Emsisoft Mamutu Tutorial


These instructions for Mamutu relate to software version 1.5. They provide an easy to understand explanation of how to install and configure Mamutu.

1. Program Description

2. Installation

2.1 Security Wizard

2.1.1 Updater Settings

2.1.2 Alert Settings

2.1.3 Background Guard Settings

3. Security Status

4. Processes

5. Malware-IDS

5.1 Application Rules

5.2 Malware-IDS Functions

5.3 Alert Settings

5.4 General Malware-IDS Settings

6. Quarantine

7. Logging

8. Settings

8.1 Update Settings

8.2 Notify Settings

8.3 Logging

8.4 Permissions

8.5 License

9. Mamutu in Operation – Dealing with Alert Messages

10. Other

10.1 Edition Comparison

10.2 Ordering Information

1. Program Description

Mamutu monitors all active programs in real time for dangerous behavior (Behavior Blocking) and can detect new unknown Trojans, Worms, Viruses and other damaging programs (Zero-Day dangers) without daily updates. Mamutu is small but very powerful. It saves resources and does not slow the PC down.

2. Installation

Always download the latest setup file to install Mamutu:
http://www.mamutu.com/en/software/download/

Start the downloaded file (MamutuSetup.exe) and follow the instructions of the setup wizard. During installation, you can decide where the software is to be installed and whether shortcuts are to be created on the Desktop and in the Quick Launch Toolbar. After installation, start the the Mamutu Security Wizard as recommended.

Deinstallation

Deinstallation of Mamutu is done using the Uninstaller provided. You reach this via Programs/Mamutu/Uninstall Mamutu or via the Windows Control Panel/Add or Remove Programs (Windows 2000/Windows XP) or Windows Control Panel/Programs and Features (Windows Vista).

2.1 Security Wizard


The Security Wizard automatically starts the first time you run Mamutu. The wizard helps you to set up an optimum security configuration on your PC and guides you step-by-step through the settings.

You are first requested to register your license. To do this, enter your user information (email address as username, and password) and then confirm the information by clicking “Log in”, If the login was successful then the next step will show you all licenses currently available in your user account. The trial license is always available by default. If you have several licenses, select the one you wish to use by clicking it and confirm your selection by clicking “Next”.

If you do not yet have a user account you can create one at any time by clicking “Create account”. Fill out the “Name” and “Email” fields and confirm your entries by clicking “Create account”. You will then immediately receive your password in an email sent to the specified email address.

If you have received a coupon code for a Mamutu license, e.g. if you purchased a license from a third-party dealer, then you can use the “Convert coupon code” hyperlink to convert your coupon into a license code. Enter your coupon code and confirm this by clicking “OK”. The license is then automatically created in your user account and you can proceed as described above.

2.1.1 Updater Settings


Select the components to be taken into account for online updates by selecting or deselecting the check box for each desired option.

The “Edit alerts settings” hyperlink allows you to activate or deactivate alert messages for “News Boxes”, “Update Messages” and “Restart Alerts”. These are small information windows that appear from the corner of the Taskbar. The display duration of these windows can be set for all types of messages.

Once you have made all Updater Settings, confirm these by clicking “Next”.

The Updater will now search for all updates and install them to bring Mamutu up to the latest version. The time required for this can vary and it may take a while, depending on the size and number of update modules and the speed of your Internet connection.

If you receive the message “Update process was finished successfully”, then the Update was successful and you can continue with the Security Wizard by clicking “Next”.

2.1.2 Alert Settings


We now come to the most important part of the configuration, the settings for alert messages. Mamutu reports the behavior of programs that are sometimes clearly damaging but sometimes also only possibly damaging. With some benign programs a clear decision between benign and malicious behavior is not technically possible. Mamutu always reports this type of suspicious behavior unless you activate alert reduction to reduce the number of false alarms relating to benign programs.

You can use the “Edit Ruleset” hyperlink to define rules for programs in advance. Advance configuration should only be done by advanced users. Warning!
Never set important system components to “Block” or you could very rapidly ruin your operating system.

Click “Next” to reach the basic settings of the Mamutu Background Guard.

