Emsisoft is living proof that size doesn’t matter when it comes to creating great software. The modestly sized company never fails to surprise us here at AVLab, and its latest offering is no exception.
Since 2012 we’ve been doing our part in the battle against cybercrime. We deal with simple, complex and unexpected cyber threats on a daily basis, and we like to think we’ve developed a unique perspective as industry insiders.
Over the years, we’ve observed Emsisoft’s achievements, technological developments and contributions to the cybersecurity industry. The latest phase in Emsisoft’s evolution is the release of Emsisoft Cloud Console, a web-based console designed to simplify security management.
Emsisoft’s solutions are focused on providing powerful and reliable virus and malware protection for businesses. To see if Emsisoft Cloud Console lives up to expectations, we went ahead and tested it in our lab. Our review is laid out in detail below.
Emsisoft is heavily involved in helping fight cybercrime, especially when compared to much larger organizations such as Trend Micro and Symantec. Emsisoft has released 60 free ransomware decryption tools that have helped individuals and businesses recover their data without paying the ransom.
In contrast, Trend Micro has „only” developed 30 decryptors according to its website, while Symantec does not appear to be interested in creating decryption tools. In Symantec’s defense, the development of decryption tools is not the only way to help fight cybercrime – it can also be provided through intelligence and data analytics, for example.
That said, we think it’s very good that Emsisoft supports the cybersecurity community on a high level, especially compared to their counterparts who have considerably more resources at their disposal.
Moving to the cloud
„The era of desktop-only software is coming to an end,” according to the Emsisoft team. With Emsisoft CEO Christian Mairoll at the helm, the Emsisoft team has decided that their product must evolve in order to effectively compete with other solutions available on the market.
This evolution has come in the form of Emsisoft Cloud Console, a web-based platform for centrally monitoring and managing Emsisoft’s endpoint protection products.
As advertised, Emsisoft Cloud Console allowed us to instantly communicate with the Emsisoft protection software that was installed on our test computers. From the console, we could see and manage all our endpoints and perform all the tasks we’d be able to do if we were onsite: run scans, respond to alerts, update software, change protection policies and so on.
With central management, an employee’s device can be protected and secured regardless of whether it’s connected to the corporate network. Enterprises that need to manage agents from within their network (due to legal or technical requirements) should look for an alternative console that can be installed on a local server.
Malware can strike at any time. Web-based platforms can be used as an always-accessible fail-safe feature – that is, in the event of an incident that disrupts local operations, companies can still use the cloud for malware protection and resolution.
But what happens when an incident occurs, and the Internet is disabled by an IT administrator? Can potentially infected computer systems still be protected by Emsisoft products? Absolutely. Let’s break it down.
Emsisoft features powerful behavioral protection, which detects potential malware by checking for malicious patterns rather than relying on traditional malware signatures. This makes it very useful for detecting unknown malware variants.
The Behavior Blocker works in conjunction with other technologies such as File Guard and Surf Protection to identify, stop and resolve threats – and the results speak for themselves.
In our tests, during which we exposed the software to thousands of real malware samples, Emsisoft Business Security never failed once. It really is an impressive piece of software.
A single incident can potentially cost organizations millions of dollars in downtime and recovery. From the immobilization of machines involved in production, to the malfunction of hundreds of computers, or even temporary closure of the business — these are the consequences of recent attacks that have occurred in many companies around the world. In these extreme situations, administrators can use Emsisoft Cloud Console to activate “Emergency Network Lockdown” for a single workstation or an entire group of computers.
With Emergency Network Lockdown enabled, ALL connections are blocked by Emsisoft Business Security. Browsers, Windows Update, and potentially harmful commands such as cmd.exe, powershell.exe, wscript.exe, cscript.exe, certutil.exe will not work on the locked down workstation or group of devices. This ensures that ransomware and other malware are not able to spread across the local network.
It also prevents trojans and droppers from being able to download resources from the Internet. At the same time, the anti-malware agent will constantly communicate with the console and the Emsisoft cloud on port 8082. Real-time protection will also remain active. With the network safely locked down, the administrator can calmly take appropriate action: carefully review logs, scan the entire network and resolve security issues.
Many antivirus applications send user data to the antivirus company’s cloud for analysis. While some of this data is necessary to provide effective protection, it has raised some concerns regarding user privacy.
Emsisoft is known for being very conscientious when it comes to consumer privacy, so we weren’t surprised to see that Emsisoft Cloud Console includes some excellent settings for privacy-conscious users. For example, Emsisoft Cloud Console allows organizations to disable cloud lookups on findings and avoid telemetry transmissions.
Emsisoft’s commitment to preserving consumer privacy can also be seen in the design of Emsisoft Browser Security. The anti-phishing and anti-malware browser extension, which is compatible with all major browsers, sends a calculated hash value rather than the full URL address to the Emsisoft cloud server. When a user visits a website, the information is sent in an encrypted manner, which means that – unlike many other browser security extensions – Emsisoft cannot see any details of the user’s browsing activity. Additionally, both the server in the cloud and the local log store the last 10,000 records within logs. It is important, but also useful from a privacy point of view.
