Bitdefender Free CryptoWall Vaccine

http://news.softpedia.com/news/cryptowall-vaccine-updated-for-the-latest-4-0-version-495916.shtml

 

Particular notice should be directed to the word "only."

Source:
http://labs.bitdefender.com/projects/cryptowall-vaccine-2/bitdefender-offers-cryptowall-vaccine/

 

I don't get it, so doesn't it protect against older versions? And what about other types of ransomware? I don't understand why BitDefender is being so vague about how it exactly works. I think it's probably using signatures, as it doesn't seem to use a driver. It does seem to be quite lite, not bloated at all, so that is a big plus.

 

Last time I checkef, it used Software Restriction Policies (like CryptoPrevent portable).

For windows to update normally you can set a deny execute on all user folders, except
- TEMP folder = this is used as installation folder
- Drive with largest free space = some installers choose in the past to extract to the non-system drive with the largest amount free space
- Root folder = some driver installations extract to system drive (but this should be protected by UAC)

When you don't use .Net you probably only need to allow TEMP. So with a Software Restriction Policy of deny execute on all user folders except TEMP, you won't run into update problems. When you add a DENY execute file/traverse folder Access Control List (just right click choose security tab), you can close down this intended HOLE in your deny execute. Before updating just change the DENY ACL for EVERYONE into an ALLOW.

 

There is Hitmanproalert for that.

 

Says the guy with quintuple redundancy.

 

Pete, could you be more specific? The point of what?

IMO programs like Cryptoprevent and Bitdefender CryptoWall enable a build in feature which helps to reduce the risk of ransom malware without the loss of any CPU cycles. Free programs like Simple Software Restriction Policy, Bouncer and Smart Object Blocker do the same and can be configured as free anti executable. Why not use those free available options?

 

Please be specific about which quality programs provide adequate protection. To my knowledge there are only a few that claim to be able to stop crypto-ransomware before it encrypts data. Many programs can detect the malware after the fact, but that's not particularly helpful.

I have confidence that HitmanPro.Alert can detect and stop the encryption process in real time, and so I consider it a "must have" program. CryptoPrevent works by denying access to the folders that crypto-ransomware uses to execute, and so equally "must have".

 

May I suggest that all threads, which are not about Emsisoft, AppGuard, NVT ERP, Sandboxie or HMP.A, should be locked? Alternatively I will post in all other threads why I don't need them because of my bloated ~Phrase removed~ security setup.

 

Why do you think that? You can also turn the immunization feature off, and apparently it will still protect you. So it must either use HIPS tech, or signatures besides Software Restriction Policies.

 

Run Regedit, look for the key HKLM/SOFTWARE/Policies/Windows/Safer to find out besides path rules their might also be hash based rules identifying executables

 

I'm sorry but I'm not following you. What I'm saying is that the "immunization" feature will block apps from launching from certain locations. But you can also turn this off, so what is the other protection about?

 

@Rasheed187 When you run it, have a look at those registry keys with immunzation on and off. Then post them so we can have a look at it and know about whether or not SRP is applied and how.

 

Yes but you're not answering my question, did you even try this tool?

 

Yes, that is why I am asking you to check those registry keys. Could you have a look at it?

 

I didn't see any keys over there. But I won't be using it, it keeps phoning home and the protection offered is too vague for me.

 

Is this app really trustworthy, what is the verdict?

 

@Rasheed187

Forums are for discussing issues and sharing experiences. You are great at discussing, may I suggest you try it yourself and share your experience in the Secure Folders thread?

When in doubt you can load it to VirusTital, Comodo Instant Malware Analysis, ThreatExpert, Hybrid-analysis, Anubis, GFI-sandbox, etc

 

Yes but I would like to know what you and others think. I've read some of the comments, and that made me hesitant to try it. But I trust your opinion so that's why I asked. It does indeed seem to be a handy tool.

 

Well, I don't trust Download.com (download.cnet.com) anymore since one may not get the original, unmodified installer file, so I kept looking.

I found it here:
http://www.filecroco.com/download-secure-folders

File name: SetupSecureFolders.exe
Size: 4012544 bytes
MD5: bc75ed68bd5a50af1cfcbccfa06e7e7b
SHA1: 6568e012f2169d3f570bcac6159857c990b42f80
SHA256: 355f9c7ae0ccb2885d1cb6affb4ba89102a78be43eb2604a90084bcb34ca1dd4

I know that doesn't answer your question, but I thought it would be helpful to offer you an alternate source for the installer.

Phil

 

@ Peter2150 and pcalvert

I have replied over here:

https://www.wilderssecurity.com/thre...as-anti-executable.369503/page-5#post-2545443