Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.
Checked Makrium Reflect v7 + AppCheck with MBR Protection ON, all OK.
Could you add Ransomfree and see whether you can still image easily?
If it now fails then it is not because of AppCheck but because of running two Ransomware defenses at the same time.
a) Only RansomFree is installed = OK
b) AppCheck + Ransomfree = BSOD (while imaging) - (Appcheck MBR protection is disabled = OK)
c) Only AppCheck is installed = (?)
Try to verify c)
If c) doesn't fail (no BSOD while imaging) then only one program should be installed, not both at the same time.
The 2 apps work different ways, I think. Ransomfree waits patiently an attack of the traps it has put on the drives. Then it starts reacting. Appcheck? it is different (though I do not know exactly how). That is why I think/thought that both apps can (could) coexist on the same machine.
Anyway: now I have both installed, and Appcheck MBR protection is disabled. IFW has worked flawlessly.
We shall see whether this peaceful coexistence persists....
Yes, they are not working exactly the same but maybe some functionality that they are providing can interfere with each other somehow.
I think you have already found a conflict, the MBR protection
One of my systems has AppCheck with MBR protection on, and I can image (using Macrium Reflect 7 Free) quite happily! SO suspect that this has something to do with RansomFree rather than AppCheck
The missing link is that you don't have RansomFree installed
Running them both at the same time seems leading to issues.
But i don't have problems with AppCheck until now. It is running fine
Same as @aldist #476.
Is it allowed to use the AppCheck (not Pro) in commercial organizations?
Does anybody know how AppCheck work? (some general operating principles?)
Nobody? Really ??!
Did you read about CARB at the website? CheckMAL even has a brochure about AppCheck explaining what CARB is.
Thks, I am going to digest Carb....
You're welcome. Btw it's CARB, all capitals. It's an acronym for Context-Awareness Ransomware Behavior, just fyi.
AppCheck protected from the Rabbit after 10 seconds
10 seconds? Quite enough to encrypt a lot of files ...
Encrypted files (if any) are restored with a backup from the Ransom Shelter.
During this time encrypt 8-10 files. But protect MBR.
RansomFree https://www.wilderssecurity.com/threads/ransomfree-by-cybereason.390786/page-15#post-2738757 works instantly, but does not protect MBR. But in next version will added protect MBR.
Right but ! I have no shelter..!!
Thanks, very interesting info.
You have, but you do not know about it!
10sec- in virtual machine! In the real machine will be twice as fast, I think.
No no, I have unticked that feature.
Yes, without a "Protective Shelter" there is a risk of losing files.
I wonder why you have it unticked. It happened out of no where or you just did it on purpose?
That feature (Ransomware Protective Shelter) is used by AppCheck to temporarily save any file(s) as a backup, from monitored drives.
If a crypto-ransomware happened to run on your system and started to encrypt files, AppCheck, while is analyzing its behavior and deciding whether is a bad or good behavior, it is saving a clean copy of the files into that Protective Shelter, restoring them to its original directory after AC stopped the crypto-ransomware.
In short, you must keep that feature on!
Separate names with a comma.