@Ikko Yi I perfectly understand what you've said regarding life-time licenses, and I certainly don't blame you at all... I would most likely take the same approach if I was you. Maybe in the distant future when business is booming you might re-consider? (obviously not at this moment for the reasons you mentioned).
Salutations/Greetings! Do you have a family plan for those who have at least 5 PC"s? Making it easier on their pocket book? Kind regards,
Well, and it was all going so well. Since the latest update to v2.0.1.2AppCheck has been turning off. By that I mean that the service has stopped as one is asked if one wants to restart it when clicking on the Real Time Protection button. I have checked the Event Viewer and this is recorded as follows: - System - Provider [ Name] Service Control Manager [ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4} [ EventSourceName] Service Control Manager - EventID 7034 [ Qualifiers] 49152 Version 0 Level 2 Task 0 Opcode 0 Keywords 0x8080000000000000 - TimeCreated [ SystemTime] 2017-02-14T22:23:24.812743500Z EventRecordID 23800 Correlation - Execution [ ProcessID] 824 [ ThreadID] 1300 Channel System Computer Dellilah Security - EventData param1 AppCheck Anti-Ransomware Service param2 11 41007000700043006800650063006B000000 Binary data: In Words 0000: 00700041 00430070 00650068 006B0063 0010: 0000 In Bytes 0000: 41 00 70 00 70 00 43 00 A.p.p.C. 0008: 68 00 65 00 63 00 6B 00 h.e.c.k. 0010: 00 00 .. I have checked to see if I can find a cause; other security app, etc., but nothing else appears to be contributing...at least not obviously. Has anyone else seen this behaviour? Regards, Baldrick
Baldrick not sure if this will help but it shows how to change the recovery option for the service that is stopping. https://technet.microsoft.com/en-us/library/cc756320(v=ws.10).aspx
Hi, cruelsister. Do you mean, recover the files within "(DriveLetter):\Backup(AppCheck)" ? AppCheck would recover files automatically if it confirms the process was ransomware, but if not you could do it manually just by copying files to folder. If I misunderstood your question, can you describe me with more details?
Of course, I will. Those decisions are made when we start the company, but when the business changes, we must as well.
Hi Ikko- sorry for the delay in my response. Yes indeed, recovery can be done manually as I pointed out in my video(s). But this process may be confusing to some with little computer knowledge. Having a button that when clicked can do this recovery automatically would be a great addition. But as I said previously, it is easy for me to say as I don't actually have to do the coding! But thank you for a product that actually understands rasnsomware!!!!
I'm completely green to this kind of thing, but would it actually be that hard to code a check between the files, sizes, and file extensions of one folder versus another, and copy the difference back to the original folder?
Appreciate the examination into that one @Peter2150 watched compete with interest. Cheers and also warm welcome @Ikko Yi
AppCheck seems to drop a Backup(AppCheck) folder into every USB or internal drive/partition, even C:\ too, even though I've added to exceptions. No good at all.
Not surprising. AR backup is required to protect critical files from being locked during a ransomware infection.
These exceptions are for the "Auto Backup"-feature of AppCheck "\AutoBackup(AppCheck)" But the files in "\Backup(AppCheck)" are created by the "Ransom Shelter"-feature and it is protecting "all" partitions by default.
The only issue with that, which is kinda big, is every time the user added to or updated a file or folder AppCheck would in effect restore or replace it back to the original, and that would get old really fast brother. lol
I think one of the tests that does not happen is InsideCryptor. If I remember correctly. Among some others.
AppCheck appeared to be causing issues with Unchecky, and another program that works the same as Unchecky. When I would open an installer which included third party offers, the Start Menu and Desktop would freeze for a number of seconds, after which Unchecky would do its work, and uncheck any 3rd party offers. With AppCheck uninstalled, Unchecky works right away.
So, I'm testing this software since yesterday, someone please helps me understand: 1) The "Backup(AppCheck)" folder is protected against any ransomware? Only AppCheck can modify that files? How much big this backups can get? 2) AppCheck uses any signature-based detection method? 3)There is any harmless test that can be done to see AppCheck working?