Hey Moose. Sorry you are having troubles again. You just can't seem to catch a break with RansomOff. For the three that are slow booting, can you quantify that a bit? Are we talking minutes to boot or maybe just 10's of seconds? For the other two, you shouldn't have to reinstall if you can boot into Safe Mode and use the system restore point that the RO installer creates. But this sounds like an MBR driver issue. RansomOff did install properly on those two without any errors correct?
@SIR****TMG. Thats why its called BETA TESTING....... Really.........? @boredog, Backups would not work! Had 2 Backups on each PC! AOMEI Backupper Professional QILING Disk Master Professional @HeiDef, For the three that are slow booting, can you quantify that a bit? Are we talking minutes to boot or maybe just 10's of seconds? Answer 4 minutes! RansomOff did install properly on those two without any errors correct? Yes! Correct! Also, the system restore was damage and would not open to any restore points on the one computer. Any thoughts? Work on the other computer!
Hi Moose World I know with AOEMI, you have to do a full System Image. The disk image so called doesn't capture the partition information, and a restore wouldn't work if the mbr had been damaged..I am not familiar with Disk Master Professional Pete
On second thought, either make mbr protection optional or remove it. If it leads Windows to fail to boot, its like no protection at all. HIPS-style protection would be much more effective without making changes to the mbr.
I don't have it installed right now, but IIRC correctly, you can untick it. Maybe Moose has two softs protecting MBR, e.g. also HMPA, and that caused a conflict? Edit: I think I was wrong that MBR protection was togglable here, as they have subsequently made it optional on install and togglable in a later version. Must have been confusing that setting with AppCheck.
The Not true. I have everything I use to protect my Win 7 machines on a friends win 10 machine that is up to date with CU. No issues at all
You need to start keeping full backups on a bootable DVD or USB stick. AND if those backup programs didn't come through for you , you need to start using another option. Marcuim Reflect free works great on my Win 10 machine.
The problem on some of the apps is it's confusing. I always assumed with AOEMIE that the disk partition backup would catch everything, but it doesn't, you need to do a system backup if you want the disk/partition structure.
Having (weird) issues installing RansomOff v5.2017.139.8295.BETA.x64: I tried installing it twice (1st time normal, AVG DeepScreen picks the installer and a .exe up, after 15 seconds of monitoring releases them as clean), 2nd time with granting it Admin Rights by context menu (it is a Admin account actually) and having AVG Internet Security (latest) completely turned off. Each time it asks to reboot once I close the installer. It does install flawlessly (fails on creating a restore point however, heck now's why), successfully excludes AVG and WD locations. Spoiler: Installation But: I've neither an AutoRun nor can I ran the app (nor does it appear in Task Manager). I do not find it in Start either? Spoiler: AutoRun / Services / Start Menu I can confirm @Moose World 's issue with the longer boot time, on my machine about 30sec - 1 min longer boot time (my laptop employs an SSD where Win10 has been installed on and has been refreshed on Sunday).
@NormanF, @paulderdash @ Peter2150, @boredog @DreamsandVisions Sorry, if I miss anybody!!! Appreciated the suggestions and implementing with great thought. So that this will never happen! Even if the mbr is missing, bsod ect....Suggestions anyone? Looking at the following for backups/images ect.... http://www.drive-image.com/ https://www.macrium.com/reflectfree and paid https://www.storagecraft.com/ http://www.drivesnapshot.de/en/down.htm Remember, I have 5 computers. Could you include a link,please?
Hey @DreamsandVisions, We've seen the restore point fail on some systems. That why it prompts for confirmation to continue if it does fail. It can fail for a variety of reasons from lack of disk space to system restore not being turned on or some of the required services not running. RansomOff is not designed to be run outside of boot which is why there is no start menu or desktop icon and why you can't just go run the processes in the folder. This is because RansomOff keeps it's own system state information and it is really only valid if it gathers this information when the system boots. Running the processes arbitrarily will reduce its effectiveness. In your one image you show the task list and it's scrolled down to the R's but the service will display as 'Heilig Defense RansomOff' so we can't tell if the service is actually running or not. Can you confirm that the service is running? The service is what is responsible for then opening the UI component. And again we can't tell from your screenshots if that has been loaded or not. There will inevitability be some startup slowdown because of RansomOff having to verify the processes that are loading. This is to prevent boot time ransomware from being able to encrypt data before other components can load. One minute does seem a bit long though. We could turn boot time protection into an option but obviously at the potential cost of missing an attack. We should be releasing an update here shortly. Just finishing up some final testing. This update not only fixes the BSOD issue from the last release but also has a few other stability fixes.
