AppCheck by CheckMal

Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    I think this app deserves a separate dedicated thread. In time it will get better and better, besides the development team is currently working in an International website for their product.

    Just out of curiosity I found a new release today, don't know when it came out or changelog, going to investigate further.

    AppCheck 2.0.0.20
    Code:
    https://www.checkmal.com/download/AppCheckSetup.exe
    Edit ~ I found changelog webpage by googling it:

    Release History (changelog)
    Code:
    https://www.checkmal.com/page/support/notice/?detail=read&idx=11
     
    Last edited: Jan 16, 2017
  2. guest

    guest Guest

    They are providing a lot of videos, in which ransomware/malware is dropped on AppCheck.
    These videos can be found on YT or on CheckMal's website (242 videos :ninja:)
     
  3. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    Thanks @mood

    Yes, I watched some of them not all. Seem they are developing a really good product.
     
  4. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    It seems they do frequent updates for AppCheck. That's cool.

    Release History (changelog)
    Code:
    https://www.checkmal.com/page/support/notice/?detail=read&idx=11
    
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    I assume the AppCheck developers are reading postings here, so I make the following suggestion. Submit AppCheck to Malware Research Group for a comparative test against other stand alone anti-ransomware such as HMP-A and the like. MRG has done like tests in the past. Doing so will give added legitimacy to your product by having an AV Lab perform the testing.

    As an alternative source, A-V Comparatives also performs commissioned comparative testing. They recently performed one for PC-Matic using 1000 ransomware samples.
     
  6. guest

    guest Guest

    Yes, at least 5-7 updates per month.
    I noticed it too. I even found files from Program Files in the backup folder of AppCheck, after modifying some files within Program Files.
     
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    do you have to check the autoback up option? otherwise where are these backup folders?
     

    Attached Files:

  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    I believe auto backup only exists in the paid Pro version.
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    itman

    then I don't understand. please take a peek at my screen shot.
    I do have the autobackup folder on my c drive but had not ticked it in options.
     
  10. guest

    guest Guest

    Maybe is a leftover of the backup ability disabled or the honey pot
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
  13. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Boredog- Excellent question. First off, please note that there are 2 versions of AppCheck, the Free and the Pro. I apologize in advance that this answer will be overly extensive!

    But before I begin, please note that AppCheck does NOT use Honeypots!!! This is a false protection pathway as a great deal of current ransomware would be oblivious to such Pots, thereby screwing the user.

    Anyway, about AppCheck:

    1). The Free version will create the directory "C:\Backup(AppCheck) on the C: drive.
    2). The Paid version will create an additional directrory "Wherever\AutoBackup(AppCheck)". I put in the Wherever as the user can specify the drive on which it resides.

    Now about the C:Backup folder- for this I must refer you to my video, especially at the 1:07 mark. Note that although you did see an initial encryption of some files, they were quickly deleted and that non-encrypted Docs were restored. What was actually occurring was the files trashed were first copied to the Backup(AppCheck) directory, then Appcheck deleted the encrypted versions, then restored the originals.

    Second- once again refer to my video at the 3:31 and 4:21 mark. You will note here that at 3:31 either the ransomware was too efficiently coded or my VM was too slow to provide the protection seen in the above first case, and we were left with a couple of encrypted files that were not restored. At the 4:21 mark thing happened so fast that although AppCheck deleted the encrypted stuff it was unable to copy the originals so we were left with only 40 files (down from 57).

    Now as CheckMal realizes that not all ransomware are coded to the same level of efficiency and not all systems are equally fast we get the AutoBackup directory, which is proof from outside malicious manipulation. I will ask you to wait for a few days until I publish the second AC video, but in it is demonstrated how trashed protected files can be manually restored.

    Finally it is important to realize the goal of AppCheck- It protects that which is actually held for ransom. In other words, it will not protect Adobe PhotoShop Elements itself, but it will protect the Photo of your Grandmother petting your dearly departed cat. One can be re-installed, the other cannot be.
     
  14. Remarks on how useless AppCheck is as an OS protection tool has been posted many times in the "interesting anti-ransomware freeware" thread. Re-posting these observations and opinions won't add any value on how good or bad AppCheck performs as a DATA protection tool. AppCheck is to be used discussed and evaluated as data damage control program.
     
    Last edited by a moderator: Jan 18, 2017
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    For Cruelsister. When you test do you test how else the system is infected, unless something else is protecting it.

    Kees, can you post your censorship credentials, please
     

  16. Three bases which you CAN (not SHALL) use to limit risk and impact of security threats
    1. Proactive prevention
      Blacklist, whitelist, HIPS like security programs

    2. Damage control
      IDS honeypots like ransomware free and behavioral blockers like AppCheck
      (arbitrary sandboxes redirecting/reducing rights also limit possible damage)

    3. Disaster recovery
      Data and image backup and recovery, data replication and emergency fallback centers

    When you want to start a war against damage control systems as a category, go get yourself a hacksaw and remove the safety belts and airbag out of your car, but don't start a rant against the use and function of damage control systems in this thread, use the other 'interesting anti-ransomware' thread instead (you have already hijacked that one)

    When you prefer to use disaster recovery or rely solely on your proactive prevention and don't need AppCheck. That is fine and good for you, but it tells everything about you and your setup and nothing on AppCheck as free data damage protection tool, use the 'what is your setup'' or the other 'interesting anti-ransomware' thread instead (you have already hijacked that one)
     
    Last edited by a moderator: Jan 18, 2017
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Actually I do use all three, just ranked differently, so I am going to make one last post, and this is not based on theory but actual testing of real life malware.

    1. Does Appcheck do what it says it will. ABSOLUTELY!!

    2. But, if your system is protected as in items one or two above you should never see appcheck work.

    3. If you should see Appcheck protect your data in real life your system IS INFECTED, and compromised. Your data is safe but your system isn't

    4. From some of the changes I've seen real malware make, the only remedial action I'd feel safe with is image restore.

    NOTE: This applies to all Ransomware protection, not just Appcheck.

    Bye
     
  18. Pete

    Thanks, all points above are true and valid. An airbag might protect its passengers, but after an accident you need to repair your car, no doubt about that point you are making (restoring an image after an infection). I am with you and fully agreeing on this.

    You have client data on your network, so you like to have risk vectors covered twice (e.g. use both NVT and VS). Seasoned members who are well covered with 1 (e.g. use VoodooShield) and 3 (e.g. use Macrium) can add a layer on a different dimension with AppCheck (2 damage control) to be and feel more secured also.

    Regards Kees
     
    Last edited by a moderator: Jan 18, 2017
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Kees

    One of the reasons I wanted to hit that point hard is, I know most of our knowledgeable are well aware of what I am saying, but it's the inexperienced new comer who could look at the thread and see the holy grail. That is my concern. I know you get it.

    Pete
     
  20. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Actually I would advise inexperienced or novice users stumbling into thread you could do no better than follow cruelsisters videos and opinions for well informed and most importantly UNBIASED reviews on this and other security softwares...Look up her videos on youtube :)
     
  21. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    849
    Location:
    Melbourne, Australia
    That's me! Avast free and CFW (proactive and restricted).
     
  22. guest

    guest Guest

    youtube.com/watch?v=TknEQb6H2Do
    Courtesy of @cruelsister. Thanks for the video.

    Do they have an English purchase site yet? I got through the Korean purchase site, but it ends in wanting to install a plugin for payment.
     
  23. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Looks like its a must have!
     
  24. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    They're currently working on an International website for non-Koreans, a developer who works there told me by email the other day.
     
  25. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    And as ever thanks to cruelsister for clear and concise tests.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.