Has anyone tested recently to determine if AppCheck can still be easily suspended/terminated? This was my primary issue with the product.
I don't enable it ever, even after leaving a shadowed session. Thing is I need to start my machine and update my trusted programs then I enter shadow mode again.
Why did I know you might say that? Not gotten around to that one yet but it looks like that could be something of serious concern if so easily dismissed. We all know there are some coders, especially the more forceful one's who zero right in (scan code) on certain security products to make quick work of disabling them. AV's used to take it like that on the chin all the time before they stiffened up.
My take on this is if ransomware isn't already disabling these standalone anti-ransomware solutions, it will be doing so soon. It might leave the obscure anti-ransomware solutions like AppCheck alone or, maybe all the products marketed to the home user market since the malware developers primary targets are corps. that will pay up w/o fuss. On the other hand, with RaaS being increasingly used, just a matter of time till the kit builders just target anything that is stand alone anti-ransomware.
I was runinng AppCheck briefly, but it was causing issues with Unchecky, so I uninstalled it. I thought it was a nice tool to try, but the reality is that I have backups I can use to restore my files from in the highly unlikely situation I get hit by ransomware.
Ah, ok You are leaving the Shadow Session for updating applications, then you are quickly switching back. According to the changelog, a self-defense was added to AppCheck in Dec. 2016, but i'm not sure what kind of self-defense.
Easy to test. See if it can be suspended or terminated using Process Exporer. Also check if its installation directory contents can be accessed and modified. Additional tests would be modification of the registry keys it uses.
Correct, but none of the security tools like AV/AE/HIPS/Sandbox can give this. I'd rather have a tool that at least tries to put up a fight, but of course you should always make back ups. But I believe most people don't.
AppCheck v2.0.1.10 Released (18 May 2017) https://www.checkmal.com/page/product/appcheck/ Download: https://www.checkmal.com/download/AppCheckSetup.exe
Due do the WannaCry Ransomware, corporate customers can get AppCheck Pro/AppCheck Pro for Server/CMS for free (for a limited time):
Yeppers, looks like the internal updated is not working or the update is not where it thinks it is/should be. So downloaded & updated manually...with no issues.
AppCheck v2.0.1.11 Released (19 May 2017) https://www.checkmal.com/page/product/appcheck/ Download: https://www.checkmal.com/download/AppCheckSetup.exe
Mine has updated to 2.0.1.11 a few days back, as mood has stated it can take upto 24hrs to auto-update.