RansomFree by Cybereason

Discussion in 'other anti-malware software' started by Blackcat, Dec 19, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Isn't this the problem with behavioral monitoring tools that look for suspicious file modification? They are never able to block all files from being modified, but some tools like HMPA have the ability to rollback files, but I'm not sure how it works. But can you give a bit more info about how EIS handles this?

    This sounds weird, because when you click on block, it should suspend the process, and all encryption should be stopped, I don't see why only the files on the C drive are saved, so looks like a major bug to me.

    Yes indeed, but they should have done more testing, but this can also lead to bad press. I do think they are on the right track though.

    Did you already test it? About the company, the website looks cool, and they do at least provide info about how they try to tackle malware, in contrary to other companies, who only say "we use AI", if you catch my drift.

    https://www.cybereason.com/malicious-activity-models/
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Yes, she has posted a video on MalwareTips today.
     
  3. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,841
    Location:
    KEEP USA GREAT
    So my question is it worth using or give it time to progress?
     
  4. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK

    Having seen cruelsisters tests and results I've uninstalled it, I will contact and invite them to join the discussion here (although they are probably aware of it) and let us see what they have to say :)
     
  5. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    I've left a "tweet" on their account for them to respond to this thread (although I'm sure they're aware of it) its odd that they don't have a email for customer inquiries on their site (I couldn't find one)..They're based in the USA and UK.
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I love that JC song !!!!!! I might even use that song at my funeral.

    thanks CS
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    My simple answer would be NO
     
  8. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    If I got hit with ransomware, I think I'd much rather have it than nothing, unless somehow it is causing some kind of damage itself, and I haven't got that kind of impression.

    Someone above said they uninstalled it, so I take it that went without issue and didn't leave a bunch of junk on your system?
     
  9. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    You rather uninstall it, instead of having a false sense of security.

    Although I do not feel at risk, I have HMP.A to protect me.

    Otherwise KAR would be my choice.
     
  10. plat1098

    plat1098 Guest

    I'll stick to firms with time-tested, proven track records. I think the eye-catching term "ransomware" is overused for marketing purposes, which is ironic considering the subject. No more than a curiosity for me at this point, haven't seen the video either.
     
  11. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    So you believe you're safer without it than with it? That doesn't make a whole lot of sense to me. It's not like I'm likely to take more risks because I have it installed, than I am to drive like an idiot because I have seatbelts.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    I think what was meant, was why use a product that isn't reliable then one with a proven track record
     
  13. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    Oh okay. Thanks.

    The reason I would; like Hiltihome I also don't feel at high risk with other protections (but no specific anti-ransomware), backups and fairly safe habits. I'm not familiar with HMP.A and such, but I don't see the need to pay for more protection, but figure a free solution like RansomFree might add another layer of protection without more costs. Besides, I don't trust any of them 100%.

    I had seen someone claim that they feel safer without any AV at all because it provides a false sense of security, and that's what I was thinking was meant.

    I'd still like to know that once it's installed that it can be uninstalled cleanly.
     
  14. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK


    I just reinstalled and uninstalled cybereason using its standard uninstall utility and found 1 folder remains:

    C:\Windows\System32\config\systemprofile\AppData\Local\Cybereason

    And that's just a small config file, I didn't bother checking for reg entries.


    Edit, nothing found in Device manager: Hidden Devices.
     
  15. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    Also, even though I'm wary of installing multiple security products because I'm aware of the conflicts two AV products or firewalls will cause, it appears that this might could be used along with other anti-ransomware, possibly giving still a little more protection, assuming no other performance hits. Not that I know enough to recommend doing so.
     
  16. SnowWalker

    SnowWalker Registered Member

    Joined:
    Apr 2, 2012
    Posts:
    287
    Location:
    USA
    Hey, thanks for checking!

    It makes me feel better about trying it out.
    :)
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    When install finishes...

    rf01.png

    Okay but I think this is too much...

    rf02.png


    Going to search where else they dropped folder and files that big. :cautious:
     
  18. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    The folders the product creates will be randomly named and usually at the top of the C drive. They are the Honeypots- too bad some ransomware do not have a sweet tooth.

    Boredog- Glad you liked the song. He knew he was dying when he recorded it. Occasionally the extremely raw can be extremely beautiful.
     
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Been thinking about why this product failed when multiple drives are installed.

    Appears the developers assumed ransomware would always begin its encryption activities on the OS installed drive. As such, the software would detect such activities though use of its honeypots and shut down the ransomware prior to its attempts to encrypt the other local drives. Appears some ransomware actually start their encryption activities on non-boot drives prior to doing same on the boot drive? Makes sense to me since less chance of being detected by security software on the non-boot drives.

    Has anyone tested to see if the product will detect ransomware activity against network drives as claimed?
     
  20. Djigi

    Djigi Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    554
    Location:
    Croatia
    What if we copy this random files (Honeypot) to others drive we want to protect (D:, E:, Z:,...), should this program work fine theno_O
     
  21. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    228
    Location:
    UK
    Not a sensible suggestion for the average user who often wouldn't know whether they're using a non-system partition or not.

    Better that the developers address this issue directly.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    I can translate that into two words. Bad Design
     
  23. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Seriously. I was looking at their websites and they seem to invest a lot of money, resources, the hype about military grade stuff, etc., still I can't conceive why they did these huge mistakes in their design.
     
  24. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    New Version Today: 2.1.1.0

    Haven't checked the changelog yet.
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Thank you.

    First thing I looked at was to the honeypots, they're gone. :thumb:
     
    Last edited: Dec 22, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.