WinPatrol WAR (formerly WinAntiRansom)

I may have found a bug... at least I can reproduce it.
1.Right click tray icon and "stop winantiransom protection"
2.Click tray icon to open the gui
3.Click programs tab and you get the error shown in pic ...at least I do.
If it is a bug it might be worth also having tray icon different colour when disabled/enabled so the user can see ,as theres nothing to show you that its disabled .

 

Good suggestion

 

Ditto. But, it's a graphic. Instead of a color, maybe a red X or something.

Or might I suggest a dynmaic background for the doggie icon? I can barely see it in my dark theme.

 

I get the same. Windows 7 x64, WAR 4.420.

 

Hello, we have an update available that fixes the bug that allowed Becky Mail to execute an attached file. In addition, if fixes a few other issues that were recently reported.
Haakon, starting in this release the Is Passive column is no longer visible. That was not mean to be made available on the UI. We've scrubbed the screens so that only columns that make sense to show are available in the column chooser under the right-click on the column titles.
Kid, we will be adding that feature in a future release, as well as the ability to remove items from the actions pages. We would have added those features this release, but it was imperative to get this fix out ASAP.

You can download the latest pre-release from https://www.winpatrol.com/downloads/winantiransom-setup-2016.4.427.exe

Thanks,
Bret.

 

We will be adding some color changes for the tray icon as well very soon.

 

Hi Ellison, when protection is stopped, the tray application should not allow you to click on any of the items for starting WinAntiRansom Explorer. We'll have to look it closer, maybe you re-opened the tray application so fast those items had not yet been disabled.

Thanks,
Bret.

 

Hiya Bret..
I think you've misunderstood my post on how to reproduce the bug.Im not clicking "programs configuration page" from the tray (when WAR is disabled all items are greyed out).Im double clicking the tray icon to open the gui,then clicking the programs tab in the gui.I can do this half an hour after disabling WAR protection and still get the "unhandled exception error" shown in screenshot.

 

When I right click tray icon, then select disable protection, then double click on the tray icon an error pops up the GUI opens then hangs until I go back , right click tray icon then select start protection.

 

Dear support@textpad.com

What happens when we rename the test file to .TXT instead of EXE and double click it?

 

2016.4.428 - download & changelog:

https://www.winpatrol.com/mydownloads/

 

Haakon

I had already installed that new version when I get the hang
In case you are wondering where I got that e-mail address, I got it when my notepad opened up their latest test file after renaming the test file to a TXT file. You see a lot of interesting info LOL
If that EXE would have been a lot bigger, it would have hung my system.
To lazy to open it in a debugger I am.

 

How good is WAR with zero-day?

 

Good enough for me to dump MBAM Premium after 6½ years. (But not MBAE Premium.) I know MBAM Premium is not in the same market segment, but WAR's no-signature-needed AI engine will snag anything that even looks like severe malicious behavior. I'll trust BDIS's Core engine, B-HAV, AVC, IDS, firewall and Ransomware Protection (locks down local file stores, i.e. C:\Documents) for everything else.

 

Haakon why would you dump MBAM? it still blocks websites incoming and outgoing.
That is what I use it for mostly

 

I dropped MBAM (lifetime), because slowing down browsing, even on my office machine, with XEON and 16GB RAM.
It also often gave me false positives on streaming sites, where uBlock already filtered the unwanted content.

I still like MBAM as on demand scanner, but not real-time

 

I opened the door to express how much I value WinAntiRansom Plus given the long-time esteem enjoyed by Malwarebytes' Premium anti-malware product. Though off topic, I'll wrap it up and close the discussion...

I believe a top-tier Internet Security Suite no longer benefits from another signature/hueristic scanner, especially one lacking a cloud component. And IMHO, BD's Active Virus Control has no equal.

BD's Web Protection, local dbs & cloud, and/or Google's Safe Browsing in supported browsers is better, or at the very least not worse than, than MBAM's IP filtering.

I won't be dissuaded from those assessments (and I no longer engage in the cloud pro/con debate). MBAM Premium just gets in the way.

Secondary layers include Malwarebytes' Anti-Exploit Premium and Zemana AntiLogger Premium. And WinAntiRansom Plus in case no one is paying attention.

Tertiary defenses include but are not limited to privacy/security extensions in the browser and process monitoring.

The trashing of Java, Flash and Silverlight completes the strategy though admittedly many don't have the luxury of eliminating any or all of them.

That said, MBAM Premium could add value to older systems and to those not so laboriously configured, maintained and monitored. As well, MBAM Premium never caused any slow-downs or other invasive behaviors on the many systems using my two licenses over the years.

Finally, the stunning years-running vulnerabilities exposed in Project-Zero's Issue 714 report and Malwarebytes' luke-warm response to date (and if ever) haven't scored any points over here.

[on topic]

 

The last (weeks ago) thing I've read relative to ransomware, was about a variant that can take control of the MBR, thus negating the possibility of image restoration. Will this product stop that variant also?
At least with Sandboxie I'd have to be stupid twice. Not saying that could/would never happen! Thank you!







br

 

I assume you refer to Petya ransomware. WAR blows this one off also.

 

Well, perhaps I didn't understand how the maleware works. If you are correct, Macrium has me covered. In retrospect, it might be that it locks all of your drives, however, I keep a portable image too. But if it does lock the MBR, would boot media function?

 

@ratchet

There are utilities to repair (and backup/recover) the MBR). Has anyone information whether the Windows repair utility disc works (Bootrec /fixmbr command) after Petya infection? Before I started using Windows Image backup I had a paid Acronis license (way back in XP time) which also included an MBR repair utility. Obvious repair routine would be first to repair the MBR, next the restore the saved image, see for example Macrium info.

Regards Kees

 

Sorry Peter! I now recall what I was trying to remember. I should not have used the word "lock" but "encrypt," as whichever ransomware, the theory being if your only backup was on an internal drive you could not restore.





'