WinPatrol WAR (formerly WinAntiRansom)

How about 20% off?

 

Sorry, but the test is useless. Any app can achieve that by monitoring certain resources and when app that isn't whitelisted tries to access it, it'll warn you. Same can happen with pretty much any CLEAN app that simply isn't whitelisted.

The main problem here will be, how to differentiate actual malicious app from non-whitelisted clean app when the popup appears? The answer is, YOU CAN'T. Which means people will end up just clicking "Allow" in the end which in result defeats the whole purpose of such "protection".

 

According to the tester, WAR is using behavior based tech, so it's not only using a whitelist. Do you care to explain what you mean?

 

I'm really starting to like this program. After the latest update, the program is running great. Bret is quick to fix any problems. I am going to have to rely on others to test it. I am looking forward to seeing further testing.

 

signed up at the forum but never got an e-mail to verify. Wanted to report a problem with whit listing a program called Unhackme.

UPDATE: JUST TRIED REGISTERING AGAIN AND GET AN ERROR EVERY TIME

Even though I paid for this program I might have to uninstall it because I hate problems like this.

 

@RejZoR

I am like @Rasheed187 also curious what do you mean?

Ransomware has to pass some easy (using HKCU runonce) and some hard (process hollowing/code injection) to defend gates to succeed in its infection. For ransomware the same applies as for all malware, you don't need to defend all intrusions these types of malware uses. So focussing on a few attack vectors might be an effective approach.

Look at for instance AppGuard, it "only" applies a few HIPS techniques (a lot less than Spyshelter or Comodo for example):
a) Run guarded aps in LUA
b) Set a deny execute on user space for unsigned applications
c) Monitors private folders for (illegal) access
d) Monitors memory access (I guess suspicious soft RWX access)
Ask the users of AppGuard, it is as solid as fort knox

So Win-anti Ransomware, monitoring "only" some simple to defend events
a) Suspicious registry access (already part of WinPatrol)
b) Suspicious windows objects access (behavioral component)
c) Applying a whitelist
d) Protecting a specific folder
As the video's of Cruel Sister demonstrate, this might also be a very effective aproach.

After a run once entry is created for an executable outside UAC protected folders and vsaadmin is called to delete any existing shadow copies and bcdedit is called to disable recovery and the executable is not in the whitelist how many more clues does it take to suspect this is ransomware? How many legitemate software applications would run such a series of related events? The risk of False Positives is way less than for instance HPMA (which protects the hard to defend intrusions also).

There is elegance in simplicity IMO.

Regards Kees

 

Wait a minute, then I might have misunderstood Cruel Sister's test. When I say "behavior based", I'm talking about the ability to block processes from modifying files rapidly, by looking at file system operations. If WinAntiRansom is not doing this, then I consider it to be less advanced than HMPA and MBARW. But this doesn't mean it's less effective.

 

By now you all must know ReiZor has been banned from Wilders?

 

Yes, I saw his post about AV's, it was amusing but against rules. But I'm not sure why he was banned.

 

Seeing as my previous link to his article was removed. I will just say search for his blog on google, you can find an article explaining why he was banned.

However it's better to stop this conversation here or move it to pm.

 

The program shows as registered in the GUI so am guessing it is registered.
The newest version appears to be xx.365

 

Today when trying to install Microsoft Photo Gallery WAR did the old preemptive strike again and stops the install. Once again no program that gets the preemptive strike can be whitelisted. Even though it shows as whitelisted it is not. I have tried to sign up at their forum twice and never can and so have no way of contacting anyone. I am really starting to think buying this software was a big mistake. It must still be in big time beta.

 

No to go off-topic, but his status still says "registered member" and not "banned" which (afaik) is what the status change to when the member is banned.

 

Wow, this doesn't sound too good.

Yes, this is why I was confused.

 

Same here , bought the full package and now not getting much of a response on the site , tried it a few times ans each time it had to be uninstalled because of system freezes and or high cpu use .. Seems it's not ready for prime time , looks promising though . Hope they get things going .

 

What’s new in 2016.3.368 (posted March 11th, 2016)

• Fixed bug that could result in perfectly valid programs/installers getting blocked.
• Optimized inter-process communication, improving program performance while lowering CPU/Network usage.

 

Salutations/Greetings!

https://www.youtube.com/channel/UC7czj0EMrBm51e2x6OoDxOA
https://www.youtube.com/watch?v=Z5wICziBBHw

Maybe, if you post on their YouTube link you get responses back quicker?
Or bugs fixes that they need to make!

 

New video about WAR:

https://www.youtube.com/watch?v=equvK65PakY

 

nice video Rasheed. The only issue I had was the blocking of legit programs. Now with the newest version a lot of that has gone away.

 

Running fine on all three of my pc's

 

I hope Cruelsister will give some more technical info about WAR. She did tell me that she was working together with the developer to minimize false positives.

 

It does look like a keep so far. Support is awesome too

 

Just wanted to point out she or he is using a Win XP virtual system not a win 10 64 bit.