experience of our most important defence wall against new and unknown malware threats: The Behavior Blocker.

When you open the main user interface of Emsisoft Anti-Malware, you’ll notice that we have merged the panel of the Application Rules with that of the Behavior Blocker. This was a logical move as the two are closely related to the same thing: Defining which of the active programs shall be monitored, are trustworthy, or should be prevented from starting up. Instead of manually creating rules for specific program paths, you can now easily double-click one of the active processes to define a new “allow”, “monitor” (default) or “block” rule. The new application list also shows nicely which programs are excluded from monitoring as it integrates the Exclusions list too.

In the same set of improvements we’re launching a new feature to create application rule templates that professional users can now define via the Emsisoft Enterprise Console. In situations where a specific program needs to be excluded from protection across the entire network, or when a specific unwanted program needs to be blocked from running globally, it’s now an easy task to implement that with templates that also support wildcards and environment variables.

All 2018.1 improvements in a nutshell

Emsisoft Anti-Malware

Redesigned Behavior Blocker panel with application rules.

  • New: Redesigned Behavior Blocker panel that combines application rules with active application processes.
  • New: Simplified application rules editor that integrates with the Monitoring Exclusions list.
  • New: Application rule templates with wildcard- and environment variables support, to be defined via Emsisoft Enterprise Console.
  • New: Ability to connect Emsisoft Anti-Malware with Emsisoft Enterprise Console via script for automation.
  • Several minor tweaks and fixes.

Emsisoft Enterprise Console

  • New: Application rule templates with wildcard- and environment variables support.
  • New: Ability to connect Emsisoft Anti-Malware via script for automation.
  • Improved: Status and error reporting for quick commands.
  • Several minor tweaks and fixes.

How to obtain the new version

As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users, please download the full installer from our product pages.

Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.

Have a great and well-protected day!

  • Larry Hatfield


    • David Biggar

      What issue happened with Emsisoft Anti-Malware on Saturday, with your computer? I know of a different antimalware product that had a pretty bad issue on Saturday with a memory leak. Is that what you mean? Otherwise if you need help, feel free to drop an email to [email protected]. We’d be happy to help!

      • Larry Hatfield

        That was my mistake, I was thinking of Malwarebytes that caused all the trouble. Nothing to do with your software.

        • David Biggar

          That’s fine, I wanted to make sure though. Thank you for posting back!

        • quirquinchu

          HAH! so that was it. Thanks. Did suspect MB and it is now “resting”, thinking of “spending more time with its family”. Admittedly did have emsi on ice for a while as it kept kicking skype into the long grass, this is fixed however and emsi is back on number one spot. I think I’ll keep MB for the occasional second opinion scan for the moment.

          • David Biggar

            They did fix the issue same-day as I understand it. Sadly nobody is immune to mistakes. It’s how they’re handled that matters, and how adjustments after the fact are made to keep mistakes from happening again. I look at it as an opportunity for everyone to learn from. Us included!

  • Keep it simple

    I cant get EAMs full paid version to consistently log file guard events. The log is almost always empty I know that it blocking .exe files on a regular basis but theres some sort of issue with it logging the block. I’m running Vista home basic sp2. I’ve been a loyal customer since like 2009 I think on this same computer

    • Jon

      Very interesting, I’ve never seen that before, I just extracted a few known ‘troublesome’ files on my PC all of which Emsisoft blocked and when checking the “Logs” tab my install is listing all activity including the blocked files…

      Perhaps double check at the top right that the view is set to “All Components” and is not being filtered to only show some of the logs… this log view should be full of events including your hourly updates… Good luck!

    • Brian W Norby

      Could be that Emsisoft is no longer supported on Vista as of April 2016?

    • David Biggar

      Brian is correct about Vista support. Emsisoft Anti-Malware has not supported Vista since the end of April, 2016. The version likely on your computer is so old now it wouldn’t have been getting complete signature updates since shortly after support ended, nor program updates. The reason for the logs being empty are quite possibly because of logfile corruption, so purging it might help, but unfortunately there’s nothing that we can do beyond that simple advice for Vista. Since even Microsoft dropped Viista support, I will recommend upgrading or replacing as soon as is feasible. If you need ideas on how to get that done, drop us an email at [email protected]. Ask for me if you like.

      • Keep it simple

        I am aware of the ‘outdatedness’ of my OS everything else seems to work fine it might be a corrupted log file. I can delete the log file and it will recreate itself Im assuming. Ive been purchasing paid versions of A2/Emsisoft off and on for quite sometime on this ’08 HP laptop with little problems I will eventually upgrade to Windows 7 on a different laptop. I like to stay with OS’s I know well so I can fix/clean/repair my own computer. Thanks for the response(s)

  • Not seeing the hide fully trusted checkbox anymore in that screenshot. And how do you quickly see your custom rules there, in the new mixed list?

    • David Biggar

      Sort by status by clicking on that column’s name (header). Any that are listed as “trusted” or “blocked” are custom rules.

  • Logst

    thank you for great work, but
    now i can’t edit rules of the behavior blocker just four choices with no more options i hope these feature will back in a new update under something like advanced rules .

    • Fabian Wosar

      Those “advanced rules” will not come back. The reason for that is that over the next months we are going to roll out a new generation of our behaviour blocker technology. Unlike the existing behaviour blocker, where we have specific triggers that cause certain alerts to appear, the new system is built on a more holistic model. That means, alerts are not triggered by one action happening under a specific combination of circumstances, but by a whole bunch of actions, that stretch across multiple areas. As a result a clear mapping between trigger and alert becomes impossible.

      • Dreadful. Exactly what has to be avoided. But, of course, just as expected.

  • Angel

    Before when opening the protection/behavior blocker tab Emsisoft automatically hid trusted programs (or offered an option to) and checked all untrusted programs with the AMN and highlighted in red if some were not trusted.
    Now users have to check for untrusted programs in the long list and to “lookup online” with a right click suspicious ones….. I preferred as it was before and I miss it.
    An option to submit an unknown file detected in memory as an automatic BB alert/quarantine if an untrusted file is detected this way (protection/behavior blocker tab as was before) would be very helpful in my opinion, even if a file is not acting malicious yet or not malicious enough to be detected by BB.

    • hello, thank you for your feedbacks, i will transmit them.

      note that the antivirus scanner will detect malware in memory, the BB act on the disk.