WinPatrol WAR (formerly WinAntiRansom)

Discussion in 'other anti-malware software' started by haakon, Dec 17, 2015.

  1. haakon

    haakon Guest

    I'll quote you on that because you assume wrong.

    WAR protection has no dependence on the Internet. No signatures/definitions. No cloud.

    Full time connections are to the local proxy, not the Internet.

    There are occasional connections to the Internet to check for program updates and licensing, an exchange worth about 200-300KB.

    In my region, they're mostly to SiteLock, GlobalSign and Akamai.
     
    Last edited by a moderator: Oct 16, 2016
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Haakon

    you are probly right. I was just looking at win 10 resource monitor not an actual firewall log. I haven't used a firewall besides win 10's in along time. maybe I will install one and check it out.
     
  3. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    I noticed that too, in TCPView it's constanty sending packets to 0:0:0:0:0:0:0:1, though I'm not really sure why. I've had the TCPview open for a few minutes and the number is already in the tens of thousands.
     
  4. haakon

    haakon Guest

    Having finally figured out how to do it, with agonizing detail Britec09 tests WAR again...

    Ransomware:
    https://www.youtube.com/watch?v=fymyzxNJ-g0
    Malware:
    https://www.youtube.com/watch?v=RXMrtwxmpTM

    It's also an anti-DLLable. ;)

    WARdllDetect.jpg
     
  5. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    176
    Seems WAR has really improved . I am testing on one of my computers and so far it has worked well , no more stalling system , scans quickly on update . Like the fact it detects malware as well as ransomware .
     
  6. haakon

    haakon Guest

    Black Friday Sale - 65% off Licenses
    Good thru Cyber Monday (Nov 28 )

    ANNUAL
    Single $6.98 USD
    3 User $8.73
    5 User $10.48

    https://www.winpatrol.com/products/

    LIFETIME
    Single $54.95 USD
    3 User $69.95
    5 User $84.95

    https://www.winpatrol.com/lifetime/
     
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Haakon

    is there a way in the gui to see if we have a lifetime already?
     
  8. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  9. haakon

    haakon Guest

    "False positives, flagging valid programs as malicious, break down the user's trust in the accuracy of the antivirus."

    Um, no.

    Once again another assertive security application is unkind to Neil's precious and "valid" "collection of utility programs once published in PC Magazine."

    "I'm not a fan of security programs that leave ... decision to the user."

    Yawn.

    "WinAntiRansom only offered to quarantine 78 percent of the samples."

    All WAR has to do is block 100% of ransomware.

    WAR is "companion" software and it's unjust to throw in comparisons to full-blown suites. Like, Avira blocked 95%. Could WAR have taken up its 5% slack? Or Norton's 2%? Or Webroot's "much better"? We'll never know as that scenario will never get tested.

    (I'm using WAR with MBAE Premium for BDIS 2017. There's nothing Aunt Petunia or Cousin Billy Bob can understand within such a construct. Anything fully automatic and silent we give them will always be at risk.)

    "To be fair, it's possible that some of those missed files simply hadn't started their malicious behaviors."

    OK. Fairness is good. But were any of the samples that failed detection ransomware??

    Some early versions of WAR crashed for me but it's been months since that's occurred.

    "Needs work." Granted. But over the years one might say the same of many of Neil's reviews.

    He's right about the skins, tho.

    I was hoping for better than two stars and this review isn't compelling enough to motivate an uninstall.

    But I can expect the developers are committed to WAR's improvement.

    4.25 stars IMHO.

    EDIT:
    "I tried to test Network Lockdown by surfing the Internet with my hand-coded tiny browser. However, WinAntiRansom identified it as malicious. The only way I could run it was to mark it as trusted, at which point it was no longer subject to Network Lockdown. Likewise, I thought I could test SafeZone using a tiny text editor that I wrote myself, but WinAntiRansom quarantined it."

    He could have probably done some more testing by enabling manual without easy mode whitelisting in settings and adjusting the permissions for his browser and editor accordingly. However, one would not expect this level of attention in this spectrum of testing.

    WARmanualEasy.jpg
     
    Last edited by a moderator: Nov 21, 2016
  10. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    "WinAntiRansom only offered to quarantine 78 percent of the samples."

    With some ransomware this is Kinda-Sorta true, but of absolutely no consequence and the comment is rather deceptive. For example, with a MirCop it will not quarantine the original malware file, but WILL quarantine the spawned daughters that actually do the dirty deed. Another would be a dll dropping Locky- the original Locky will remain, but the malicious dll will be quarantined prior to it being activated by rundll32. In neither case was there any system damage.
     
  11. Terabytes

    Terabytes Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    17
    Location:
    United Kingdom
    Installed WAR on my daughters PC in her bedroom a couple of months ago, she's 16 & a half & she has absolutely no idea what to do when it flags a program up, she get so used to allowing next time & as every time it's flagged a program it's been false that the value of the program is limited - For me it works quite well but does flag just about any harmless update I apply as performing a ransom like action. WAR flagged WinPatrol (updated program) the other day as performing a ransom like action & that's a product from the same company.
     