So, we are dealing with a product that effectively protects a device from all angles and at the same time a product that respects and encrypts metadata sent from computers to the cloud in order to eliminate a threat.
By turning Emsisoft Anti-Malware into a true Software as a Service (SaaS) product, Emsisoft is able to deliver a better user experience – starting with allowing users to easily install and manage multiple devices at the same time.
It’s clear that a lot of thought has been put into the design of the console. Unlike other SaaS solutions, which can be very frustrating for administrators to use, Emsisoft Cloud Console is fast and intuitive. Messages are clear, tabs are thoughtfully laid out and load instantly, and the reporting is concise and effective. It provides just the right amount of detail for administrators to quickly diagnose a problem or send a real-time alert to an IT staff member in the event of, say, a detected threat or a new device connecting to the corporate network.
It is no coincidence that Emsisoft won the CheckLab.pl award in July 2019. In our tests, Emsisoft’s software detected and stopped all malware samples immediately after they were executed in the operating system, simulating the natural behavior of an office worker when dealing with a targeted attack. Bear in mind that Emsisoft has participated only once in our tests.
Emsisoft has achieved good results in security tests conducted by AVLab.pl and has earned a number of awards, including awards for best protection against ransomware, bashware, and cryptocurrency miners.
Our most popular test focused on evaluating how effectively endpoint security products can protect users against banking trojans. Emsisoft’s behavioral protection technology, which monitors all active applications in real time for dangerous indicators, was perfect at recognizing attacks.
Emsisoft’s technology is able to detect new trojans, ransomware, spyware, backdoors, and other dangerous zero-day threats. The software uses an advanced engine to scans data without excessively burdening system resources. There are several layers at work here, including the File Guard, an important security element that verifies all downloaded files by comparing them with an enormous malware signature database.
However, the File Guard is just one component; Emsisoft utilizes a combination of proactive protection technologies, including Surf Protection, a Behavior Blocker and a dedicated Anti-Ransomware component, which means the software doesn’t have to rely solely on traditional malware signatures (although these are also in use). With the participation of the cybersecurity community, the company has also been developing its own technologies.
In addition to providing strong malware protection, a good antivirus solution also needs to be able to minimize false positives. Emsisoft performs quite well in this regard. Analysts at the AV-Comparatives.org laboratory compared the false positive rate of several products, and found that Emsisoft produced just 10 false positives after scanning a set of almost 12,000 genuine, innocuous files.
Emsisoft in practice
Emsisoft Cloud Console is divided into modules where users can manage settings on Emsisoft-protected devices. Protection rules can be created for individual employee profiles. This allows organizations to implement restrictive protection rules in line with the company’s security policies, or make exceptions for advanced users, IT staff and other users who require high-level access to do their work.
Despite offering many settings, Emsisoft Cloud Console remains intuitive and responsive. The aforementioned Emergency Network Lockdown feature, for example, kicks into action almost instantly. After enabling lockdown, it took just 1 to 3 seconds for our test computers to be cut off from the Internet – faster than anyone would be able to manually pull the cable out of the socket or switch between the shared computer screens.
In terms of usability, there are a lot of things to like and some thoughtful touches that will make life easier for administrators and MSPs. The console loads quickly in the browser. Changes are accepted and swiftly applied after adjusting a setting. Updates to endpoints can be delayed up to 30 days to allow administrators to perform compatibility tests before the new version is rolled out.
In summary, Emsisoft Cloud Console is a solution that offers many advantages and very few disadvantages. At the AVLab.pl portal, we try to showcase useful and good applications for enterprises. Among these solutions, there is a well-deserved place for Emsisoft.
The above infographic is probably a somewhat realistic depiction of a cyberattack. On the left, we have as many as 300,000 new threats that appear on a daily basis. A small number of these threats are exposed in the form of malicious hosts and opened by employees in organizations. While it’s true that only a small proportion of this malware will successfully infect a device, even a single incident can have far-reaching consequences for businesses of all sizes.
Emsisoft should be seriously considered when looking for a security solution. For Polish companies, the only barrier may be the lack of technical support in the Polish language. That is probably the only disadvantage. Smaller companies and public authorities often require Polish language support. Without it, tenders will be off the table.
Emsisoft’s product provides great protection against ransomware (Emsisoft was the first to stop the WannaCry ransomware that has used NSA exploits from the very beginning), robust security for Windows servers, and a fast, intuitive cloud-based console. The product is available as software with the console in the cloud, or the console can be installed on a company server. We recommend Emsisoft Cloud Console solution without hesitation to all small or medium-sized businesses.
Postscript. Emsisoft also makes the Emsisoft Emergency Kit, a powerful standalone scanner. It can be a very useful tool for administrators and other IT professionals who suspect an infection has taken place and wish to scan and clean infected systems.