AppCheck by CheckMal

Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.

  1. boombastik

    boombastik Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    266
    Location:
    Greece
    Yes it is.
    Zero bugs, perfect stability.
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    AppCheck v2.5.46.2 Released (21. May . 2020)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    AppCheck v2.5.47.1 Released (02. June. 2020)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  4. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    138
    Location:
    Belgium
    is this tool ok with Tycoon ransomware?
     
  5. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    138
    Location:
    Belgium
    Is this soft dead?
     
  6. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,614
    Location:
    South Wales, UK
    NOPE! Not in the slightest.
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,462
    Location:
    Under a bushel ...
    Definitely not. Updates regularly (silently).
     
  8. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    138
    Location:
    Belgium
    Thanks but what about Tycoon ransomware?
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    AppCheck v2.5.48.3 Released (21. Jul. 2020)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
    Version 2.5.48.3 (21. Jul. 2020. 05:00 UTC)
    • Improved RansomGuard detection
    • Improved ExploitGuard detection
    • Improved Ransom Shelter function
    • Improved appcheck update in certain Windows account permissions
    • Added system boot file (bootmgr) protection
    • Improved stability of policy file (policy.pol)
    • Added option to enable "SMB Allow/Block List" (AppCheck Pro for Windows server trial (15 days))
    • Improved false positive detections.
     
  10. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    Nice piece of software! How does one clear log files? thanks
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    AppCheck v2.5.49.1 Released (19. Aug. 2020)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
    Version 2.5.49.1 (19. Aug. 2020. 04:00 UTC)
    • Improved Ransomware detection and rollback process.
    • Improved ExploitGuard detection.
    • Improved Ransom Shelter function.
    • Improved detection log
    • Fixed crash AppCheck.exe (User Interface) process when detect long filename.
    • Add a file extension list for protection (.efi).
    • Other minor improvement.
    • Improved false positive detections.
     
  12. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    915
    Location:
    Lunar module
    AppCheck v2.5.50.3 Released (9 Sept. 2020)
     
  13. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    747
    Location:
    Island of Woman
    can it be run alongside main AV?
    also can I disable outbound connection if I opted out for sending anonymous files

    or the outbound is needed for something (appacheck.exe)

    also which exe is needed to connect for updating the soft
     
    Last edited: Sep 19, 2020
  14. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    381
    Location:
    USA
    I suppose that depends on what the "main AV" is although I'm sure it's the developer's mission is all of them that be.

    I've been using AppCheck Pro since it came out on three systems; no issues with Defender on WIn10 or MSE on Win7. I can't report on the free version if that's the "it" you're inquiring about.

    These are the connections I've logged as of late:
    appcheck.exe - anti-ransomware
    appchecks.exe - anti-ransomware service
    appechecksetup.exe - installer
    appcheckupdate.exe - updater

    An exe used during updating:
    c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe

    My connections as of the most recent update have been to checkmal.com, 1e100.net and phicdn.net.

    There are options to disable "send suspicious files upon detection" and "use Auto Update" which I've done for both. I use its "check for updates" to do it manually.

    I've disabled its Exploit Guard as I run MBAE.

    Cheers.
     
    Last edited: Sep 19, 2020
  15. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    747
    Location:
    Island of Woman
    thank you for your exhaustive answer

    hej I noticed the program does make backup folders on USB devices despite the license saying it does not support USB protection in free mode

    any clarification on this? in case of ransomware attack my files on USB will be recoverable after the attack if I pay the full subscription?
     
    Last edited: Sep 27, 2020
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    AppCheck v2.5.51.4 Released (2. Nov. 2020)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
    Version 2.5.51.4 (2. Nov. 2020. 05:00 UTC)
    • User Interface Improvements
    • Changes of AppCheck Tools UI
    • changes on RansomGuard Option and fixed errors
    • Improved RansomShelter functionality and options
    • Fixed an issue where open files were not backed up during auto-backup.
    • Fixed where files added to whitelist backed up to the RansomShelter.
    • Fixed real-time protection issue when registering genuine products in the trial version of AppCheck Server.
    • Changed CMS log transmission quantity for stability.
    • Fixed specific registry is not removed while removing AppCheck through CMS.
    • Improved False Postives
     
  17. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    381
    Location:
    USA
    Sorry, your #616 slipped by my notice.

    "Backup(AppCheck)" folders are used by the Ransom Guard service; they're the "RansomShelter" folders. So, your USB files are protected.

