Bitdefender Free CryptoWall Vaccine

Discussion in 'other anti-malware software' started by Charyb, Dec 17, 2014.

  1. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    554
    Announcement
    http://labs.bitdefender.com/2014/12/bitdefender-offers-free-cryptowall-vaccine/

    Download
    http://labs.bitdefender.com/projects/cryptowall-vaccine-2/bitdefender-offers-cryptowall-vaccine/

    From BD Labs:
    "The CryptoWall Immunizer is only effective in protecting systems that may get infected with versions one and two of the Cryptowall ransomware.

    While we are making all efforts to update the tool as soon as CryptoWall is modified, we recommend that you keep your antivirus solution always on and use this tool as an additional layer of protection."
     
    Last edited: Dec 17, 2014
  2. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    267
    Location:
    Philippines
    You tried it? I'm trying it, seems to be running perfectly well on my machine. :)
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    I'm trying it also. Minor peeve is the icon is exactly like the BIS 2015 icon. So far so good.
     
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    How does it work?
    Anti exploit like hitmanpro?
     
  5. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
  6. guest

    guest Guest

    A limited anti-executable in a nutshell, yep...
     
  7. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    So NVT anti exe would do the same or voodooshield or HIPS even
     
  8. guest

    guest Guest

    trott3r it just disallows program executions in AppData and Startup folders. Any anti-executable and classical HIPS or even the built-in SRP can take care of it more than adequate enough.
     
  9. guest

    guest Guest

    imho I have more faith in HitmanPro.Alert than in BitDefender CryptoWall Vaccine. CryptoWall Vaccine just seems to be too limited in order to offer protection against crypto malware in general.


    (Please note that I don't have experience with both tools with regard to crypto ransomware)
     
  10. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    oops wrong tab :)
     
  11. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    thanks
    Any notification on block or just deny all
     
  12. guest

    guest Guest

    I don't know. I might be going to try it out just to see how it performs.
     
  13. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Hmm
    C:\Documents and Settings\trotter\Application Data\crypto

    put cryptopad exe in that dir and double clicked nothing from bitdefender and also installed cryptopad after webroot picked it up as not in their database :(
     
  14. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    maybe its definitions based as well?
     
  15. guest

    guest Guest

    Not workan! =V

    With immunization=on, executable could still be running in AppData folder. Could it be that it uses file hashes to block process executions?

    Do all anti-ransomware work like this? If yes, I'd rather use an AV instead.
     
  16. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Doesnt seem clever
     
  17. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    It does two things: it enforces a software restriction policy to prevent ransomware from installing in AppData/Start folders and it blocks any ransomware that seeks to run.

    Of course, if the SRP is already in place, a malicious CryptoWall payload won't have rights to run and if does its blocked by BD Anti-Ransomware.
     
  18. guest

    guest Guest

    Which begs a question, does it work with some sort of blacklist definition?
     
  19. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    I think it works with some sort of list since the software is updated over the Internet whenever new CryptoLocker/CryptoWall variants appear in the wild.
     
  20. guest

    guest Guest

    Then I don't see a point of this thing if the user already has an AV.
     
  21. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    It must be different. Because BIS doesn't prevent me from using it.
     
  22. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    Its compatible with your AV since it offers an additional layer of protection by enforcing SRP policies in Windows.
     
  23. guest

    guest Guest

    Enforcement based on what? File hashes blacklisting? I tested it with a benign executable and BD's CryptoWall Vaccine didn't block it. It should've blocked it if it did use default-deny SRP enforcement.
     
  24. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    Did you enable immunization? It should have activated the SRP.
     
  25. guest

    guest Guest

    I did.

     
Loading...