Isn't this the problem with behavioral monitoring tools that look for suspicious file modification? They are never able to block all files from being modified, but some tools like HMPA have the ability to rollback files, but I'm not sure how it works. But can you give a bit more info about how EIS handles this? This sounds weird, because when you click on block, it should suspend the process, and all encryption should be stopped, I don't see why only the files on the C drive are saved, so looks like a major bug to me. Yes indeed, but they should have done more testing, but this can also lead to bad press. I do think they are on the right track though. Did you already test it? About the company, the website looks cool, and they do at least provide info about how they try to tackle malware, in contrary to other companies, who only say "we use AI", if you catch my drift. https://www.cybereason.com/malicious-activity-models/
Having seen cruelsisters tests and results I've uninstalled it, I will contact and invite them to join the discussion here (although they are probably aware of it) and let us see what they have to say
I've left a "tweet" on their account for them to respond to this thread (although I'm sure they're aware of it) its odd that they don't have a email for customer inquiries on their site (I couldn't find one)..They're based in the USA and UK.
If I got hit with ransomware, I think I'd much rather have it than nothing, unless somehow it is causing some kind of damage itself, and I haven't got that kind of impression. Someone above said they uninstalled it, so I take it that went without issue and didn't leave a bunch of junk on your system?
You rather uninstall it, instead of having a false sense of security. Although I do not feel at risk, I have HMP.A to protect me. Otherwise KAR would be my choice.
I'll stick to firms with time-tested, proven track records. I think the eye-catching term "ransomware" is overused for marketing purposes, which is ironic considering the subject. No more than a curiosity for me at this point, haven't seen the video either.
So you believe you're safer without it than with it? That doesn't make a whole lot of sense to me. It's not like I'm likely to take more risks because I have it installed, than I am to drive like an idiot because I have seatbelts.
I think what was meant, was why use a product that isn't reliable then one with a proven track record
Oh okay. Thanks. The reason I would; like Hiltihome I also don't feel at high risk with other protections (but no specific anti-ransomware), backups and fairly safe habits. I'm not familiar with HMP.A and such, but I don't see the need to pay for more protection, but figure a free solution like RansomFree might add another layer of protection without more costs. Besides, I don't trust any of them 100%. I had seen someone claim that they feel safer without any AV at all because it provides a false sense of security, and that's what I was thinking was meant. I'd still like to know that once it's installed that it can be uninstalled cleanly.
I just reinstalled and uninstalled cybereason using its standard uninstall utility and found 1 folder remains: C:\Windows\System32\config\systemprofile\AppData\Local\Cybereason And that's just a small config file, I didn't bother checking for reg entries. Edit, nothing found in Device manager: Hidden Devices.
Also, even though I'm wary of installing multiple security products because I'm aware of the conflicts two AV products or firewalls will cause, it appears that this might could be used along with other anti-ransomware, possibly giving still a little more protection, assuming no other performance hits. Not that I know enough to recommend doing so.
When install finishes... Okay but I think this is too much... Spoiler Going to search where else they dropped folder and files that big.
The folders the product creates will be randomly named and usually at the top of the C drive. They are the Honeypots- too bad some ransomware do not have a sweet tooth. Boredog- Glad you liked the song. He knew he was dying when he recorded it. Occasionally the extremely raw can be extremely beautiful.
Been thinking about why this product failed when multiple drives are installed. Appears the developers assumed ransomware would always begin its encryption activities on the OS installed drive. As such, the software would detect such activities though use of its honeypots and shut down the ransomware prior to its attempts to encrypt the other local drives. Appears some ransomware actually start their encryption activities on non-boot drives prior to doing same on the boot drive? Makes sense to me since less chance of being detected by security software on the non-boot drives. Has anyone tested to see if the product will detect ransomware activity against network drives as claimed?
What if we copy this random files (Honeypot) to others drive we want to protect (D:, E:, Z:,...), should this program work fine then
Not a sensible suggestion for the average user who often wouldn't know whether they're using a non-system partition or not. Better that the developers address this issue directly.
Seriously. I was looking at their websites and they seem to invest a lot of money, resources, the hype about military grade stuff, etc., still I can't conceive why they did these huge mistakes in their design.