WinPatrol WAR (formerly WinAntiRansom)

I like the concept of WinAntiRansom, but noticed some problems and confusing options:

1. VirusTotal doesn't work:

Every file I try (even something common like Excel.exe) shows "x is unknown to Virus Total, uploading for scan. Please refresh the screen in a few minutes to see results." - Even hours later refresh still says "Scan for x not yet completed at Virus Total. Please refresh the screen again in a few minutes to see the results."

2. "AdobeGCClient.exe" (Photoshop Elements 13) and "chrome.exe" (latest Chrome Browser) report Ransomware/Malware like actions even if I set "Pre Emptive" to green/on. Shouldn't this switch disable the check for that applications?

3. I don't like that that smart mode and the allow option, enable "SafeZone", because "SafeZone" should give me maximum protection and access for a few selected applications and not allow browsers and email clients to access my documents.

4. There are two ways to configure "Safe Zone Folders" - I am confused...

The first way is by adding up to 10 folders in the settings. The second way is to select "Safe Zone" from the "Programs menu bar". The second way only allows to select a singe "SafeZone"-Folder. What's the difference and how should we use that feature?

The second way shows "Potential Programs for files in SafeZone" and "Allowed Programs for files in SafeZone" - both sections are empty. How does this work? I thought the green "SafeZone"-Switch is for choosing SafeZone applications?

5. What happens if I select "Whitelist program" for applications shown in "PreEmptive Actions"? Is there a difference to using the green switches? Were can I see a list of all whitelisted applications and folders?

6. If you sort programs by the "SafeZone" column and change the switch for one applications, the applications moves to another place (that's ok because I sort by the switch) and the next applications also gets the switch changed (bug). Same with the other switches in "pro mode".

 

Could be "SafeZone" is the tech. The Programs SafeZone and the Folders SafeZone are different modules. I think of them separately: WAR's SafeZone, My SafeZone. (Maybe the SafeZone column in Programs should be named differently.) At some point I decided to just use Easy Mode with its simpler Whitelist column on the Programs page.

Apps: The Programs page for WAR's whitelist.
Folders: Programs page > Add menu item > Add folder
Folders, yours: The Settings page
Apps you allowed for your folders: Programs page > SafeZone menu item > Configure SafeZone

I don't have that issue with VirusTotal.

Maybe Bret or Scott will stop in here. Or not. However, Scott is a Support Analyst for WinPatrol products and a newly arrived moderator at their forum and he's been very responsive there.

http://www.landzdown.com/winantiransom/

And:

https://www.winpatrol.com/winantiransom-documentation/

 

This ransomware stuff is very confusing (and threatening) for me. Have you all read this?

 

This will get you very ........... scared: http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-13-2016/

 

Ratchet, you are a Sandboxie user, Right? ransomware, zero day threats wont bother you if you get in the habit of opening attachments or any file you download from the internet, or introduce in your PC via USB drive in a sandbox. Even after recovering files, you continue running this files in a sandbox during their lifetime in your PC, if you do that, as time goes on, you ll feel more and more confident about SBIE doing its work and wont feel threatened anymore. Feeling threatened or scared about using the PC for whatever I want to do, has nothing to do with my computing experience, those feelings belong way way back in my past.

Bo

 

Lets keep this on topic please !!!!!
Don't introduce other software that might keep you safe.

 

Looks like because VirusTotals new policy, WinAntiRansom Plus will be removing the VirusTotal feature in its new version

 

When I click on buy chrome cannot connect, their https port is closed. But I find it hard to believe they made such an error so must be an error somewhere my side.

This site can’t be reached
secure.avangate.com refused to connect.

seems their payment processor is in one of my tracking lists.

 

got the url?

found this, but after I click it says 25%

https://malwaretips.com/threads/winantiransom-50-off.55993/

 

What's your source for that news on the removal?

