Hi Dan Just seen the posts about AppPacApp and so can see that you have been busy. However, am just wondering if there is any news in to the RansonOff RC? The last beta that I installed on one of my systems has been performing flawlessly (at least for me) and am thinking that you must be close to being where you want to be before formally release? Anyway, all good things come to those who wait...so patient we will have to be...in the hope of something new to test soon... Keep well, and don't work too hard, Maestro. Regards, Baldrick
Thanks! We got a bit behind with RO but should be releasing an update shortly. Glad to hear it's working well for you still. Externally there aren't many new things but we did re-do a big chunk internally to clean up the code and also hopefully reduce FPs. We identified an issue that was introduced two versions or so ago that seemed to cause a bunch of unnecessary FPs so that's hopefully fixed. I'm sure I sound like a broken record but the next release really should be soon.
Hi Dave Good to hear from you. Thanks for taking the trouble to respond...much appreciated Sounds like what with the chunk of code rewrite we still have some more checking out to do for you...well, bring it on (when you are ready that is, of course ). We are ready and waiting. Regards, Baldrick
RansomOff Change Log 5.2018.81.6662 - 22 Mar 2018 Added new HIPS setting to notify on protected folder write. Removed ransomware protection dependency for folder protections. Improved RansomOff Server support. Other bug fixes and UI tweaks.
This is IMHO and for all good purposes a cutting edge state of the art sort which is a rarity but absolutely priority relevant given recent published reports for just one example, Atlanta's City systems which as of this very day today front n center news on their/those series systems still in a state of been (ransomware) neutralized. (HeiDef, you guys should contact them-negotiate). I tested it while yet in infancy and throughout many releases and it wasn't boring, I can tell you that.
Do you have a POC? That'd be a great win. It is amazing though that major organizations are still getting nailed with ransomware. It just shows it's a threat that's not going away.
Got reports of a few hick ups but I think they were more system related vice RO. Hopefully it stays that way.
I could have sworn that I already posted this a couple of days ago: It's the SamSam ransomware that gets installed via RDP. I suppose a tool like RansomOff would be able to stop it, here some more info: https://www.secureworks.com/research/samsam-ransomware-campaigns
Just now installed instead of CybereasonRansomFree having noticed it is no more in beta stage. Any tips on how to set it up the proper way or simply install and forget about it? I am curious about HIPS mainly.
All of them literally? edit// just noticed I cannot run HWMonitor 1.34 unless R-Off is not operating causing freezes How to go about this issue?
It's really user dependent. Turning on all the HIPS like @Peter2150 said will generate a lot of alerts but they can be tuned to reduce some of the noise. If you are running other security software, some of the HIPS may be redundant so it's something you'll need to figure out based on your setup. RO is packed with features which allows for lots of tuning but it can be just installed and run with the default configuration without much intervention. We've been meaning to update the docs and add more info so it's easier to figure out what to do. As for the HWMonitor issue, not quite sure what's going on there. If you disable ransomware protection does HWMonitor run? Is the system freezing or just HWMonitor? Did you try to add HWMonitor to the exemptions list? That generally clears up problems although we will look into it to try and figure out the underlying cause.
Only HWMonitor freezes. When I turn off R-Off- it becomes active and can be operated on. Is it possible to make exceptions? One a side note - HeiDef, it is a job well done, for real! edit// found the exceptions - NICE!
Despite listing exclusions / adding exes / folders to the exemptions list, I can tell you that R-Off and ShadowDefender 1.4.0.648 are in conflict. Windows was unable to restart and or be turned off without generating errors - chkdsk was deployed by system and R-Off exe generated errors too regularly. After ca 20 failures I had to uninstall R-Off, alas. My guess? Registry Exclusions List in SD has to be properly configured but I don't know how to achieve it.
Dave - RO 5.2018.81.6662 now purring away on machine 1 below , advanced mode, default settings, external USB backup folders protected.
We never tested extensively with RO and SD but given how they both work, it's not surprising there is conflict. Thanks for the feedback though. It's something we can try to look into.
