Poincydent analysis: Emsisoft in the 2017.7 version gains a component of computer forensics

Emsisoft positively surprises. Not so long ago, the company's programs received a dedicated update to protect against DoublePulsar backdoors manufactured by NSA, improved protection against ransomware and scanning of email attachments . Now, the Emsisoft software has gained in the "2017.7" version a piece of computer forensics - a post-incident analysis module. Thanks to the new component built into Emsisoft products, recreating system events from the past will be as easy as never before.

The new event log (Forencis Log, in the Polish version has been translated as Inspection Reports) will allow you to restore all user events and activities related to the system, installed applications as well as malicious software. This functionality has reached both individual users and the Emsisoft Enterprise Console console. Central management will allow administrators to read logs from workstations more easily and find the root of the problem in the event of systemic failures - caused by the user, malware or system.

The events can be found in the "Logs" tab.

Emsisoft Enterprise Console includes reports from all workstations.

Detailed logs will allow you to:

  • Read exactly what happened - the log contains all events from all software and system areas in chronological order.
  • Observation of all warnings about suspicious websites and programs, as well as how they are operated, both by the user and the system.
  • Checking when exactly the malware analysis started and when it was completed, with all the consequences.
  • Checking when and what Emsisoft product settings have been changed.
  • Checking when the scheduled updates and scan schedule were started.

Reading logs is one way to recreate what has been done with the software. The Emsisoft community's voice has not been wasted - the manufacturer, responding to the calls of its customers who lose control over what is happening in their systems, developed inspection reports that will allow to analyze all the problems that occurred on the workstation. The log also contains event search based on keywords.

Improved Auto-Behaviuor Blocker

Along with the update to Emsisoft programs, one more solution has been added - automatic handling of behavior blocker alerts. The manufacturer explains that many users do not make the right decisions when displaying technical messages, so they decided to introduce two new options when the security program shows the security alert: move the threat to quarantine or allow it to continue.

Our experience shows that the blocker is rarely mistaken. If you see a similar message on your computers, then most likely it is a virus.

Reviews and tests of Emsisoft products can be found on AVLab:

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.