    Folders named "AutoBackup(AppCheck)" are created when "Use Automatic Backup" is enabled and configured in the Pro version. You shouldn't have any of those in the free version unless they might be leftover from the trial version - I don't know if those get deleted when the trial expires.

    According to the CheckMal web site: "AppCheck Pro provides additional protection through flexible scheduled backup of user specified folder or files." That should read, "folders."

    One might assume files in that folder are offered protection from attack.

    Cheers.
     
    Last edited: Nov 2, 2020
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    AppCheck v2.5.51.5 Released (11. Nov. 2020)
    Website / Download: https://www.checkmal.com/download/AppCheckSetup.exe
     
  19. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    271
    Thanks for the info. The devs are currently making a new user guide for the latest version and they say it will be out soon.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    Cool, because lately I have been wondering about certain features. But anyway, I have recently upgraded to the newest version, and after that my desktop (Win 8.1) became unstable. I noticed that Vivaldi started to crash twice in a week which never happens, and my computer even blue screened.

    I can't say for sure it was AppCheck that was causing the problem, but since I downgraded the system is stable again. Also, it seems like after the AppCheck upgrade a lot of space on my SSD (about 4GB) disappeared? Not sure what's going on, but newer isn't always better, that's for sure.
     
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    915
    Location:
    Lunar module
    If your system turned blue, then a MEMORY.DMP dump file of several gigabytes in size was created in it, you can easily delete it without consequences. Look for this file in C:\Windows, C:\Windows\Minidump, C:\Windows \LiveKernelReports
    But first launch BlueScreenView https://www.nirsoft.net/utils/blue_screen_view.html or WhoCrashed https://www.resplendence.com/whocrashed.htm and there will be information about what caused the blue screen.
     
  22. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    271
    I am using also the latest version AppCheck v2.5.51.5 here but I am not using Vivaldi. A pal had issues with Vivaldi crashing with ver3.1 but this was when he updated to Win 10 (2004). I am using Win 10 1809 in the partition with AppCheck Pro. Will update the partition by next week if things will clear-up here.

    Is your bsod related to this? this ? I sent this thread link to AppCheck seeking that they reply so members can get help.

    You may need to send the mem dump to CheckMAL as aldist stated.

    https://imgpile.com/images/uQsbVE.png
     
  23. Surt

    Surt Registered Member

    Joined:
    Jan 23, 2019
    Posts:
    381
    Location:
    USA
    Well, as it turns out, on the day I posted that (of course), with the release of version 2.5.51.4, the "Improved RansomShelter functionality and options," it seems the "Backup(AppCheck)" folders scheme has been replaced. Where RansomShelter settings existed under the Ransom Guard tab, it's now got its own tab:

    RansomShelterNew.jpg <NEW OLD> RansomShelterOld.jpg

    A "Protective Shelter" exists in C:\ProgramData\CheckMAL\AppCheck\RansomShelter wherein there's a Device folder containing numbered HarddiskVolumeXX folders where the sheltered data is stored. Only by opening a volume folder can I discover, by folder names, etc., which partition or device is serviced by that specifically numbered folder. That's my environment; the contents of your RansomShelter folder might differ.

    I discovered I no longer have "Backup(AppCheck)" folders on my partitions and devices. Except for one on C: which is weird; it's dated 11/3 and contains only an AppData Local Temp folder for 8GadgetPackGadgets dated 2/8 which no longer exists on C:. I've got support ticket in with CheckMal about that apparent anomaly.

    I also inquired if there would be any advantage to relocating the RansomShelter folder to a different partition or an external drive. Personally, I'm not wild about the default location.

    UPDATE: Here's what support said:
    They didn't comment on the presence of the leftover (?) "Backup(AppCheck)" folder on my C: drive, but I just deleted it without issue.

    "set it up at D:\ before using it," doesn't make sense. I'm just going to change to D:\RansomShelter. Of course, D: within this context means "another partition."

    Note: once the change is done, Real-Time Protection needs to be temporarily disabled to delete the previous RansomShelter folder on C:
     
    Last edited: Nov 19, 2020
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    Thanks for the feedback guys. Will check it out, but sometimes it also depends on the machine, perhaps the newest AppCheck isn't compatible with my other security software, but not a big deal.
     
  25. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    271
    Yes, I confirm that. The Ransomware Shelter default route is now integrated into one folder, "C:\ProgramData\CheckMAL\AppCheck\RansomShelter"

    This was also stated by AppCheck support when I asked them last week. Images below are from 2.5.51.5

    https://i.postimg.cc/rsG4b637/ransomware-shelter.png

    https://i.postimg.cc/5yQ7FtHL/2-5-51-5.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.