AppCheck by CheckMal

Discussion in 'other anti-malware software' started by Mr.X, Jan 16, 2017.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I agree, but at the same time, they put it out there and make claims and then they are fair game.
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    And voodoo like you do shield has been in beta for how many years now? must be around 6. love that program and Dan.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes I'm sure it works, but don't be surprised if it can't spot all ransomware. So my point is, it can't hurt to combine pure AV with behavioral monitoring, it's simply an extra layer.

    Perhaps you can check it out with System Explorer, it has a performance tab that monitors reads and writes, but it has also an "I/O others" monitor, I often see EXE Radar being active, but there is no real drive activity. So I'm not sure what this means.

    http://systemexplorer.net/
     
  4. guest

    guest Guest

    To see the "real" disk writes it's better to monitor "Disk Write Bytes", not "I/O Write Bytes".
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Has any else tested with other attached external or internal drives. I had decided I was going to use Appcheck has a fall back ransomware detection approach to tell me I needed to restore an image.

    I realized I'd never tested without FIDES protecting the 2nd drive, so I turned off FIDES and retested. Results: C: drive protected just fine. E: drive, and internal drive. Some data lost, not a disaster, but the Raxco Instant Recovery and all Macrium images were lost. That's disaster.

    Wonder if Cruelsister can retest.
     
  6. guest

    guest Guest

    If these images have an extension which is not listed under "File extension list for protection", then these files are not protected.
    AppCheck was able to stop the Ransomware, but it was "too late". It had already encrypted your images from Macrium and Raxco.

    You might get different results, if you add the extensions of your image-files to the protection-list of AppCheck, but this can only be done with AppCheck Pro.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I can test that and will do so.

    THanks Mood
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks for testing, so it's definitely better than RansomFree. I will keep my eye on AppCheck.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Well this indeed was interesting. First all the method for adding extra extensions is fraught with the opportunity to screw up. Just a space between the dots and what you add get missed. But here is what is weird. Even when it was correct, the image files if on the desktop were protected, but on the 2nd drive weren't. So then I removed the extra extensions removed the result was the same. Okay on the desktop and lost on the 2nd drive. I am going to stick with Fides and Macrium.
     
  10. guest

    guest Guest

    No satisfactory result.
    The same result as with RansomFree. Files from the 2nd drive were encrypted too:
     
  11. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    I messaged Ikko, a AppCheck Dev so he can see this thread ;)
     
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Hope Ikko listens to you. I did the same weeks ago and he answered they were working on an International website and until finished he could come to this forum/thread.
     
  13. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    I am sure he will visit brother, he's a very respectable fella.
    They are working a tight deadline to get Ready for the US market.
    He will be here ;)
     
  14. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Regarding protection on alternate drives- Please remember that the whole point of AppCheck is to protect personal files (docs, pics, etc). If you (like I) save files to alternative drives one MUST have the Pro version where the specific drive and directory (eg E:\Porno) can be added to the base protection. And as I have noted a few times before, Fortress class ransomware (not already known) can mess up various exe's in non-protected locations. In the absence of an established Backup (Imaging) routine, applications can be re-installed if trashed, but your dissertation cannot.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Cruelsister

    My last test was with the pro version. In case I may not of have done it correctly can you give explicit instructions. I would also comment if it's that difficult then the protection is marginal at best in my opinion.

    Also note, that it is personal files of a different type I want to protect on those drives.
     
  16. In the (auto) backup section (last tab) you can add other folders and drives. These settings impact temporary backup and auto backup (so the temporary backup should work in free version also).

    SSSSHHHH Listen carefully, I will only tell you this once :D even with free version you can alter protected file extensions in the registry by changing the registry key with regedit
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Geesh. And people think Fides is complicated because of no GUI. That this can work, no doubt. For the mass market.....I don't think so.
     
  18. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Changelog page:
    Code:
    https://www.checkmal.com/page/support/notice/?detail=read&idx=11
     
  19. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    I thought part of a healthy security routine was to disconnect external drives when not in use..I do, therefore I reduce the low risk of getting a ransomeware infection on it and ******* up my files including my system backups.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Hmm. Page at bottom says English, but it looks like Korean to me.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That is true, but hard to do when they are all internal drives. And to open the case and have them unplugged just isn't happening, especially when there are working solutions out there
     
  22. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    So its a matter of choice, external drives rule when it comes to practical security.
     
  23. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Well I use Chrome which translate pages automatically.
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Clubhouse

    Not true. To not use internal drives to use Appcheck isn't practical security, it's a waste. The problem is an in adequate program. Fides protects all drives, Malwarebytes, protects all drives, HMPA protects all drives. Using them is practical security.
     
  25. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Thanks but no thanks, if the internal drive suddenly inexplicably dies I'd be up the swanny without a paddle..Now I know the chances of that are as remote as me getting a ransomwear infection...I haven't had a unexpected warning from my AV, malware softwares in over six years :( As I've said before I envy you guys that get a real benefit from these softwares.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.