Interesting AntiRansomware freeware

AppCheck

 

Peter,

You don't like or don't see the advantage and function of damage control, point taken.

There is a hole world outside (including IT) which uses damage control as one of the three basic strategies to mitigate risk.

Let's agree to disagree.

Regards

Kees

 

Well I still haven't made up mine yet. At least where concerns freeware protections available for this form of ugly.

While some enjoy a reasonable enough measure of PC Security through virtualization tech software as basic security (as i prefer Sandboxie + SD) against those mischief crypto villains, it still almost begs to question what might be implemented fully in FREE protections as Kee's so often likes to explore for and often times comes up with some real delights.

Thanks @Peter2150 for getting your hands dirty on this particular strain(s) of interruption-ware yet (again).

 

Is MBR ransomware able to do it's work when you are running as a standard user? Would MBRfilter be necessary in that case?

 

As far as I know, UAC elevation is required, so NO

 

Good question. Using Petra ransomware as an example:

The good news is that Petya can’t install itself silently. Because it’s making changes to the boot environment, Windows will pop up a security warning. Users have to click through that in order for Petya to gain control of the system. People will still do that, but at least you have a chance to stop Petya before it’s too late.

Ref.: https://www.extremetech.com/computi...evel-encryption-to-hold-your-computer-hostage
​

The rub so to speak is that when running as a standard user, you won't get any UAC prompts since no privilege escalation is allowed. However, I believe Windows will outright block this activity as a standard user.

Note that ransomware can still encrypt standard user profile files. However, can not encrypt any files stored under a local admin account.

​

 

That is why I run all our PC with UAC set to deny elevation of unsigned programs when running as admin. I use a simple registry file when I need to install an unsigned program. Some signed executables have unsigned installers (e.g. Secure folders had). Running with this setting works well for me since 2010.

Besides the privacy advantages of HenryPP's Chromium releases, I like to use Chromium because it is unsigned, so unsigned Chromium can run, but can't touch other UAC protected processes and folders with this UAC setting.

 

I'm aware of this reg tweak but never grasped this till now for some reason. I understood unsigned programs wouldn't elevate but not that it can't touch other UAC protected processes and folders.

Thanks for the replies and thanks to the testers who shared their results. I'm aware of AppCheck's limitations, (and can deal with them), but it seems useful enough to me to use it for now.

Thanks Kees for sharing your approach to security.

 

I miss my old HIPS EqSysSecure. It was a great on-the-fly Rules Machine that would interrupt anything daring to interact with Windows files/registry/scripts even folder creation could be mid-air stalled in flight and the end user made the rules best suited and that was that.

Is there anything similar? It's just seems (for me anyway, short of my virtualization, the same old same old yet once again where you have to throw down for Anti-Ransomware A along with Anti-Malware B, that require sending files remotely (cloud whoopee) to be scanned etc. etc.

This is probably why I am always on the hunt for this or that piecemeal inventions that can work at LOCAL (In Machine Only) Level instead of the relay route through other servers despite their claims to golden security.

Thanks to you Kee's too, and never stop looking for those freebie inventions that can make a difference where it really counts.

 

Yes, that software was really great. I've used Malware Defender those days and still think it's the best security related software I've ever used. But sadly those days are over.

 

They wouldn't have to be if enough effort was put into bringing them back again x64 bit brand. Of course that would also entail getting some sort of approval to make company with windows patchguard kernel amongst other agreements that are likely still off the table for now.

 

EASTER

Have you looked at Appguard. It isn't free most users here will probably stop everything. I know peter has or does use it but not sure if it has been tried against malware. I asked CS if she would but never heard back. For me do not think I would need Appcheck or the other one with all the overkill I have now.

 

BoreDog- Sorry, I thought that I responded to you! I actually have done at least 2 AG videos. And yes, especially in Lockdown it will stop virtually anything (except by those few providers on the Whitelist).

 

Got it. Thanks

 

I get that you're not impressed at the moment, but in my current setup a standalone anti-ransom tool would come in handy. But since HMPA perfroms so well in your test, I might give it a try. The problem is, that I'm afraid it will cause issues, same goes for Malwarebytes.

I didn't get it? You probably mean that I didn't like SBGuard?

 

I would view the video CS recently posted of HMP-A on malwaretips.com first .............................

 

Exactly my dilemma with those (2). Issues are a big deal for me as well as Burps! and my system has had problems with those before. Guess i'm a bit leery about that but am used to things consistently running smooth like a well oiled machine.

A standalone/portable would be ideal but not so sure it could cover most the bases unless it was Embedded as the commercial one's do but I am all for portability!

Until such my virtualization/anti-exe/etc. and a few good backups will have to do. And they do very well thank you.

 

"Guys. Image your systems. Then if there is a problem just restore the image."

good advice and that is what I do.