  12. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    That was also my experience when I gave WAR a trial a few months ago.
    https://www.wilderssecurity.com/threads/winantiransom-plus-thread.382364/page-15#post-2608071
    In my case it flagged up downloads for AdBlock Plus and Revo Uninstaller.
     
  13. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    One has to wonder if there is actually not so much behavioral detection happening and instead a "ransom like action" popup is issued indiscriminately for every application, which is not in their whitelist yet.
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    yea and appguard and voodooshield do the same thing. appguard is usually the quickest to alert over WAR, Voodoo. and so when I install something I go into shadow mode and turn it all off. which would not that fun for a 16.5 year old. because once you go out of shadow mode all info written to disk is gone.
     
  15. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Just bought at the current discount!....Like the ideology and the excellent reviews everywhere but boy, does it cause a boot lag on my win 7 x86 laptop!
     
  16. haakon

    haakon Guest

    Yeah. I've gotten into the habit of selecting stop protection from the tray icon for manual updates and new app installs.

    The alternative is to select "Run program as whitelisted..." and selecting the target exe.

    I remember the times I ran the WAR pre-releases as an update over a previous version, e.g. winantiransom-setup-2016.8.533.exe, WAR would evoke a pre-emptive strike. The published installer is always winantiransom-setup.exe.

    Installers that build executables in system or user temp/tmp variables often suffer as well. msi distributions too.

    Another concern is a stopped WAR does not span a restart. The only way to do that is to temporarily move the Tray Application shortcut out of Start (or disable it in msconfig or another utility) and stop and disable the WARSvc and WARWDSvc services.

    When running Windows Update or updating products like Bitdefender I stop WAR and its "self-unstop" has never been an issue after a restart.

    As well, in-app auto updates (like MBAE and Revo Pro) so far were never bothered either.

    I trust WAR might eventually become more user friendly and surely the developer is aware of this need in the marketplace.

    Bottom line: The superior (aka Neil's "good") level of protection offered by WAR against the most dangerous menaces ever to arrive in the threats landscape significantly outweighs the occasional annoyance of a popup.

    Obviously, our innocent and illiterate users will need direction/intervention if we choose for them or offer them Something Else.

    Power users should deal with it or go with that Something Else.

    She's no trouble now. But just wait until she's 16 & three quarter! :D
     
    Last edited by a moderator: Nov 21, 2016
  17. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    holy **** at that inflation, I paid 1/4 of that for my lifetime earlier in the year.
     
  18. Terabytes

    Terabytes Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    17
    Location:
    United Kingdom
  19. haakon

    haakon Guest

    Things will be different after the revolution.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    This does indeed sound a bit weird, perhaps WAR is way too sensitive. But this also makes me believe that it's not simply looking at if a file is signed or not. It probably does look at several behaviors, the problem is that a lot of legitmate apps also perform them. So the only way to solve this, is to implement a trusted publishers list, like most HIPS like SpyShelter, Zemana and Comodo have done.

    Well that's the question, but I can't imagine this being true, I mean wouldn't the false positives be massive then? From what I understood, it only white-lists certain folders like C:\Windows and C:\Program Files, I'm not sure if it auto-allows trusted publishers. I do believe it's probably watching for certain things that all behavior blockers monitor, like code injection, execution of system processes, and auto-run modifications.
     
  21. Terabytes

    Terabytes Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    17
    Location:
    United Kingdom
    I have to say it's mainly on installs & updates I get pop up warnings. This seems to occur with almost everything, but that's about it. It's never flagged any Microsoft updates though & for me the program works well & although the review above wasn't wonderful it' IMO worth running & I got a lifetime license so happy. The only issue I have is to recommend use by those who don't have any knowledge of PC's as my volume of phone calls would increase greatly, & been there before :)
     
  22. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    I also purchased lifetime license,a while back ,and while I tried to like WAR I just cant overlook quite a few problems with it.As Ive already posted, it allowed execution of malware that was downloaded via a download manager which happened to be whitelisted.The last time I installed WAR ,this flaw had not been addressed.The pop up warnings ,also, were too many for programs that were not malicious.It spent a lot of time being disabled ,as I like to try new programs.I don't have it installed currently for these reasons .For me it needs a bit of work to get it mainstream.
     
  23. schmidthouse

    schmidthouse Registered Member

    Joined:
    Aug 18, 2015
    Posts:
    26
    Location:
    Sunny Okanagan Valley Canada
    Anyone have MBam 3beta and WinAntiRansomware installed together?
    Any conflicts??
     
  24. Tomin2009

    Tomin2009 Registered Member

    Joined:
    Sep 13, 2012
    Posts:
    94
    Anyone can get this version?
     

    Attached Files:

  25. guest

    guest Guest

    https://data.winpatrol.com/downloads/winantiransom-setup-2016.11.598.exe
    Edit: It's not a release version. Use at your own risk.
     
    Last edited by a moderator: Dec 1, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.