2.1.3 Background Guard Settings


The options “Enable background guard on system startup” and “Activate Malware-IDS” should always be activated, otherwise you have no Malware protection.

The option “Download and install updates automatically” ensures that Mamutu is always up to date and you will not miss any program updates. Mamutu searches online for new updates each day and installs them if they are available.

You confirm the background guard settings by clicking “Next”.

The basic configuration using the Security Wizard is now complete and you can finish the installation by clicking “Close setup wizard”. Mamutu will then start and displays the standard “Security Status” welcome screen. The blue-grey Mamutu symbol is displayed in the Taskbar next to the clock.

3. Security Status


The Mamutu start screen, called “Security Status”, shows an overview of all program and configuration elements. The security status window is divided into 4 sections. The first part is the menu at the left, containing “Processes”, “Malware-IDS”, “Quarantine”, “Logs” and “Settings”, and it provides easy access to all relevant program elements and settings dialogs.

The second part is the horizontal menu bar at the top, which is divided into “Language” for the languages supported, the Mamutu Quick Access menu item providing fast access to different settings dialogs or program elements via a drop-down menu, and finally the help menu item providing access to the help pages, the customer center and the discussion forum.

The third part is Mamutu Online and Mamutu News at the right side, which provides fast access via web links to the Mamutu Homepage and displays the latest news from Emsi Software.

The fourth part in the center shows a status overview of the background guard and update settings, the current software version, the date of the last update, the license period, the number of logged behavior alerts and the number of objects in quarantine.

4. Processes


The Mamutu process monitor lists all active process with their name, PID (process ID), file path and whether they are monitored (yes/no). Processes can be terminated (“Kill”), placed in quarantine (“Quarantine”), configured (double-click the process) or new processes can be started (“New process”). The “Edit rule” button can be used to define rules for each process allowing or blocking particular behavior or excluding processes from monitoring. All relevant processes are monitored by default. However, system-internal processes are not monitored.

Selecting a process displays the file properties of the process in the field below the process table. Clicking a process with the right mouse button displays a popup menu with options to “Edit rule” and “Request suggestion” (community-based alert reduction).

5. Malware-IDS


The core of Mamutu, divided into “Application Rules”, “Malware-IDS”, “Alerts” and “General settings” tabs, allows easy fine tuning, addition and deletion of all defined behavior rules.

5.1 Application Rules

Lists all defined application rules, with filename and mode. The filename field shows the file path of the program for which the rule was created. The mode field shows whether the program is blocked (Block), excluded from monitoring (Excluded) or monitored (Monitor).

Rules can be edited, deleted and added. The following section explains the dialog used for creating and editing a rule:


If a rule is to be created for program X, the first step is open the file selection dialog by clicking the “…” button next to the “Application Path:” field and select the appropriate file so that the complete path is displayed.

5.2 Malware-IDS Functions

In the Malware-IDS tab you define the types of behavior that should be monitored system-wide by Mamutu. To exclude particular types of behavior from monitoring, remove the tick next to the relevant entry. Only deactivate Malware-IDS components if you are sure that this will not compromise your system security.

5.3 Alert Settings


Mamutu reports the behavior of programs that are sometimes clearly damaging but sometimes also only possibly damaging. With some benign programs a clear decision between benign and malicious behavior is not technically possible. Mamutu always reports this type of suspicious behavior unless you activate alert reduction to reduce the number of false alarms relating to benign programs.

5.4 General Malware-IDS Settings

The options “Enable background guard on system startup” and “Activate Malware-IDS” should always be activated, otherwise you have no Malware protection.

The option “Download and install updates automatically” ensures that Mamutu is always up to date and you will not miss any program updates. Mamutu searches online for new updates each day and installs them if they are available.

6. Quarantine


Quarantine provides a safe place for storing dangerous or suspicious files. A file can also be restored from quarantine when (e.g.) it was moved by mistake or as the result of a false alert.

The quarantine table has Source (path), Behavior/Infection, Risk level, Date and Submitted columns The quarantine provides additional functions for managing these files.

