AppCheck by CheckMal

Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.

  1. guest

    guest Guest

    I don't know why these files are created on C: but normally files which are modified/deleted on D: should appear in the folder D:\Backup(AppCheck)\ (or at least on the same partition on which these files are being modified)

    At the time of file modification it is acquiring more information and if AppCheck is detecting "abnormal behavior" it is copying the file to the Ransom Shelter and continues to monitor the file modifying process.
    In the case of Ransomware it can easily restore damaged files.
    The "disadvantage" is, files modified by the user or by legitimate applications might also appear in the Ransom Shelter.

    But not all modified files with a "protected extensions" are sheltered. If the CARB engine can't see "abnormal behavior" it doesn't even copy the file to the Ransom Shelter.
    Sometimes it "needs more time" to analyze it, copies the files to the shelter and is then monitoring the file modifying process.
    You/(the email program) probably have modified these files else they wouldn't appear in the Ransom Shelter.

    "I have 5 .pst files. Why only 2 (or 3, I do not remember) of them were backupped?"

    Only modified files are backupped (but not all, it depends - see above), other unmodified files are not copied to the Ransom Shelter.

    Is the email application copying the .pst file to a temporary directory (located on C: and is then modifying it?
    This could explain why AppCheck is copying the file to C:\Backup(AppCheck)\ and not to D:\Backup(AppCheck)\
     
  2. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    157
    Location:
    Belgium
    Email app is Office Outlook. The program is located in C:, the mail folder, for all the .pst files, is on another partition. So the presence of backupped files on C: remains unclear.
    I understand, though it remains a little bit 'mysterious' !
    Thanks to help me to understand this tool.
    So far I'll stay without shelter, my risks are small. And the cohabitation with Ransomfree is peaceful and gives me an extra layer of security.
     
  3. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Salutations/Greetings!

    AppCheck Version 2.4.10.1 is this the up to date, version? As of today?

    Thanks'!

    Moose
     
  4. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Yes it. You're welcome.
     
  5. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
  6. guest

    guest Guest

    AppCheck v2.4.10.3 Released (03 Mar. 2018)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  7. guest

    guest Guest

    AppCheck v2.4.11.1 Released (15 Mar. 2018)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
    Last edited by a moderator: Mar 15, 2018
  8. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    I'm experiencing difficulties with this version, the PC work slowly and hardly. With previous versions everything works OK.
     
  9. guest

    guest Guest

    AppCheck v2.4.11.2 Released (16 Mar. 2018)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Exactly, there was such a problem.
     
  11. guest

    guest Guest

    AppCheck v2.5.0.1 Released (28 Mar. 2018)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  12. guest

    guest Guest

    [Notice] AppCheck 2.5.0.1 Update : Added Cleaner feature
    Announcement
    20183365517_editor_image.png 2018325617_editor_image.png 20183385617_editor_image.png
     
  13. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    It has a cleaner now that scans and auto cleans and removes any bad stuff it finds. That sounds kind of scary to me, so i unchecked everthing that it could scan for.
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Hmm ... yes, I agree auto-clean, without the option to 'uncheck', is not for me. So I have done the same.

    I did run it for a short while, but then stopped it when I saw some of the (unknown) stuff it said it would remove ...

    Though as long as the clean is manually intitiated only, without any automated scheduling, one should be OK.

    I think they may be making a mistake by adding too much functionality to what was intitially a dedicated anti-ransomware app only. I had unticked other protection options (exploit, MBR) also, as I have this covered by HMPA.
     
  15. guest

    guest Guest

    Malware/Ransomware might have modified the registry in a malicious way and these modifications can be removed now. Now malware/ransomware is removed "fully".
     
    Last edited by a moderator: Mar 28, 2018
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    OK, that makes sense mood. But can you confirm ... there seems to be no way of 'unchecking' an item marked for removal?
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Interesting stuff, at the moment I'm not using any scanner at all, so I could use this. Let's hope it will remain stable.

    They should indeed stop with adding more features, but if it remains stable and if you can turn things off, then it's fine with me.
     
  18. guest

    guest Guest

    If it finds something it will be removed automatically.
    You have the choice to untick certain options prior running of the cleaner but yes, there is no screen like: "do you want to clean these detected items? (yes/no)"

    The average user might not even know what "HKLM\System\CurrentControlset\Services\AppztestZ" means and can't decide if certain items should be removed or not.
    Can be one of the reasons why they have decided to have AppCheck clean detected entries automatically (no further action is required by the user)

    ...but nevertheless a confirmation prompt or something similar could be useful (for reviewing of all detected items / for deselecting of wrongly detected items)
     
  19. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Has no one spotted the following 2 lines below? They might reassure users:

    "You may find out more information about the scanner results after the scaning process is completed. This can be found in the threat log of AppCheck tool, which also provides restore function for removed items."

    Regards, Baldrick
     
  20. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I don't see any restore function for the 4 things that were removed from my registry before i had a chance to cancel the scan.
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    You are right. Right click task bar, Tools>Quarantine, right click item gives an option to restore.

    Edit: After imaging, ran a series of scans, ticking extra options each time. Removed 16 items altogether (adware, plus I suspect some 'benign' malicious applications and system modifications), but all seems OK so this new feature looks usable.
     
    Last edited: Mar 29, 2018
  22. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    129
    Location:
    LA
    Not for me. I ran a scan and it deleted 4 registry items but there was nothing in Quarantine for me to restore.
     
  23. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Same thing happened to me. Soon after the scan started, it showed that 4 registry keys were removed without asking me about it.
     
  24. guest

    guest Guest

    AppCheck v2.5.1.1 Released (30 Mar. 2018)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  25. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    512
    Location:
    Bulgaria
    AppCheck v2.5.2.1 Released (06 April 2018)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe

     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.