Emsisoft Anti-Malware reached a new version today, one that brings both specific and general improvements to the application.
Notable changes touted for this revision are full integration with Emsisoft’s cloud database for faster detection of new malware and fewer false positives as well as improved self-protection and a quicker start of the program.
The price remained the same, $40 (€40) for one year, for the full-featured version that includes real-time protection. However, there is also a feature-stripped freeware edition, which is designed for scanning purposes only, as it integrates only the dual-engine scanner that can only clean up the PC.
Emsisoft Anti-Malware features a classic, standard installation process that ends with a configuration wizard that lets you opt for the aforementioned freeware mode. The configuration steps consist in updating the signatures, joining the Anti-Malware Network to benefit from info from the cloud about millions of programs (check list here
), performing an initial scan and enabling the layers of protection.
Looks have not changed either, so easy navigation through the menus has been preserved. Security Status screen displays the state of real-time protection (behavior blocker, file guard and surf protection). This menu also lets you jump to the settings area of the protection components.
Scan options range from quick and specific to full computer checks. There is also the possibility to create custom profiles, based on the areas of the system you want to be verified. This enables you to combine verification of areas where malware is likely to reside with specific paths on the hard disk.
The speed of this procedure does not seem to have been affected as during our tests the two engines went through a batch of 16,712 samples in about 15 minutes. The result was impressive, with 15,359 threats labeled correctly and only 1,353 of them left behind. This amounted to a detection ratio of 91.9%.
Another 68 samples were considered suspicious and I was asked to send them for further analysis to Emsisoft labs. All these samples are pretty fresh, collected at the beginning of March this year.
We also ran some tests with even fresher threats, collected on April 25 and 26. The number amounted to 6,693 threats, out of which 5,643 were removed and 1050 remained (114 were labeled as suspicious and I received the recommendation to send to Emsisoft labs). During the second test, the detection ratio was lower, but still above the standard at 84.3%.
On the downside, we were not able to use the computer while Emsisoft Anti-Malware ran the scan process because, each time a new threat were detected, the focus would automatically shift on the antivirus. Although the entire procedure is extremely fast, it could still be annoying if you try to do something else in the meantime.
As far as the impact on system resources is concerned, we recorded fluctuations. At times, the process would require 80% of the CPU and 150MB of RAM to later lower its demands to up to 10% CPU and 30MB of RAM.
The peak was at 93% CPU and 235MB of RAM, but the average was around 60% CPU and about 120MB of RAM.
Configuring Emsisoft Anti-Malware’s File Guard component is highly versatile, allowing you to define per application rules as far as their permissions concerning malware-like activities.
There are 19 choices in this sense, ranging from behavior associated to backdoors, spyware, worm or keyloggers to that conducted by rootkits or threats manipulating mouse and keyboard. The program can also watch for invisible installations, editing or patching executables, modification of the startup area, or changing hosts file.
Behavior blocker features the same options and surf protection works in a similar manner with hosts displaying suspicious activity. In this case, there is also the possibility to receive alerts when actions are blocked. This, of course, increases the number of notifications generated by the application.
In order to prevent unnecessary scanning, you can create white lists for programs you trust completely as well as perform verification before programs are executed, when files are created or modified or when they are read.
The behavior blocking mechanism, supported by the cloud-based knowledge showed improved performance as far as false positives are concerned, albeit we still faced alerts for common apps, such as Pidgin or FileZilla.
File Guard’s notifications can be balanced by creating default rules based on Emsisoft’s community experience. A program can be allowed or blocked according to the action taken by the majority of the community. Also, your decision towards a program can be turned into the default rule for said program.
Configuring Emsisoft Anti-Malware offers plenty of possibilities as well. From scheduling scans and defining the times for automatic signature updates to as frequent to one hour, to setting up per user permissions for handling the application and its components.
Detection rate is among the best we’ve seen with our current batch of malware samples. The entire procedure is extremely fast, and thanks to hourly updates, signature for detecting new malware is constantly added.
We were not able to use the computer during the scan process because the detection of a threat caused the focus to be shifted to Emsisoft Anti-Malware’s window automatically. False positives were still recorded, although in a much smaller number than before.
keeps getting better with each revision, even if not major improvements have been made. It became leaner and more proficient in the fight against malware.
Email scanning feature extends the range of its protection, the automatic game mode allows you to enjoy your games without interruptions from security alerts and there are fewer false positives.
Emsisoft Anti-Malware 6.0 Review