New run time behavior in PM15x64??

[dallas7]

Pale Moon 15.0.x64 Portable in Win7hpSP1x64

This is not a complaint; just a report and an inquiry:

PM15 was really buggering Emsisoft's Behavior Blocker:
Emsisoft Anti-Malware - Version 6.6 IDS log
8/28/2012 9:43:16 PM 4856 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Spyware
8/28/2012 9:43:07 PM 4856 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Backdoor
8/28/2012 9:36:57 PM 4524 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Backdoor
8/28/2012 9:15:25 PM 1364 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Backdoor
8/28/2012 9:02:32 PM 3176 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Spyware
8/28/2012 9:02:20 PM 3176 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Backdoor
8/28/2012 8:11:27 PM 3068 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.RemoteControl
8/27/2012 4:36:15 PM 3376 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Spyware
8/27/2012 4:36:04 PM 3376 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Backdoor
8/27/2012 4:24:42 PM 3716 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Spyware
8/27/2012 4:24:29 PM 3716 C:\PORTABLES\Palemoon - Copy\Bin\Palemoon\palemoon.exe Allowed by user Behavior.Backdoor

I had long ago excluded the PM executables from Emsisoft (Palemoon-Portable.exe, Palemoon.exe and plugin-container.exe).
I have lots of other portable app exclusions in there, too.
But here even tho I selected "exclude" and "create rule" in the Behavior Blocker, every time I opened Palemoon-Portable.exe I had to repeat.
Excluding the Default folder squelched the Behavior Blocker popups.

Is the Command Line in this Task Manager screenshot as it should be?
Well, I'm at my wits end trying to get past a "file not yet downloaded" annoyance here, so I hope this can be viewed...
08/30/12 edit: Link deleted by author.
The highlighted area seems to be "what's new" to me.

Or is there something wrong with my installation?

Cheers.

[Moonchild]

The command-line looks fine to me. Sounds like an odd quirk in the Emsisoft application; you might want to report this as a bug to them?

[dallas7]

Emsisoft Anti-Malware's Behavior Blocker component (also marketed as a stand-alone, Mamutu) isn't known for its quietness. One of the reasons why I like it. My rules list has 16 entries including Pale Moon and for Haller's PortableApps' Thunderbird, Stellarium and Marble. Others are for system intrusive utilities (TOverclocker, GPU Caps Viewer, a global spell checker and the like). In its defense, there is a local white list that's update almost daily and I've never had to deal with alerts for widely popular stuff like WinUtilities, CPU-z and Catalyst and PeaZip portable.

Of course, once the rules are created the blocker is silent unless the exe, dll, etc. is changed via update or re-install. Or something worse.

What was new this time for PM was that the "program has changed" every time I re-started it and the varied nature of the alerts (spyware, backdoor, remote control) and rules exceptions didn't persist. Therefore, the folder was excluded from BB scans.

But that's not unusual as I have to deal with that every time I modify a Steganos LockNote file I use to store user name and passwords for banks and online retailers, etc. I don't modify that one too often, though, and I deal with the alerts rather than build an exception or exclusion rule considering the file's payload.

As for notifying Emsisoft, in addition to the BB action the file is also sent to their cloud service as every time I started PM (prior to the exclusion) I got the "Emsisoft is verifying a program" tray notification. Besides, they just released a public beta for their next major release and I don't want to bother them.

Because of my level of expertise in this arena, EAM's BB is working A-OK in my world. Besides, it's easily turned off with one mouse click. Others get seriously perturbed and they need to use Something Else and there are many, many "install and forget" apps to choose from.

Thanks for verifying the command line. Just curious...
Is that how the non-portable version appears, too?
Does Firefox do that also or is it unique to PM?

[Moonchild]

Is that how the non-portable version appears, too?
Does Firefox do that also or is it unique to PM?

The non-portable will not appear this way. The portable has this command-line parameter passed to it because it is told explicitly where the user profile is.