Interesting AntiRansomware freeware

I really like this approach to thinking and respect the value that this represents. We all have different methodologies to our security setups with a great number of variables and it is that variety of choice that I enjoy the most. And while we may not always agree with everyone's choice of methodology or security setups in general, I think that from a community perspective we must respect everyone's opinions.

 

Well this started as a thank you and not as a "thou shall use this combination", next focused on other second line defense mechanisms like behavioral blockers (available as FREE in AVG which Rezjor is very enthousiastic about its ransomware stopping capabilities), now turns into freedom of speech celebration.

Freedom of speech is such a great good and a superb closing line for this thread

 

Reviewing AppCheck Pro's documentation, the only documentation provided in English, the software's core protection is the "Bleeding Edge Context Aware Engine" which they also use the acronym of CARB engine to refer to.

Per Wiikipedia:

Bleeding edge technology is a category of technologies so new that they could have a high risk of being unreliable and lead adopters to incur greater expense in order to make use of them.[1][2] The term bleeding edge was formed as an allusion to the similar terms "leading edge" and "cutting edge". It tends to imply even greater advancement, albeit at an increased risk because of the unreliability of the software or hardware.[3]

Ref.: https://en.wikipedia.org/wiki/Bleeding_edge_technology
​

 

can someone confirm this appcheck won't install in shadow mode. just wondering if it is just my computer or not?

 

i guess that's better than "Nitro-enhanced protection" , " absolute security and uncompromising performance" , "averting damages of over 600€ per attack" , "ultimate weapon" or "ultimate protection".

 

Works OK here
Also seems that the Pro version will protect the MBR among other extra's

 

It will be interesting to know what the price will be once its goes mainstream in the market.

 

They still working on preparations for International exposure, one representative/developer told me via email (Ikko from CheckMal). Once they are ready they will let us know the new website and prices for international customers.

 

Did they tell you more or less when this will happen?

 

One other point that hasn't been mentioned about this dual Cisco MBR + AppCheck combo.

It does nothing to protect the drive's Master File Table(MFT). There has been a least one strain of ransomware that targeted the MFT and its mirror backup file. If the MFT is corrupted in any way, none of your files on that drive are accessible. Therefore, your best overall mitigation strategy is to do periodic image backups.

 

No, not at all. But how long it would take to set up a new international website, designs, translating to English, etc. just by one person, Ikko in this case.

 

dark star did you set it up while in shadow mode with shadow defender?

 

Yes. Entered Shadow Mode and then ran the AppCheck installer. No problems at all.

 

dark star windows 10?

 

Windows 7 sp1 x64

 

appears I can not even install anything when not in shadow mode. locks up windows explorer . I don't feel like restoring an image for that just yet.

 

It can be a problem with Smart Screen on your system, disable it and try it again.

 

@boredog:
"Malwarebytes Premium, AdGuard 6.1 Beta, Malwarebytes Antiexploit.
WinAntiRansome Plus, Cylance Protect,
Maricum Reflect Free, CCleaner PRO
AppGuard, Voodoo like you do shield 3.50 beta
Only the Shadow Knows Defender"

Are you running these all at the same time?
No need to ask, this will cause problems....home made problems.

 

Maybe something is lost in translation, but why ask then?

 

About Cisco's MBR Filter driver ................

Yesterday I finally got around to creating a Win 10 recovery drive. Ran the utility and got to point where it instructed to insert the USB drive. Note that the utility will reformat the drive. It ran a bit and crapped out with a message there was a problem and the utility could not continue. OK. Maybe there was a problem with the drive. Tried another USB stick and same thing happened. WTF? Went into disk management and saw both drives had been wiped clean and in a totally unformatted state! Then the "light came on" about having previously installed MBR Filter driver.

First and most important. MBR Filter did not prevent the drive from being trashed. All it detected was the attempted to reformat any already trashed drive Next, there was no alert from MBR Filter about the reformat attempt by the utility.

I then followed Cisco's instructions on removing the MBR Filter reference from the registry. This allowed recovery drive to reformat the USB stick and successfully complete. However, as suspected, this does not remove the driver and it still will load at boot time. I had to manually remove the driver. Also with the MBR Filter driver removed, I saw clear evidence it was interfering with Eset's driver loading.

 

hitithome. I had all that software disabled but this morning I tried it again and it worked just fine. not sure why but I had removed a few extra filters from adguard. appcheck is running ok now while in shadow mode.

 

I am with you and itman on that.

I don't trust the way that they present it as a prevention measure but redirect to GitHub for "those" instructions to remove it.

Something like that to me screams BE CAUTIOUS.

 

Pure magic, software which reigns over its grave after being de-installed.