Interesting AntiRansomware freeware

Belaboring, Eset's startup at boot time was being delayed which is no longer the case with MBR Filter driver removed. Additionally, many security products like Eset additionally monitor for low level disk access which could lead to potential conflict.

 

I need them, because at the moment I'm not satisfied with the other products that offer anti-ransom, like HMPA, MB and WAR. Both Appcheck and RansomFree seem to be promising.

 

SandboxIE always Rocks!

Looks like AppCheck needs some help

 

Thanks Peter,

I thanked the people who found AppCheck because I use it as SECOND line of defense for damage control on the DATA. What nice of you to proof that it outperformed HPMA on this (since it HPMA allowed your data to be ransomed/trashed). I do agree that AppCheck is not suited for first line of defense, but IMO is designed for a (free) SECOND line of defense (in combination with MBRfiler) to LIMIT DATA DAMAGE.


SO let me be clear in the context, which I think this free combo does a great job as a SECOND llne of defense to LIMIT DATA DAMAGE.

1. Proactive prevention
   In my case that is Software Restriction Policies and Access Control list protecting user space with the exeception of my Temp folder (to allow installs with run as admin). Avast in hardened aggressive mode (cloud whitelist) takes care that I don't install malware. See for instance CS test of Avast in hardened mode against ransomeware.
   
   
2. Data damage control
   In risk and contingency management and our real life, we see a lot of of damage control applications: take for instance the airbag in your car, it does NOT prevents collisions,but limits damage in case of a collision. Airbag does not protect the car (the OS) but protects the people in it (the data). Damage control is a smart thing use in case your first line of defense is broken.
   
   In endpoint (PC) protection, losing the system is a nuisance, but with a re-install or image recovery your system can be reset. Lost data can't be replaced so keeping the data as little as possible (holiday images, videos of social events, documents which you have to administrate for the tax service, et cetera). I use this freebie Combo for data damage control.
   
   
3. Disaster recovery
   This is the backup plan in case everything goes down. Disaster recovery can be a local using a second (USB) harddisk or in your network using a NAS or at some other place (at specialized fallback/recovery center of in the cloud). Besides data it is also good to have an image backup, so you don't loose time installing al the software to get up and running again.

I will keep repeating posting above text every time you post AppCheck is worthless software. It is not to be used as FIRST line of defense (as said we agree on that). But I can't understand why a professional would tell people not to use DAMAGE control when it is FREE and LIGHT (even on older systems).

Regards Kees

 

Kees, would you run AppCheck as a second line of defense (damage control) alongside other ransomware prevention software (e.g. HMPA, Emsisoft), or would that be inviting trouble?

 

HPMA injects its DLL into every process, so it is also a behavioral blocker desined against exploit and malware. Emsisoft has an excellent behavioral blocker. When you have a behavioral blocker on board already, I would not opt for doubling this type of protection. One could say that a BB is a second line of defence to limit post execution damage.

You could try Ransomfree which uses file honeypots. I have not tested ransomfree (so don't know whether it is light).

 

I agree with @Windows_Security to use AppCheck as a second line of defense. It is not perfect, and will never be, but outperformed much better than others. So I recommend it for people who want to set and forget, specially those not tech savvy ones.

 

Btw have anyone notice it makes AutoBackup(AppCheck) and Backup(AppCheck) folders? And curiously much larger than RansomFree honeypots? Well, it depends on the size of your protected files/folders.

Also AppChecks has granular control over Autobackup, it is found in Auto Backup tab. Again, the size of such folders can grow really large.

 

For example it outperformed over RansomFree. Hopefully your bad desktop and AppCheck experience will not hit a vast majority but I am confident the Korean company will fix that sooner than later.

Still I don't like to have all my info duplicated along my drives although I set just one partition to hold those huge AutoBackup folders, even from other drives. This is the mechanism AppCheck uses when a ransomware hits and it's able to encrypt some files so AppCheck kicks in to revert the damage by recovering those files from the backup pool.

 

Your test confirms what I have always assumed. This is, ransomware will target the desktop folder. First, it resides in the same user profile folder as other folder files normally targeted by ransomware. Second, the ransomware needs to modify the desktop to display its "your files are encrypted" message. And lastly, to encrypt targeted file extensions contained within the desktop folder.

Question. Did AppCheck backup the desktop files affected as it claims to do?

