Interesting AntiRansomware freeware

Forgive me for asking a very dumb question: I happen to read Forbes also, but I don't see the ads while just browsing with Avast as only extension in Chromium (only the quote of the day sticks for some seconds)

 

Ditto on that. I only use the Fanboy's lists in IE11. It blocks 42 services. I see no adds and I can exit the quote via Continue click on. I get no messages from Forbes about ad blockers being enabled and my viewing content restricted.

 

lol This thread has gone quite off-topic.
Anyway my experience in Forbes using Chrome/uBlock Origin is zero issues like @itman said above.

 

Now the real question is: Why people seem to not be interested in AppCheck at all here? Despite cruelsister's video review positive results, nobody seems to comment that much or give some feedback.

 

Starting a dedicated thread and the appearance of a dev in the forum would help

I have been using it but for some reason is as hard disk demanding as a normal AV

 

Looks like the Forbes issue may be AdblockPlus specific, as it does not happen with IE. However, since I could use Adblock Plus as long as I sign in with Google, I wonder if both Chrome and IE allow personal info transmission that ABP will prevent.

Anyway, about AppCheck- there are obvious deficiencies in the Freeware product some of which may be solved by the paid version. Sadly the Paid is only available in Korea currently. However someone from CheckMal registered and posted on MT, stating that they are now working on an International version (and pricing) so it should be available for the rest of us soon.

The one thing that I'm curious about is how soon they will fix the issues seen (note that I tend to be a bit aggressive in my testing) with the application that were brought up in the video, the resolution of which should be intuitively obvious to the developers. But for now the freeware version does protect against the most commonly seen ransomware strains, and it is apparent to me that they are walking down the correct protection pathway.

 

(1) I'm not interested in these tests/reviews.
(2) I can't see the need for AppCheck here.

 

Well, I won't say it again, but MBRfilter and AppCheck are really nice freebies for post execution damage control. When dealing with risks it is best practise to cover the three bases (to prevent a home run): 1=Prevention, 2=Damage control, 3=Disaster recovery. While AppCheck has issues (e.g cruel sister test showed she lost some files when executing one of the ransomware samples), it is a decent post execution damage control layer (with MBR Filter).

 

I have similar problem with Chromium and uBlock Origin so it might be a rule in 3rd party filters causing it. I get Quote of the day without Continue option. As soon as I disable Ublock Origin I get countdown and then Continue appears.

 

Here is where I take a turn for the better.

As you clearly point out @cruelsister yes it has expected limitations in the free version but I find quite a bit of promise in this one and perhaps once that paid version is reachable there is no reservations on this end to adding it to my systems simply because they seem to have a pretty good handle on what it will be able to do in sealing off potential Mr Crypto intrusions smartly in fact.

 

When you don't have paid anti-ransomware MBRfilter + AppCheck anti-ransomeware is a greet FREE and LIGHT damage control layer on your PC. Even on older hardware it runs great. As an example the AppTimer results of my wife's six year old Lenevo laptop with P4600 dual core Celeron @ 2.0 GHz and 1TB SSHD (5400 RPM, 64MB write cache and 8 GB read cache) on Windows 7 (32bits).

Pro-active protection:
1. SRP/ACL allowing right click run as Admin from Temp with UAC set to elevate signed executables silently
2. AVAST in aggressive hardened (cloud white-list) mode and MemProtect sandboxing Chromium/Outlook/WMP/SumatraPDF

Post execution damage contol:
1. MBRfilter anti-ransomware
2. AppCheck anti-ransomeware (free does not protect MBR)

Disaster recovery:
1. NAS (weekly backups run under different user with write access, while router blocks outside connections)
2. USB-disk with monthly copy stored in a different location (besides pictures and douments it also has PDF's of all important paperwork).

____________________________________________
C:\Program Files\Chromium\chrome.exe - 5 executions with MSE on default
2.4337 ('cold' from disk)
0.8923 ('hot' from memory)
0.9246
0.8755
0.9103

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE with MSE on default
1.2632
0.8420
0.8419
0.8420
0.8419


C:\Program Files\Chromium\chrome.exe - 5 executions with Avast + MemProtect + MBRfilter + AppCheck
1.2319 (cold)
0.4051 (hot)
0.4211
0.3770
0.3933

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE with Avast + MemProtect + MBRfilter + AppCheck
1.5283
0.8576
0.8420
0.8419
0.8419
________________________________________

So when you don't have paid anti-ransomware solution, it is currently the best combo available for free

 

@Peter2150

You normally don't seem the person who is influenced by (bad) marketing. What happened? How often are you going to post that is not suited as a first line of proactive protection? I agree fully with you that it should not be used as first line proactive defense layer against ransomware, it should be used (and marketed) as damage control layer in case you first line is bypassed.

Because AppCheck marketing ignores image/data backup and recovery, why are you also ignoring it? AppCheck in combination with MBRflter is a nice FREE and LIGHT second layer for DAMAGE CONTROL. It did the job, detected the ransomware and stopped it with little or no data loss.

Regards Kees

P.S. your test totally ignored images also

 

Peter,

Well here is where we disagree, although it is marketed differently, the job IMO is damage control on your DATA (not your OS) for three reasons:

1. It is free (so anyone can afford and is able to use it)
2. It does the data protection job pretty well (not perfect as cruelsister's test showed, but the best of the freebies until now)
3. It runs super light (so even people with old systems can use it).

Compared to having no (second) damage control layer at all, it could save your precious data (in combination with MBRfilter) People with lesser proactive protection also tend to have insufficient disaster recovery, so I would not turn (and talk) such a free offer down.

When you drive a Hummer type of 4x4 with a big bull-bar (like your Fort Knox strenght set up), you are okay in case of a collision. But others driving smaller cars probably benefit from secondary (safety belt) and tertiary (air bag) security mechanisms in case of an accident.

Regards Kees

 

I disagree. It did the job protecting DATA. Sensitive data. Trashed OS can be restored using an image backup or full reformat/reinstall, although this area can be put in the list of improvements by Checkmal.

 

cruelsister's video doesn't show AppCheck to trash the OS at any time. Maybe you've got a case isolated.

 

It does indeed seem to be an interesting app, thanks for testing it. So if I understood correctly, it was able to stop almost all ransomware samples? And what is the rollback feature about?

Thanks for the heads up. Did you test it on your VM? It might have been a conflict with another security tool.

 

I assume you disabled your existing security software to run the ransomware against AppCheck? When your system rebooted, appears ransomware was still present on the system and started trashing other areas. So although AppCheck might protect against initial ransomware encryption activity, it appears that its ineffective against totally removing the ransomware.

 

"I don't call it doing the job if it left the system totally damaged. And while I didn't mention it how do you think I recovered the trashed system"

Marcrium Reflect?

 

Heard good things about AppCheck through CS, so I decided to try it.
On download, Webroot flagged the installer as "Trojan", but it was only 3/56 on VT, so I went ahead with the install.
48 hours later, Webroot flags another "Trojan" dropped in Temp this time:
~ Removed VirusTotal Results as per Policy ~
Again, low VT score, but this time I decided to uninstall it. Not taking the risk.

 

Macrium Reflect

I don't get it then.

While i was seriously thinking it might be useful and haven't even tested it yet due to my schedule right now, up pops something to consider.

So aside from the PAID versions what exactly is floating around as a (free) First Defense that might prove useful NOW not later?

The trouble with all these new projects IMO is that they take way too long in development before along comes Jones with yet another new idea.