Emsisoft Emergency Kit: Review

Emsisoft Emergency Kit (EEK) is a free standalone anti-malware scanner/remover. It essentially is the successor to Emsisoft Anti-Malware Free (EAM Free) which is no longer offered as a separate download by Emsisoft. EEK was released several years ago, and is a mature program. Like EAM, it is powered by 2 AV engines (Emsisoft/anti-malware + Bitdefender/AV), and works with Windows 7/8/10, (32 & 64 bit). As a standalone program, no installation is required, and it can be removed from your PC by simply deleting its containing folder. It is fully portable with USB  drives, and can be run in Safe Mode. As expected, it is free only for private home use.

I tested EEK (version 12) on a Win 7 Pro x64 Dell Latitude E5410 laptop, fully up to date, running IE11, Sophos Home AV, Windows firewall, WinPatrolPlus and Malwarebytes 3.0 Premium. All real-time protection was left enabled during testing.

Results

Download/extraction

EEK was a 256 MB download from Emsisoft (v. 12.0.0.6971, released: 12/01/2016). It is extracted by default to a folder - C:\EEK. You can move this folder to wherever you like. There was no bundled software to uncheck, no services or icons added, and no annoying regular flyout reminders to upgrade to a paid product. It did not try to insert itself into my startup list. The entire download/extraction process took about one minute.

Within the EEK folder are 2 programs, StartEEK.exe and StartCmd.exe. The first opens the EEK GUI program, the second opens a Commandline Scanner for advanced users. I tested only StartEEK.exe. For convenience, I pinned it to the taskbar. When you open that program the first time, the signatures will load and you will be prompted to update the software as well, taking about one minute.

The GUI that opens is simple and will be familiar to users of EAM. Usage is pretty intuitive, but there is a "?" in the upper right corner; clicking it will open the web-based Help Manual with basic instructions/screenshots located at:
blog.emsisoft.com/.../

A comprehensive changelog for version 12 (with screenshots) is here:
blog.emsisoft.com/.../

Scans

There are 3 scan options: Quick Scan (scans only active programs and checks for traces), Malware Scan (scans all places Malware typically infects, similar to MBAM's Threat Scan), and a Custom Scan (by default scans the entire C:\ drive, but can be configured to scan any drive or folder, or to customize settings). Most folks will want to use the Malware Scan. Prior to running the first scan, you will be asked if you wish to scan for Potentially Unwanted Programs (PUPs), which I did. There are not a lot of settings to configure, and I would suggest they be left to the default (which is where I left them for testing). Under the Scan tab, you will note a button "On Scan Completion", which offers the options to "report only" or to "Quarantine". Make sure it is set to "report only".

Scan times were very fast, a Malware Scan taking about 4 minutes. This is significantly faster than an MBAM 2.x Threat Scan (~15 min), and a  HitmanPro default scan (~ 7 min). A full system scan took about 40 minutes. On completion of a scan, a list of detections is displayed. From that page you can choose to delete, quarantine, ignore, report as a false positive, or whitelist individual objects detected. If you choose to quarantine a suspected False Positive detection, the default settings will re-scan your quarantines on a subsequent scan, and restore any FPs that Emsisoft has discovered and corrected in the interim with a new signature update. This is a nice feature I haven't seen offered by other scanners.

Like any standalone scanner, it does not integrate into Windows Explorer. You cannot right click on a file and find a "Scan with EEK" in the context menu. There is no provision to schedule regular scans.

Compatability/Performance Impact

As would be expected with a standalone scanner, I found no conflicts with any of my other security products. During a full scan of my C drive, CPU usage was high, and system performance and browser were noticeably slower, as with any scanner. At all other times, EEK just sits quietly, with nothing running in the background, and no impact on your system or browsing.

Efficacy

Like EAM before it, an EEK scan detected my harmless test files related to Eicar and Trojan Simulator, and allowed me to whitelist them from subsequent detections. But that's as far as my testing and experience goes with all the scanners I test.

EEK has not been tested as a malware remover by independent test sites, but it uses the same dual engines and signatures as EAM, which scored very well in the latest 2016 Malware Removal Tests by AV-Comparatives. Presumably, EEK would have performed equally well:
www.av-comparatives.org/.../avc_rem_2016_en.pdf

Support:

Emsisoft has a good support forum dedicated to EEK, staffed by both employees and volunteers, to help with troubleshooting:
support.emsisoft.com/.../

Comments

Everyone should have at least one on-demand backup scanner to supplement their real-time protection. Such scanners offer no real-time protection, but do offer a second opinion. No AV detects everything, and it just makes sense to get a second opinion (preferably from a different vendor - no point using a tool from the same vendor whose AV engine/signatures missed something) when things are not working as expected, despite a scan from your AV.

Current alternatives to EEK as a "second opinion" scanner suffer from a number of drawbacks. HitmanPro is free and almost as fast as EEK, but removal of detections requires that one purchase the paid version. Kaspersky's free Virus Removal Tool is effective and equally fast, but is essentially a one time scanner with no internal update ability, and rapidly becomes obsolete. McAfee's Stinger comes bundled with some beta software (Real Protect) that you cannot decline (and which stubbornly inserts itself into your startup list), and its scan took almost 2 hours. Microsoft's Malicious Software Removal Tool (MSRT)  can be downloaded as a free standalone scanner/removal utility, but is also generally a one-time monthly program that just checks for currently prevalent malware.

Many (myself included) consider Malwarebytes Anti-Malware (MBAM 2.x) the gold standard for a free 2nd opinion scanner/remover. But it too has some drawbacks. Its Threat Scan takes about four times longer than EEK (not that that should be a major consideration). And the future of MBAM is uncertain. It is no longer available for download from the author, although is still available elsewhere. There is no portable standalone version of MBAM, nor of its replacement, Malwarebytes 3.x (MB 3). MB 3 certainly shows promise as a worthy successor to MBAM.  It is faster than MBAM, but still significantly slower than EEK. And if you want the free version, you will have to download the full trial version and install it with all its real-time modules and a service running in the background, then de-activate all the real-time protection. The same process, incidently, also applies to getting Emsisoft Anti-malware Free.

Conclusions

For simplicity, convenience, portability, its small footprint and scan speed, EEK is hard to beat as a free on-demand scanner/remover. I can't think of a single reason to not have it in your tool chest or USB stick, for that rainy day when your (or a friend's) PC needs a second opinion. After this testing, I have uninstalled Emsisoft Anti-malware on all my systems, and replaced it with EEK.

Download:
www.emsisoft.com/.../