Kaspersky Anti-Ransomware Tool for Business (Beta)

Discussion in 'other anti-malware software' started by 3x0gR13N, Aug 10, 2016.

  1. Well it performed as I expected, IMO still a good free companion of WD for home users on Vanilla Windows10 (Smartscreen would not have recognised morphed samples as trustworthty anyway, so there is hope that a user practising safehex might be warned in time).

    ANY PAID PREMIUM ANTIVIRUS WOULD HAVE HAD A HARD TIME BEATING KAPLAP-AR WHEN TESTED WITH CRUEL SISTER'S SAMPLES.
     
    Last edited by a moderator: Oct 2, 2016
  2. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    You are 100% correct that any traditional AV would have failed most of the samples that I use (and it would be fairly easy to make all fail). That's the very issue with the ransomware that's being produced by Pro Blackhats- to maximize the value of the malware it will be morphed every 8-12 hours, thus ensuring that there is always a FUD file being distributed.

    Admittedly this is a beta which was why I was (relatively) nice to KAR in Part 1; but subsequent builds must have a mechanistic method of detecting stuff like Cerber and Locky. Primary reliance on Cloud detection via definitions is unacceptable.
     
  3. When looking at IT-knowledge and security awareness of the person using the PC

    • Average User
      Vanilla Windows with WD + KapLab-AR. Most important quality of both is the fact that these fingerprint solutions are free (when security is not on your mind, fair chance your are not willing to pay for it) and offer seamless low FP user experience.

    • Security conscious/malware aware user
      Use a freeware like VoodooShield. Voodoo-AI bridges whitelist with traditional blacklist solution and mimics traditional AV-behaviour in AUTO-pilot mode

    • Educated user
      Educated users are often willing to pay for protection as long as it blends nicely into their layered setup (WAR, HPMA, MB-AM/AE/AR), although a fair share will be happy to build their own layered setup with freeware (e.g. using Comodo in CruelSister setup or combine a HIPS like Spyshelter free with an AE like VS in SMART mode)
     
    Last edited by a moderator: Oct 3, 2016
  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    @Windows_Security Because I have licenses: In your view, would there be any benefit combining VS and WAR as they are both really anti-exes? Apologies - a bit OT of KAR, maybe should be in VS or WAR thread, but question is in context of your statement above re layered setup.
     
  5. Well they seem to have both AI engine and AE, so using them both would not be my first choice.
     
  6. koliko

    koliko Registered Member

    Joined:
    Dec 13, 2006
    Posts:
    105
    Is there a way to uninstall this tool?
     
  7. Disable self protection, otherwise it won't de-install
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "Because I have licenses: In your view, would there be any benefit combining VS and WAR as they are both really anti-exes? Apologies - a bit OT of KAR, maybe should be in VS or WAR thread, but question is in context of your statement above re layered setup."

    just look at my over protection!!!:argh:

    on my setup if I try install a new program appguard always kicks in first blocking it. not sure what that means but hey that's me. when it comes to web pages, adguard and malwarbytes come in handy. I only use my routers firewall and windows firewall.
     
  9. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Check this out on Utube... Kaspersky Anti-Ransomware | Free tool for everyone
     
  10. Using it on my Asus Transfformer because it is light, works well against script based ransomware (Smartscreen will stop all exe based ransomware).

    Few tweaks:
    - Allowing only the service outbound access in firewall, seems to stop (most) advertising and ransomware blog pop-ups
    - Setting the service to delayed startup and setting StartUpDelat(link) to 20 seconds seems to prevent "no internet connection" pop-up also

    Regards Kees
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Not if the .exe is within an e-mail client archive:

    Knowing that using a web-based email client to download the malicious payload might trigger the SmartScreen technology in Windows 10, Susan decided to install an email client on the test Windows 10 and then attempted to open the zip file and launch the attack directly. To her dismay, the attack was successful and proceeded to encrypt all files on the system. While the public beta of the Advanced threat protection software from Microsoft was able to track what the ransomware did, it did not flag the infection in real time, nor did it flag the attack.

    The infected system reached out to a malicious and suspicious Internet Address that a normal system should not and would not connect to. It was clear that even with Microsoft’s latest operating system, it was no match for the typical attacks that ransomware uses to gain access to a system.


    Ref.: https://www.sans.org/reading-room/whitepapers/awareness/ransomware-37317


     
  12. Thread is about KapLab should not have mentioned my Asus Transformer setup, see 'run by smartscreen'
     
    Last edited by a moderator: Jan 15, 2017
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Finally someone agrees.

    I been screaming over this same method for years now to little attention (hence my long absolute devotion to HIPS).

    Relying ON the internet (oh mighty Cloud aka: in simple terms, Remote PHYSICAL Servers) to protect the system via defs will never be enough.

    Built in mechanisms like HIPS was smart on old 32 bit machines as a solid security enhancement at the LOCAL end user lever.

    But what do I know
     
  14. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    There's a new beta version 1.1.31, digitally signed on 21.3.2017.
    https://special.s.kaspersky-labs.com/special/2c468qqn8yogd8p4wlyc/kaspersky_anti_ransomware_tool_for_business_1.1.31.0_en.msi

    No details on what's new/fixed.
     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    A question for KAR users: does anybody use it together with Emsisoft AM? Are there any conflicts using the both?
    Also does KAR add much protection to already used Emsisoft's behavior blocker?
     
  16. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    Am I correct stating if you have KIS already, you don't need KAR?
     
  17. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Yes, you don't need KAR if you already have KIS. :)
     
  18. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    To elaborate, it's called System Watcher and is found in all Kaspersky products (as far as I know anyway). Even the regular antivirus have it.

    Oh and here's a video of this component in action

    https://www.youtube.com/watch?v=g0f9HYahmmQ
     

    Attached Files:

    Last edited: May 20, 2017
  19. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    Thanks for the info and link, Brian
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Logging off remote desktop session takes really long when KAR is installed. It takes about 1 minute to log off (compared to few seconds when KAR is not installed).
     
  21. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    Good review of Kaspersky here:

    https://www.youtube.com/watch?v=Kza4z1joUVA

    It successfully blocked every ransomware thrown at it. Impressive for a free tool and it works alongside any AV you may have. KAR seems to use a combo of algorithm-matching and cloud AV intelligence to look for behavior patterns that ransomware launches to communicate to their cloud C&C servers to get instructions to encrypt files.

    From the simplest to the deadliest, it blocked them all! Exactly what you want facing zero day threats. Kaspersky did iy by keeping the tool simple to use and when it identifies a threat - its blocked!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.