 

You give me to much credit It is not my text nor my theory, I have a bachelor in IT and it is (was) common risk management and contingency management. It is like the ABC of contingency management
A: Prevent incidents
B: Damage control
C: Recover/rollback

IT copied this principle from real world (architecture/engineering/medicine/warfare).Look around you and you will see it every where in real world also not only the airbag in your car, also the sprinkler in your office, every waterway in the Netherlands has a GUARDING dike (first layer) and after that a SLEEPING dike (second layer). How much real live samples would you like? Intrusion Detection Systems are also damage control systems

 

Came across a review of SBGuard by downloadcrew.com; another free anti-ransomware. Like software seems to be "cropping up like weeds" these days.

The first question to be asked before using like software is if it is doing stuff like:

To do this, the program apparently "injects a large number of restriction mechanisms and modifies some core Windows components to prevent malicious behaviours and executions which Ransomware viruses use to infect the system."
​

"Run - don't walk away" from the software ASAP. Also noted in the review as the RansomFree users are finding out is how the software interferes with software installations. No doubt whatsoever based on the above activity.

Ref.: http://www.downloadcrew.com/article/34497-sbguard_anti-ransomware

 

Well, all I can say itman is that I have installed RansomFree and it certainly does not seem to in anyway interfere with software installations that I have undertaken. Seems to play very nicely with existing software & security solutions. Have to say that this is not the case with AppCheck in my experience.

Regards, Baldrick

 

They're feeding off the panic and paranoia regarding ransomware.

 

"Came across a review of SBGuard by downloadcrew.com; another free anti-ransomware. Like software seems to be "cropping up like weeds" these days."




oh oh here comes Rasheed lol

 

Next test for any stand alone anti-ransomware. Can it be easily bypassed?

Can its main process be easily terminated using Process Explorer or RKill? Are its installation and like directories protected? Etc., etc..

 

Thanks Peter,

I thanked the people who found AppCheck because it is a nice FREE and LIGHT SECOND line of defense for damage control on the DATA. I do agree that AppCheck is not suited for first line of defense, but IMO is designed for a (free) SECOND line of defense (in combination with MBRfiler) to LIMIT DATA DAMAGE.


SO let me be clear in the context, which I think this free combo does a great job as a SECOND llne of defense to LIMIT DATA DAMAGE.

1. Proactive prevention
   In my case that is Software Restriction Policies and Access Control list protecting user space with the exeception of my Temp folder (to allow installs with run as admin). Avast in hardened aggressive mode (cloud whitelist) takes care that I don't install malware. See for instance CS test of Avast in hardened mode against ransomeware.
   
   
2. Data damage control
   In risk and contingency management and our real life, we see a lot of of damage control applications: take for instance the airbag in your car, it does NOT prevents collisions,but limits damage in case of a collision. Airbag does not protect the car (the OS) but protects the people in it (the data). Damage control is a smart thing use in case your first line of defense is broken.
   
   In endpoint (PC) protection, losing the system is a nuisance, but with a re-install or image recovery your system can be reset. Lost data can't be replaced so keeping the data as little as possible (holiday images, videos of social events, documents which you have to administrate for the tax service, et cetera). I use this freebie Combo for data damage control.
   
   
3. Disaster recovery
   This is the backup plan in case everything goes down. Disaster recovery can be a local using a second (USB) harddisk or in your network using a NAS or at some other place (at specialized fallback/recovery center of in the cloud). Besides data it is also good to have an image backup, so you don't loose time installing al the software to get up and running again.

I will keep repeating posting above text every time you post AppCheck is worthless software. It is not to be used as FIRST line of defense (as said we agree on that). But I can't understand why a professional would tell people not to use DAMAGE control when it is FREE and LIGHT (even on older systems).

Regards Kees

P.S.

It is not my text nor my theory, I have a bachelor in IT and it is (was) common risk management and contingency management. It is like the ABC of contingency management
A - Prevent incidents, B - Damage control, C - Recover/rollback

IT copied this principle from real world (architecture/engineering/medicine/warfare).Look around you and you will see it every where in real world also not only the airbag in your car, also the sprinkler in your office, every waterway in the Netherlands has a GUARDING dike (first layer) and after that a SLEEPING dike (second layer). How much real live samples would you like? Intrusion Detection Systems are also damage control systems