RansomOff

Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.

  1. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    After reviewing, we are going to keep this behavior. This is because Folder Protection can be disabled multiple ways both by the user and by RansomOff (if you turn off ransomware protection or switch to Simple Mode, Folder Protection is disabled as well). So to prevent users from having to remember to then turn back on each folder individually after Folder Protection is renabled, it makes more sense to keep each folders individual state regardless of the overall status.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    To clarify, I tried to run it via Sandboxie, and then I get to see the command prompt, and my HIPS alerts about incoming connections. So something during install makes RO trigger this behavior. I have seen this behavior with other apps also. Is it perhaps making a loop-back connection or anything?
     
  3. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Does it tell you the address? If it was RO I would assume you'd see an outbound connection attempt first. It's probably .NET framework related if I had to guess. If you can share the connection details it might help more to figure out what's going on.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I think it might indeed be related to .NET, but I don't know if the install will complete if I block it. This the the alert that I receive:

    "Receive incoming network packets - Listening Port: 50068 Local - IP =127.0.0.1 Protocol=TCP"
     
  5. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Just needs a floppy disk in to stop the noise.
     
  6. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Just opinions with regards to the GUI.
    As others have said its what it does that keeps me on board :)
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    RO wants to create restore point. RO also has service n' drivers. RO install also needs machine restart.
    SBIE2205 Service not implemented: WMI SystemRestore::CreateRestorePoint
    SBIE2205 Service not implemented: WMI IWbemServices 24

    1715.png
     
    Last edited: Nov 4, 2017
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    On retry, import worked now without disabling self-protection, so must have been a spurious problem.

    Also Dave edited my settings (some new ones have been added, which caused the issue), so I was able to import. My thanks to Dave. Up to date now.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks, that's indeed the screen that I'm talking about, and obviously SBIE is blocking all of these operations.
     
  10. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Out of interest how many running services does RO have when fully installed and what is the memory footprint like ?

    Thanks in advance.
     
  11. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    One service and then one UI instance in each session. Memory usage is relatively light. The bulk of memory usage comes from shared libraries associated with the .NET framework. RO won't be a source of memory pressure for your system.
     
  12. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Many thanks @HeiDef.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    hi HeiDef

    Tried the new version. GUI scaling still makes it unusable in my VM.
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    HD RO with all options active, Agent = ~ 19 MB and Service = ~ 36 MB here.

    Though Agent went > 80 MB after opening UI and seems to stay there after minimising.
     
    Last edited: Nov 13, 2017
  15. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks Peter. We didn't get to the scaling issues yet with this release so anyone who had problems still will. It's one of the top to-do items though.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Thanks Heidef. I'll stay tuned.
     
  17. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada
    Bit of a nightmare with this. I installed to try out, after a couple hours I decided it wasn't for me, tried to uninstall. First tried uninstalling thru the control panel. wouldn't work, next tried to do a forced uninstall with Geek Uninstaller, didn't uninstall right. Tried to delete the folders in Program files and could not do it. Also it seemed to affect Chrome and Sandboxie. Tried 2 or 3 times to open Chrome after, it would open but home page wouldn't load, tried to load Chrome in Sandboxie and wouldn't load again. Went to task manger, had 8 instances of Chrome running, could only shut down 4 with task manager could not shut down Sandboxie from task manger either, both just hung and hung and wouldn't close. So tried a restart, resulted in a blue screen, luckily it let me do a system restore which got my computer running normally again. Only thing that could have caused this is Ransomoff as computer was running perfectly before I installed it. Sometimes I wonder why I keep trying different programs, 95% i just uninstall or they cause some kind of problem. Running WD and MB3 now, absolutely no problems at all, no pop ups, no shutting down to update anything, no performance issues, sometimes I just don't know how good I got it. Why keep trying to add programs when I really don't have to and my computer is running flawlessly with adequate protection. Rant over.
     
  18. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    My suggestion is to disable all real-time protection modules and self-protection module before uninstalling RO
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Digmor

    I always take a Macrium Incremental prior to any new install. Then I can let a Macrium restore doing the uninstalling. If I go beyond the time I want to restore, then I use Revo uninstaller. Does a pretty good job.

    Pete
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Sounds like a bad experience and I know what you mean about the need to try new security tools. That's why I always monitor threads for stories like this, before I decide to install. Perhaps RO's developer can explain what might have caused this.
     
  21. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada

    Yup, I do this at times, should have done this time as well.
     
  22. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada

    I use Aeomi, but rarely have to use it ti restore, will keep your tip in mind for next time. If there is a next time.:rolleyes:
     
  23. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Sorry you had issues @digmor crusher

    It's tough to say exactly what went wrong. When you first tried to uninstall, I'm assuming you shut RO down first? The uninstaller should complain if you didn't but just wanted to check. And when you say it didn't uninstall right, what exactly do you mean? Did it display an error?

    Uninstalling with third party tools is probably the worst thing you can do. They don't have the details of what RO did during install and especially when dealing with boot level drivers, letting some other tool remove references and files will just lead to issues.

    We haven't tested with Sandboxie in a while but given that it's a virtualization tool and because RO uses some similar methods, it's not surprising there are conflicts.

    To explain the Chrome issues, did you have any HIPS settings enabled? Chrome registers as a PDF viewer and if you have the PDF security enabled, Chrome won't load. You need to remove Chrome from the list of PDF viewers. The behavior of the PDF security is explained in the docs. We've never had problems with Chrome in testing, but every system is different.
     
  24. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,157
    Location:
    Canada

    I believe I shut down RO first that is what I usually do when uninstalling a program, An error did come up a couple times but I cannot remember what it said now.

    I used a 3rd party app as i could not uninstall any other way.

    Not sure what you mean by HIPs settings, do you mean HIPs settings in RO? if so thats possible as i was trying different settings.

    Sorry i'm not much help but I was more concerned with getting my computer running properly than remembering all the other details.

    I would guess that the HIPs setting were enabled and thats why Chrome didn't load and that uninstalling with Geek caused the other issues. Only mystery then wold be is why it did not uninstall properly in the first place when I tried thru the control panel. Maybe just one of those Windows things.
     
  25. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Most uninstaller of the software don't uninstall COMPLETELY and some files/folders/registry entries will be left behind. Don't understand why the developer don't do it.

    Your quote
    I suppose RO comes with its own uninstaller. If yes, using RO uninstaller itself will ALL files/folders/registry entries be COMPLETELY removed?

    Thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.