“Save copy” allows you to save a 1:1 copy of the file to any desired location, e.g. to manually examine the file. “Submit file” sends the file to the Anti-Malware Network, allowing the developers to perform further analysis. This helps to classify currently unknown Malware and add it to the signature database. “Add file” allows you to move suspicious files into quarantine. “Restore” moves a file from quarantine back to its original location. “Delete” permanently removes the selected object(s) from the hard drive. These can then no longer be restored.

Right-clicking in the quarantine table displays a popup menu with “Select All”, “Select nothing” and “Invert” menu items to make selection and editing of multiple objects easier.

7. Logging


Logging is an important tool for tracing procedures. This has “Malware-IDS”, “Quarantine” and “Update” tabs:

Individual log entries can be selected and then deleted via the “Delete” button. Clicking “Clear” deletes the entire log.

8. Settings


The settings area is used to configure all global options such as Updates, Notifications, Logs, Permissions and Licenses:

8.1 Update Settings

Select the components to be taken into account for online updates by selecting or deselecting the check box for each desired option.

8.2 Notify Settings

Select the notifications you wish to receive. “News Boxes”, “Update Messages” and “Restart Alerts”. These are small information windows that appear from the corner of the Taskbar. The display duration of these windows can be set for all types of messages.

8.3 Logging

Define the maximum number of log messages for Updates, Quarantine and Malware-IDS messages. Use a value of 0 for unlimited logging (default value).

8.4 Permissions

If you use several Windows user accounts you can prevent individual users from changing the configuration of Mamutu. The default settings allow all users unrestricted access to all Mamutu functions. Open this dialog as an Administrator and select a non-administrator user that you wish to restrict. Then select the functions that this user is allowed to access. If your PC belongs to a domain, then select “Use domain users” to change the user list.

Permissions are an effective way of (e.g.) preventing children from using possibly dangerous programs. You can use an “Always block this application” application rule to prevent specific programs from running.

8.5 License

Here you can manage your license(s) or convert coupon codes into new licenses. The license list shows the license number, type, start date and end date of each license. For Mamutu to function, at least one license that has not expired must be selected in this list. The “Connection settings” hyperlink allows you to configure your Proxy settings.

9. Mamutu in Operation

An alert message from Mamutu looks like this:


The most important rule when dealing with Mamutu alert messages is: “Keep calm!”. You have plenty of time to make a decision because the reported program has been immediately interrupted and rendered inoperative as soon as the alert occurs. Look closely at the alert message and see where the reported program comes from (filename and path). This information is often enough to decide whether this is a suspicious or benign application. Did you start the program yourself or was it started in the background? Does the program come from a trustworthy source? What information is can be obtained from the file properties (Details tab) of the reported file?

For false alerts relating to benign programs the community-based alert reduction can help in many cases. Programs used by many users are often evaluated. You can then see the decisions of other users in the form of a bar graph. If most other users have allowed the program to run then Mamutu will recommend that you do the same.

If you are still unsure after checking, then take no risks and move the file to quarantine. Then contact our support team at the
MyEmsisoft or Support forum
and give them all readable information, such as path, file properties, diagnosis, Mamutu version, Windows version and what you were doing when the alert appeared.

10. Other

Mamutu is a program specializing purely in behavior analysis. You will not find a feature for scanning files on the hard drive. The Emsisoft Anti-Malware product provides a combination of Malware recognition using behavioral analysis and Signature-based scans. This contains all the so-called Behavior Blocker features of Mamutu.

10.1 Edition Comparison

The following page provides a comparative list of the features of Mamutu, Emsisoft Anti-Malware, a-squared Free and Anti-Dialer:
http://www.mamutu.com/en/software/compare/

10.2 Ordering Information

Important! To fully test Mamutu before purchasing it, please
download
and install the free 30-day trial version. This provides the full range of features.

A subscription for Mamutu costs US $29.95 per year or US $39.95 for two years.

What do I receive when purchasing Mamutu?

Order at: http://www.mamutu.com/en/order/mamutu/

Enabling your license:

The license is added to your user account. To adopt the license on your PC, click “Refresh licenses” in the License dialog and select the full version. Then perform an online update. A functioning Internet connection is required for enabling licenses.

Have a nice (Malware-free) day!

Your Emsi Software Team

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

www.emsisoft.com

Arief Prabowo

What to read next