AppCheck by CheckMal

Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    Yes, they are not working exactly the same but maybe some functionality that they are providing can interfere with each other somehow.
    I think you have already found a conflict, the MBR protection :)
     
  2. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,508
    Location:
    South Wales, UK
    Hi Mood

    One of my systems has AppCheck with MBR protection on, and I can image (using Macrium Reflect 7 Free) quite happily! SO suspect that this has something to do with RansomFree rather than AppCheck

    Regards, Baldrick
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    The missing link is that you don't have RansomFree installed :)
    Running them both at the same time seems leading to issues.

    But i don't have problems with AppCheck until now. It is running fine :thumb:
     
  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,379
    Location:
    Under a bushel ...
    Same as @aldist #476.
     
  5. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    Is it allowed to use the AppCheck (not Pro) in commercial organizations?
     
  6. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    Does anybody know how AppCheck work? (some general operating principles?)
     
    Last edited: Feb 12, 2018
  7. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    Nobody? Really ??!
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    Did you read about CARB at the website? CheckMAL even has a brochure about AppCheck explaining what CARB is.
     
  9. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    Thks, I am going to digest Carb....
     
  10. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    You're welcome. Btw it's CARB, all capitals. It's an acronym for Context-Awareness Ransomware Behavior, just fyi.
     
  11. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
     
  12. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    AppCheck protected from the Rabbit after 10 seconds
    ScreenShot_01.png
     
  13. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    10 seconds? Quite enough to encrypt a lot of files ...
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    Encrypted files (if any) are restored with a backup from the Ransom Shelter.
     
  15. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
  16. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    Right but ! I have no shelter..!!
     
  17. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
  18. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    You have, but you do not know about it! :)
    ScreenShot_80.png
    10sec- in virtual machine! In the real machine will be twice as fast, I think.
     
  19. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    No no, I have unticked that feature.
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    Yes, without a "Protective Shelter" there is a risk of losing files.
     
  21. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    I wonder why you have it unticked. It happened out of no where or you just did it on purpose?

    That feature (Ransomware Protective Shelter) is used by AppCheck to temporarily save any file(s) as a backup, from monitored drives.
    If a crypto-ransomware happened to run on your system and started to encrypt files, AppCheck, while is analyzing its behavior and deciding whether is a bad or good behavior, it is saving a clean copy of the files into that Protective Shelter, restoring them to its original directory after AC stopped the crypto-ransomware.

    In short, you must keep that feature on!
     
  22. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    381
    Location:
    Germany
    Wow, AppCheck Free protected MBR from Petya.A.
    1.png 2.png
     
    Last edited: Feb 18, 2018
  23. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    >> on purpose!

    ? Which files are you talking about ? : there is my problem.
    So far I have not seen any logic in the choice of the files who become protected. Appcheck loves protecting my mail files, which are on a separate partition. But suddenly these files are copied on my C: partition -in the special Appcheck folder- (my C:\ contains Win and prog), this has no sense for me.
     
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    11,452
    Files with the following extensions are protected:
     
  25. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    79
    Location:
    Belgium
    I have 5 .pst files. Why only 2 (or 3, I do not remember) of them were backupped? Why on my C: drive, which inflated brutally (I have gigs of mails on a separate partition)? I have a bunch of . doc . Some of them (just a few actually) were 'sheltered'; why them??
     
    Last edited: Feb 20, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.