We just posted version 5.2017.144.10111 (Beta). This was a tough one because of the BSOD issue that was introduced during the last update. It was tough because we couldn't recreate it ourselves but many thanks to @cloggy49 and @paulderdash for their efforts getting us a memory dump. So that bug should now be fixed. For this release we made the MBR protection optional during installation and toggle-able while running. A reboot is required for the change to take effect though. Additionally, we made it possible to apply an update manually instead of automatically. So now you'll be notified that an update has downloaded but given the option to apply it. There were a couple of other things we didn't get to in this release based on some feedback but in the future we will get to them. And we'll look to see how we can improve boot time.
HeiDef-Good Luck with this new release. I know that you been over this same ground before but if you could expound on it once more for clarity. In Folder Protections, when adding at least (1) process exemption for a user's preferred folder(s) protection to kick in, it is also necessary to make sure to add a new process (Exemption) from within that same folder PER EACH (NEW) FOLDER added. With such as this new development as RansomOff is, and aware of quirky window behavior sometimes, I want to make clear the choice this setting expects especially for new users maybe trying for a first time in order to help them avoid any confusion with that.
As you said, each protected folder requires at least one process to be added which can still access the data. This is arbitrary but was done to act as a safety mechanism to make sure you can access your data via some program (although you can also just switch RansomOff protections off). When adding folder protections, the folder icons will indicate the status of that particular protection so you can quickly see which ones are on, off or invalid. Not quite clear on your second point about folder protections. Could you explain what you mean again? Thanks.
Sorry, it's been a long day troubleshooting a local disk error and forming reliable backups. Thanks for going over that same ground again. On the second point, it more or less was answered by your first reply. With the introduction of the now optional MBR Protections, were there potential or discovered conflicts arising from the default?
No worries. The decision to make it optional was more about control than conflicts. We never had any issues in our tests. We ran RansomOff and MBRFilter together fine with no problems. But we just wanted to give the user more control to decide if they want it or not especially if they already have another MBR solution installed.
Thank you for the fast reply @HeiDef! Ok, installed the latest release from tonight on my more powerful main PC (turned off AVG Internet Security completely, ran installer by granting Admin rights via context menu). No noticeable slowdown here. Boot time protection is a must, I agree! Rather a slowdown but an encrypted system! However, I have the same outcome as on my laptop yesterday. According to your homepage, RO should indicate it's status with a icon in Sys Tray. There is no such icon, and the only indicator of RO installed is the Registry Key here: Spoiler: SysInternals AutoRuns I cannot tell out of the documentation on your homepage nor by Google'ing whether I need to have additional software installed (like as .Net Framework, software installers usually ask for automatically). Also, the installer log did not show any error (only the one with the restore point), but confirmed installation went well and will reboot once I close the installer. Spoiler: Software installed How can I acccess this GUI? Spoiler: GUI As for ShadowDefender running, I turned it on to test whether RO is ready and running, by throwing some Ransomware on it (will edit this post once I tried). EDIT: RO is obviously not running. Spoiler: xData ransomware test EDIT 2: Regarding .Net Framework, my Win10 x64 CU installation (v.1703 b.15063.296) has v4.7 already installed by default. Spoiler: .Net Framework v4.7
@DreamsandVisions, can you see in Task Manager - Details that HDRansomOffui.exe is running? This is the tray icon program..
No such service in TaskManager / SysInternals ProcessExplorer nor anything related to RO. I don't get it why it didn't install properly, AV has been completely shut down just in case, and installation performed perfectly fine too, according to it's log. As told above, I cannot run any of the .exe located in Programs folder (x64). Tried it on two machines.
@cloggy49 Is version 5.2017.144.10111 working for you? No more BSOD for me, but Task Bar icon is not appearing and system is unresponsive e.g. Start Menu, launching programs. Maybe just my config.
Hi Heifdef I have been following your product development with interest, and it is looking good, but frankly what you said above scares the heck out of me and no way would I install it. Why do you need a reboot to turn the mbr protection on and off. That suggests to me(please tell me I am wrong) that you are somehow modifying the mbr. If I am correct that is a disaster waiting to happen. How many users do you think could handle a trashed mbr. I offer as evidence the fact the HMPA also has effective mbr protection by simply unticking a box to turn it off and re ticking it to turn it back on. No Reboot necessary. Pete
