The first startup is generally the slowest. That's because it's building databases and collecting information. Did you try rebooting a second time to see if it improves?
RansomOff by itself is very lightweight from a resource perspective. The slowdown occurs because of how it is interacting with other software especially during startup. Because ransomware can load at boot, RO has to perform a number of checks to make sure loaded processes are not malicious. If you have lots of other software loading at boot then that will obviously cause some slowdown because RO is verifying each process. Things becomes quicker during normal operations because RO doesn't have a deluge of new processes all loading at once. Try to exempt things that run at startup and especially make sure to exempt your other security programs, if you didn't do it during installation.
Wow. Quite the list if I might say so. Lots of super useful features and well, will take some time for this member to wrap his head around it all. Wasn't expecting to be a mechanic today either but that task fell my way by chance and cannot bear to see a damsel in distress. What a terrific effort and program HeiDef. Thanks as always for your continued attention to users issues especially. It's really epic and welcome to find a developer like this hanging in there throughout whatever crops up and goes out their way to remedy what can be fixed for them.
I exempted everything that run at startup but my wifi network icon still freezes with a blue circle. I can't use my internet until the icon stops freezing. This takes forever to unfreeze. When I uninstall ransomoff the icon works fine and I can use my internet. So I don't know how to fix this. Any ideas?
Can you quantify "forever" please? Also, once it does become unfrozen is system performance still degraded or does it go back to normal. Just curious if this is strictly a bootup problem for you or a total system issue.
It takes 3 minutes to load the network icon and then everything works fine. Is 3 minutes to load the network icon normal or should it load quicker?
Well if it didn't take 3 minutes before RansomOff then it's not normal. But the network icon is probably a red herring because that's just a UI element for some background service. Could you send us a PM with your start up config? You can run something like Sysinternals Autoruns (https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) to get a list and export. It will help us figure out what might be going on with your system and develop a solution to fix it.
Creation for a Macrium boot Menu option with Ransomwareoff active fails. Macrium abends with errors during this process. I also tried it for Minitools Shadowmaker and although the programs created a boot menu option, I was not able to boot into their restore environment. Minitool did not report any problem during the addition of the boot menu option while Macrium abended during the addition of the boot menu option. To be able to successfully create a boot menu option for (at least) both products, RansomwareOff needs to be exited completely. Only then a boot menu option could be created and you can boot in the selected restore environment.
Thanks....but Minitool was able to create the boot menu option, Macrium got stuck somewhere in the middle of the process to create a bootable rescue media...so was not even touching the MBR.
And obviously no alerts from RansomOff? Could you try it again but this time add the removable drive to the Folder Protections under the 'Deceive' tab? And then exempt either Macrium or Minitools (you'll have to make sure you exempt not just the UI but any associated services as well). If that works without any issues then we have an idea of the root cause.
Hi, no Alerfts from RansomOff With the USB drive (g added to the Decieve tab, it runs fine As soon as I remove it and try to Rebuild the Rescue Environment, it abends again with the following information: ImageX Tool for Windows Copyright (C) Microsoft Corp. All rights reserved. Version: 10.0.10011.16384 Mounting: [c:\boot\macrium\WA10KFiles\media\sources\boot.wim, 1] -> [c:\boot\macrium\WA10KFiles\mount]... [ 0% ] Mounting progress Error mounting image. The user attempted to mount to a directory that is not empty. This is not supported. Unmounting the Wim - 12-Jul-17 17:08 ==================================== ImageX Tool for Windows Copyright (C) Microsoft Corp. All rights reserved. Version: 10.0.10011.16384 Committing: [c:\boot\macrium\WA10KFiles\mount]... Unmount Error: Did not find an image mounted to [c:\boot\macrium\WA10KFiles\mount]. Hope this helps....
I have already tried that but no joy. thanks anyhow. Tried the RC1 and still the same problem (just in case.)
Why do i get windows explorer coming up as blocking other windows PID 1888 window notification? I would of thought that was excluded automatically? I did try to exclude it nevertheless but i couldnt find it in the "C:\Windows\system32\" directory.
RanSim is designed test ransomware defenses and doesn't encrypt actual data. So it is a good way to test RansomOff's effectiveness. While it is a legitimate product you should always take precautions, such as running in a VM or using something like Shadow Defender, if you are not fully confident. As for the top most window detection notification against Explorer, there could be a variety of reasons so it's hard to say exactly why without understanding more about your system. The top most detection is also a bit sensitive which is why it is not checked by default.
@HeiDef,I think you should change the name of RansomOff to MalwareOff,since it's not just an anti-ransom software anymore.
Thanks for the suggestion. RO's core detection methods are really focused on identifying ransomware behaviors (encrypting data). While it does have some mitigations and protections against common malware techniques it's not designed to detect the wide range of things that could be considered malware. So while MalwareOff is a good name, it would give users the wrong idea of the level of protection it's really designed for.