The VT new policy:
“All scanning companies will now be required to integrate their detection scanner in the public VT interface, in order to be eligible to receive antivirus results as part of their VirusTotal API services,' the new policy demands." Source: techweekeurope dot co dot com among the multitudes.

I got v2016.5.451 to test from Bret a couple of weeks ago and the VT function is still in there but I get "is unknown" and "not yet completed" returns on apps that return instantly on the VT site. I'll check in with him and see if he wants to offer some insight tho I'm thinking he won't be handing over his tech any time soon.

The absence of VT in WAR isn't a deal breaker for me. I'll thank VT for their Web service; enough said.

 

EDIT: (Unofficial change log pasted from Bret's email. Roll-out date and version valid as of this posting.)
ALSO: 2016.6.455 is rolling out on Monday, 6/6.
This build contains the following:
Ability to remove data from Action pages.
Improved ability to block and whitelist on all action pages.
Warning message when tray is used to stop protection.
Tray icon changes color if protection is stopped.
“Search for Programs” now searches entire system drive.
Enhanced detection engine.
Ability to have WAR automatically remove “Does Not Exist” entries.

 

I agree, the VT thing doesn't bother me either. I was just curious because I couldn't get it to work either.
Looks like some good improvements coming!!

 

I'm running 2016.6.455 and note the "no longer exist" toggle in the Settings pane and the other stuff. VT checking is gone; apparently that didn't make it into the unofficial change log I posted and edited above.

I pass on that option in that these are few and far between in my environment but know it will have much value for others, especially Windows 10 users.

I mount as drive M Thunderbird PortableApps from a VeraCrypt container so I prefer a permanent Programs listing for M:\Thunderbird.exe and M:\ThunderbirdPortable.exe even if it is Does Not Exist.

And for Sysinternals TEMP\procexp64.exe among other stand-alones and portables.

As well, I just noted Google Chrome's software_reporter_tool.exe became a Does Not Exist item probably as a result of a portable x64 v50 to v51 upgrade. So there is a reporting benefit to it.

Anyhow, the update "over" the previous version went without issue or reboot.

Hats off and a salute to Bret.

 

Looking forward to it man Thanks

 

That is the URL.

It's apparent 50% was then, 25% is now. The 50% "ends in 24 hours" February malwaretips posting worked for me when I posted #56 here in March.

25%, as my daddy used to say, is better than nothing.

And the standard price, 29.95 USD, for a lifetime five PC license is already a bargain.

 

Britec09 on YouTube did a test of WinAntiRansom.
https://www.youtube.com/watch?v=VO2ZkQVQy14

He tested WinAntiRansom against CBT-Locker and TeslaCrypt.
WinAntiRansom failed to provide protection on both the tests. It did not look good for WinAntiRansom.

 

Cruelsister challenges Britec:
https://www.youtube.com/watch?v=Nm_s2WeveiQ
Nice music, too.

Good point:
https://malwaretips.com/threads/winantiransom-plus-review-by-britec09.60208/#post-515042

 

Locky

 

So it doesn't protect against nearly all Ransomware?

 

There has been an issue with trial mode from what I've heard. Britec had a similar issue although for a much different reason. I was hoping people would send me the file ID's (or the files) of any of the supposed "breaches" for a confirmation test but for some reason they never do. Curious, yes?

 

"ALSO: 2016.6.455 is rolling out on Monday, 6/6."

Any word on this update release?

 

I did purchase it at 25% off, although not yet installed it, I would rather HMPA improved their protection instead as I dont like a bloat of security apps on my machine.

Lesson to other vendors tho, reasonable pricing like this is 5 pc's for lifetime, can encourage people to buy when they otherwise would look away.

My concern tho with buying this is it is aimed specifically at one type of malware, ransomware, when ransomware goes out of fashion so will this program?

 

Alert blocks exploits (with hardware assistance), protects against every prevalent ransomware (since 2013), encrypts your keystrokes in browsers (safe from RAT), ensures you browser is safe to use (banking trojans), notifies when webcam is silently turned on.
What would like to see improved?