CryptoPrevent is no longer based solely on Windows software restriction policies

Just not familiar with EXE Radar Pro. I will have a look at it:

http://www.novirusthanks.org/products/exe-radar-pro/

 

yes it uses a windows built in function vs needing a 3rd party service.

cryptopreventer also doubles up as a SRP editing tool which has extra value on home versions of windows which dont have policy editor.

I was planning to duplicate my windows 7 applocker setup on my machine (with 8.1 pro on now), but now I realised a few days back that SRP also supports hashing not just applocker, I may use SRP now, although I think applocker still has the advantage that a reboot isnt needed to apply changes.

 

yeah I just spent time adding rules only to find microsoft will silently not enforce them, lame.

So now I need to either add file hashes manually for everything in program data and appdata (yes some vendors put binaries in those locations)
or whitelist some sub paths
or find a way to get their certs to manually add to SRP

Why on earth are microsoft locking out applocker to non enterprise users? its as if they think security doesnt matter anywhere else.

 

Depends on how you configure it. ERP will auto-allow apps and system apps from the Windows and Program Folders. This means you will only get alerts when you want to install/run new apps. And it can also block system apps that are often used in attacks like cmd.exe.

Good point, but I don't think it's worth paying for.

 

http://softwarepolicy.sourceforge.net is an exe blocker that doesn't produce a stream of popups. It can be turned off without restarting. Oh, and it's open source so you can see exactly what you're getting and what it does.

It has some similarities with CryproPrevent, but is intended as a general security tool rather than being targeted at a specific class of malware. BTW you can't use this and CryptoPrevent at the same time because they both use policy settings, but in a different way.

 

Sorry OT, but it is a pity development and support has recently been suspended on this, but it will still work of course.

 

It must not be working out with the same enthusiasm as when they were raving all about the new release because still no announcement or hint on a solid release date.

Any ideas?

 

Here is the v8 beta which you can download:
https://www.foolishit.com/cryptoprevent-beta/

 

Thanks for the link I've been checking their homepage which hasn't been updated yet (still says "CryptoPrevent v8 beta is almost here").

 

So it provides basically the same protection techniques, right?

 

Many thanks

 

Beta is still buggy. And no systray icon for easy access unless you upgrade to the premium version. I uninstalled it.

 

Same here. Had to uninstall it almost as soon after trying it. Very buggy and tray icon flew away fast. Tripping the desktop shortcut wouldn't even open it up either.

Think i'll wait until it's coded up a little better before trying again.

 

Just installed the latest CryptoPrevent beta after disabling the old policies and have had nil problems or issues. The main thing is the new policies have installed correctly, as I'm not worried about tray icons or the new features.

There are far more software restriction policies in the beta compared with the last official release (1643 on my default + custom settings). They're now blocking PS1 files (Windows PowerShell Cmdlet File used by some ransomware e.g. Poshcoder.) It also looks like they've increased the coverage for blocking malware with double extensions. These policies appear effective for most of the malware I've read write-ups for lately.

They're a well thought out series of policies that won't inconvenience most people and have zero cost to resources.

 

Can you determine how recent the beta is? CryptoPrevent development has been on hold for so long that I'm wondering if it has become abandonware.

 

No sorry. The version logs at the bottom of the beta page have no timestamps unfortunately.

I mainly see CryptoPrevent as a set-and-forget tool. Good policies are long-lived, so a lack of updates isn't a deal breaker for me.

 

I agree that there's no reason to stop using it at this point; it's just that they've been promising version 8 for a long time and given no explanation for not delivering anything.

 

They did put up a demonstration of version 8 on YouTube, where IIRC they acknowledged how long it was taking and basically blamed having written the whole thing from scratch. It wasn't an encouraging demonstration though - the debugging had been left on so consequently it was extremely slow. Unfortunately I can't seem to find this video.

 

As far as I can tell, the current release version is 7.4.21, which was last updated in November 2015.
Version 8 has been "Vapor-ware", for many months now.

 

Agree. When development, or lack thereof in this case, drags on this long without good explaination it borders on abandonware IMHO.

At least that's how it's viewed from this end of the things.

 

thanks will grab the beta version.

Incidentally I cannot start up my current install of cryptoprevent , get a prompt saying the admin has blocked execution of the program, I am the admin so am currently confused, although highlighted in bold in the prompt is that it is a untrusted publisher, so checking my gpedit now for anything that may be blocking it.

--edit-- error in my SRP rules, the foolishit cert was on disallowed.

 

The version 8 beta is officially available, and v8 release is scheduled by Halloween.

https://www.foolishit.com/cryptoprevent-malware-prevention/

https://www.foolishit.com/cryptoprevent-beta/

https://www.foolishit.com/2016/10/cryptoprevent-8-release-by-halloween-with-price-changes/

 

another company that replaced lifetime with annual.

 

From 12$ (lifetime) to 15$-20$ yearly.
More and more products are switching to an annual price-model.

 

annual is ok if the price makes sense.

I tend to use a 3-5 year model as a basis to compare to lifetime so $12 lifetime should have switched to $4 per year at the most.

I have emailed them as I want to donate as a thank you to the free version I been using.

If they want to give me a lifetime license in return I will accept it, otherwise they can keep as donation.

The donation is $50 if anyone is curious.