AppCheck by CheckMal

Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.

  1. mWave

    mWave Guest

    @Ikko Yi I perfectly understand what you've said regarding life-time licenses, and I certainly don't blame you at all... I would most likely take the same approach if I was you. Maybe in the distant future when business is booming you might re-consider? (obviously not at this moment for the reasons you mentioned).
     
  2. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Salutations/Greetings!

    Do you have a family plan for those who have at least 5 PC"s? Making it easier on their
    pocket book?

    Kind regards,
     
  3. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Well, and it was all going so well. Since the latest update to v2.0.1.2AppCheck has been turning off. By that I mean that the service has stopped as one is asked if one wants to restart it when clicking on the Real Time Protection button.

    I have checked the Event Viewer and this is recorded as follows:

    - System
    -
    Provider
    [ Name] Service Control Manager
    [ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4}
    [ EventSourceName] Service Control Manager
    - EventID 7034
    [ Qualifiers] 49152
    Version 0
    Level 2
    Task 0
    Opcode 0
    Keywords 0x8080000000000000
    - TimeCreated
    [ SystemTime] 2017-02-14T22:23:24.812743500Z
    EventRecordID 23800
    Correlation
    -
    Execution
    [ ProcessID] 824
    [ ThreadID] 1300
    Channel System
    Computer Dellilah
    Security
    -
    EventData
    param1
    AppCheck Anti-Ransomware Service
    param2 11
    41007000700043006800650063006B000000
    Binary data:

    In Words

    0000: 00700041 00430070 00650068 006B0063
    0010: 0000

    In Bytes

    0000: 41 00 70 00 70 00 43 00 A.p.p.C.
    0008: 68 00 65 00 63 00 6B 00 h.e.c.k.
    0010: 00 00 ..
    I have checked to see if I can find a cause; other security app, etc., but nothing else appears to be contributing...at least not obviously. Has anyone else seen this behaviour?

    Regards, Baldrick
     
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
  6. Ikko Yi

    Ikko Yi Registered Member

    Joined:
    Feb 9, 2017
    Posts:
    15
    Location:
    Seoul, Korea
    Hi, cruelsister.
    Do you mean, recover the files within "(DriveLetter):\Backup(AppCheck)" ?
    AppCheck would recover files automatically if it confirms the process was ransomware, but if not you could do it manually just by copying files to folder. If I misunderstood your question, can you describe me with more details?
     
  7. Ikko Yi

    Ikko Yi Registered Member

    Joined:
    Feb 9, 2017
    Posts:
    15
    Location:
    Seoul, Korea
    Of course, I will.
    Those decisions are made when we start the company, but when the business changes, we must as well.
     
  8. Ikko Yi

    Ikko Yi Registered Member

    Joined:
    Feb 9, 2017
    Posts:
    15
    Location:
    Seoul, Korea
    Not yet, but we discussed it last year. So far, we are looking for the right timing.
     
  9. mWave

    mWave Guest

    Great! :)
     
  10. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Hi Ikko- sorry for the delay in my response. Yes indeed, recovery can be done manually as I pointed out in my video(s). But this process may be confusing to some with little computer knowledge. Having a button that when clicked can do this recovery automatically would be a great addition. But as I said previously, it is easy for me to say as I don't actually have to do the coding!

    But thank you for a product that actually understands rasnsomware!!!!
     
  11. guest

    guest Guest

    I'm completely green to this kind of thing, but would it actually be that hard to code a check between the files, sizes, and file extensions of one folder versus another, and copy the difference back to the original folder?
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Appreciate the examination into that one @Peter2150 watched compete with interest.

    Cheers and also warm welcome @Ikko Yi
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    AppCheck seems to drop a Backup(AppCheck) folder into every USB or internal drive/partition, even C:\ too, even though I've added to exceptions. No good at all.
     
  14. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    Not surprising. AR backup is required to protect critical files from being locked during a ransomware infection.
     
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Got to be another way if I'm not interested in protecting those drives/partitions.
     
  16. guest

    guest Guest

    These exceptions are for the "Auto Backup"-feature of AppCheck "\AutoBackup(AppCheck)"
    But the files in "\Backup(AppCheck)" are created by the "Ransom Shelter"-feature and it is protecting "all" partitions by default.
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Thank you.
     
  18. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    It does not pass all tests of RanSim.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Which ones? Curious to learn which ones it fails on.
     
  20. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    The only issue with that, which is kinda big, is every time the user added to or updated a file
    or folder AppCheck would in effect restore or replace it back to the original, and that would get old really
    fast brother. lol :)
     
  21. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    I think one of the tests that does not happen is InsideCryptor. If I remember correctly. Among some others.
     
  22. guest

    guest Guest

    AppCheck v2.0.1.3 Released

    Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  23. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    AppCheck appeared to be causing issues with Unchecky, and another program that works the same as Unchecky. When I would open an installer which included third party offers, the Start Menu and Desktop would freeze for a number of seconds, after which Unchecky would do its work, and uncheck any 3rd party offers.

    With AppCheck uninstalled, Unchecky works right away.
     
  24. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    So, I'm testing this software since yesterday, someone please helps me understand:

    1) The "Backup(AppCheck)" folder is protected against any ransomware? Only AppCheck can modify that files? How much big this backups can get?
    2) AppCheck uses any signature-based detection method?
    3)There is any harmless test that can be done to see AppCheck working?
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499

    https://www.wilderssecurity.com/thr...-simulator-test-and-discussion-thread.390947/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.