WinPatrol WAR (formerly WinAntiRansom)

Discussion in 'other anti-malware software' started by haakon, Dec 17, 2015.

  1. In politics it is ok to bash your opponent. In commerce the product should speak for itself. When product benefits are not transparent or can't be checked by the buyer themselves, comparative reviews performed by independent testers provide additional insights for consumers. The higher the reputation of the reviewer, the higher the credibility and trustworthiness of the results.

    So cruel sister is doing a good job testing these security programs, since independent testing organizations are not yet interested in this niche market (they simple don't get enough funding to perform the tests)
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Cruelsister's testing of WAR

    I do not think she digitally signed her test files. So that should have sparked the end to that question right there.
     
  3. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    :thumb::thumb: She does extensive tests against Ransomware.
     
  4. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    These are some off the web that she found i believe..
     
  5. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    She created her own from what I understand
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I'm not sure what point you are trying to make. The samples she uses have bypassed almost all the products that specialize in protecting against Crypto-Malware. The only product that she has not bypassed that specializes in Cryto-Malware is WAR, unless she has recently.

    I don't use WAR, but I think it would be worth purchasing a license for in case I want to use it in the future. They have had some really good deals on lifetime license. Their company has been around for quite a while, and I think they have really good business practices.

    Cruelsister did take a crack at AppGuard (by my request) which covers just about everything, and she did not bypass AG. She said she was surprised at how good AG's protection is. There are other products like AG that cover a broader range of attacks that protect against Cryto-Malware quite well. Too bad the masses don't educate themselves, and learn how to use some of the better options out there. Sorry to go on a rant, and a little off topic. lol

    Edited 4/15 @ 9:12
     
    Last edited: Apr 15, 2016
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Sometimes she writes her own from scratch, and sometimes she writes really innovative droppers to deliver an existing threat. She can take an existing threat, and make it much more effective by delivering it with her droppers. I believe i'm correct about this anyway. She can correct me if i'm wrong. I can't remember if she informed me this by PM, or maybe she said something in a video that lead me to believe this.
     
  8. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    This is what she responded to me on her video..

    "Depends- In this video, for instance, Chaos and most of the Worms are mine, the rest coded by others and in the Wild."
     
  9. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Her musical choices are better than most too,though I think she may have a particular soft spot for pentangle ;)
     
  10. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Thanks guys for this topic. I checked AppGuard with cruelsister1. Helped a lot.
     
  11. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Im getting similar results to boredogs post 75 with the test file textpad.pdf.exe .I use IDM (internet download manager and downloaded the test file using it.If i open IDM and right click the test file and choose "open folder" and then click to execute the test file I get WAR popup ,however if I just click to execute the test file straight from IDMs downloaded window (which is the usual thing to do) I don't get any warnings from WAR and the file executes and opens text pad.Anyone know why this would happen?
     
  12. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "I'm not sure what point you are trying to make."

    Cutting. I could be wrong but I thought someone posted that they thought or were told WAR only uses signed files for detection.

    Ellison, I still never heard as to why this happens and so it appears nobody is concerned about it.
     
  13. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    It is quite a big concern in my view.Maybe there's a simple explanation but the fact remains that the test file can be executed through a "proxy" so to speak with no popup ,and the text pad opening.I hope this wouldn't happen with real malware?
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Ellison I tend to agree with you but I think I tried to join their forum a few times but couldn't and it appears they dome come here. And so if some one here has access to the forum, maybe that person could post this at their official forum?
     
  15. haakon

    haakon Guest

    My cousin's sister's brother knows someone who thought someone heard the same thing. You could be right.
     
  16. haakon

    haakon Guest

    Check if IDM is whitelisted in the Programs window. If so, then its processes are in the Safe Zone.
     
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Haakon

    Our problem is if you click on the download and select RUN!!!!! in the window at bottom of screen ( in my case IE ) have not tried Edge yet, War does not block it and notepad opens right up. If you click on the install file from your downloads folder it does block it.

    I also see you don't allow personal messages on your profile :-(
     
    Last edited: Apr 16, 2016
  18. LittleDude

    LittleDude Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    79
    For me WAR disables ESET's GUI even though ekrn.exe and egui.exe are whitelisted.
    Is anyone else running the two programs together successfully?
     
  19. haakon

    haakon Guest

    I'm seeing the same with IE in Windows 7. Again, I suspect IE (iexplorer.exe) is in WAR's SafeZone whereas Windows Explorer (explorer.exe) is not, of course. Perhaps you can inquire with WinPartol support. I've already got Bret busy with something else.

    That said, launching any executable from anything but the Windows Explorer shell itself has always been a Bad Idea.
     
  20. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    I like the program and have the family pack , but on one of my computers , win7 64 the computer freezes/locks up after being on for 2- 3 days , uninstalled and computer has run fine for 1 week straight , as soon as I install Win Ransom that computer locks up again . This is with ver 365 and 398 . Very frustrating as the SSD will crap out if it happens to often , have to close the computer holding the on button 5 seconds .
     
  21. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Yes IDM is whitelisted ,but if anything downloaded and opened through IDM also gets whitelisted then ,there's a big problem.Hopefully Brett can address these concerns when he checks this thread out.
     
  22. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Ellison

    I do not think we should be able to execute the test file as I mentioned. If so it is not a family friendly program because like you they would chose to run the file from current location. Not from their download folder. I will be waiting too for any results Brett has to offer.
    To me this is a big issue too!!!!!!!!
     
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I agree what this forum is known for is thinking all members are security experts. Most members here think all normal users are savvy. I am sure a bigger percentage of normal users that would use WAR would not be if they want a market that is just not IT people. Every since I been here on this forum from the 1990's I have been an advocate of the home user. if any company is going to be successful they need to adhere to the general public not the geeks. All security software needs to be grandma usable.
    After all I am a great grandpa. I have been preaching this for way too many years.
    Last person that I saw do this was Kevin from BoClean. A persona I shared neuromas email with.
     
  24. haakon

    haakon Guest

    You have the application whitelisted in WAR??

    If you depend on one solution for protection, you need to re-evaluate your strategy. In order to test WAR with this, I have to run textpad.pdf.exe from a folder excluded in the layers I use.

    And I had to go around this to get it...

    WARtextpadBD.jpg

    Sidebar: Log info - "This webpage...is identified as infected with malware." This is an actual payload block not just a simple malicious URL block (BD's Web Protection). Noting else in the WinPatrol domain is blocked.

    Keep dreaming! I have a dream, too. A weekend getaway with Jennifer Lawrence. It's not gonna happen. :D
     
    Last edited by a moderator: Apr 20, 2016
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    well then my friend this company is not going to sell software I already sent you a PM I think . Which shows you I am not really all that new to this.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.