AppCheck by CheckMal

Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    322
    Location:
    Germany
    Checked Makrium Reflect v7 + AppCheck with MBR Protection ON, all OK.
     
  2. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    Could you add Ransomfree and see whether you can still image easily?
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
    If it now fails then it is not because of AppCheck but because of running two Ransomware defenses at the same time.

    a) Only RansomFree is installed = OK
    b) AppCheck + Ransomfree = BSOD (while imaging) - (Appcheck MBR protection is disabled = OK)
    c) Only AppCheck is installed = (?)

    Try to verify c)
    If c) doesn't fail (no BSOD while imaging) then only one program should be installed, not both at the same time.
     
    Last edited: Feb 10, 2018
  4. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    The 2 apps work different ways, I think. Ransomfree waits patiently an attack of the traps it has put on the drives. Then it starts reacting. Appcheck? it is different (though I do not know exactly how). That is why I think/thought that both apps can (could) coexist on the same machine.
    Anyway: now I have both installed, and Appcheck MBR protection is disabled. IFW has worked flawlessly.
    We shall see whether this peaceful coexistence persists....
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
    Yes, they are not working exactly the same but maybe some functionality that they are providing can interfere with each other somehow.
    I think you have already found a conflict, the MBR protection :)
     
  6. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,506
    Location:
    South Wales, UK
    Hi Mood

    One of my systems has AppCheck with MBR protection on, and I can image (using Macrium Reflect 7 Free) quite happily! SO suspect that this has something to do with RansomFree rather than AppCheck

    Regards, Baldrick
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
    The missing link is that you don't have RansomFree installed :)
    Running them both at the same time seems leading to issues.

    But i don't have problems with AppCheck until now. It is running fine :thumb:
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,316
    Location:
    Under a bushel ...
    Same as @aldist #476.
     
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    322
    Location:
    Germany
    Is it allowed to use the AppCheck (not Pro) in commercial organizations?
     
  10. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    Does anybody know how AppCheck work? (some general operating principles?)
     
    Last edited: Feb 12, 2018
  11. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    Nobody? Really ??!
     
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    Did you read about CARB at the website? CheckMAL even has a brochure about AppCheck explaining what CARB is.
     
  13. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    Thks, I am going to digest Carb....
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    You're welcome. Btw it's CARB, all capitals. It's an acronym for Context-Awareness Ransomware Behavior, just fyi.
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    322
    Location:
    Germany
     
  16. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    322
    Location:
    Germany
    AppCheck protected from the Rabbit after 10 seconds
    ScreenShot_01.png
     
  17. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    10 seconds? Quite enough to encrypt a lot of files ...
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
    Encrypted files (if any) are restored with a backup from the Ransom Shelter.
     
  19. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    322
    Location:
    Germany
  20. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    Right but ! I have no shelter..!!
     
  21. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
  22. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    322
    Location:
    Germany
    You have, but you do not know about it! :)
    ScreenShot_80.png
    10sec- in virtual machine! In the real machine will be twice as fast, I think.
     
  23. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    70
    Location:
    Belgium
    No no, I have unticked that feature.
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
    Yes, without a "Protective Shelter" there is a risk of losing files.
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    I wonder why you have it unticked. It happened out of no where or you just did it on purpose?

    That feature (Ransomware Protective Shelter) is used by AppCheck to temporarily save any file(s) as a backup, from monitored drives.
    If a crypto-ransomware happened to run on your system and started to encrypt files, AppCheck, while is analyzing its behavior and deciding whether is a bad or good behavior, it is saving a clean copy of the files into that Protective Shelter, restoring them to its original directory after AC stopped the crypto-ransomware.

    In short, you must keep that feature on!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.