RansomFree by Cybereason

Discussion in 'other anti-malware software' started by Blackcat, Dec 19, 2016.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,473
    Location:
    The Netherlands
    You didn't test WannaCry? Perhaps you can test other samples, or have you stopped testing stuff? I really wonder if they have at least managed to fix this flaw.
     
  2. fmon

    fmon formerly: Impet

    Joined:
    May 5, 2013
    Posts:
    1,100
    Is it a good or useless protection? What do you think Rasheed? o_O
     
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,164
    Location:
    The etherlands
    Better to ask (pref PM) a tester like @cruelsister. She doesn't rate the 'honeypots' method.
     
  4. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,160
    Location:
    Paris
    It is a sub-optimal solution.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,473
    Location:
    The Netherlands
    It isn't rated very highly, but you probably already noticed this. But based on everything that I've read, it's not useless, it's able to block certain ransomware variants, but there are better options available. And it's still not clear if RF is able to protect multiple partitions.
     
  6. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,296
    As a behavior blocker, it blocks a threat based on what malicious software does. RF, like other other anti-ransomware is not 100%. There will always be something that can get through.
     
  7. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,555
    Cybereason RansomFree v2.3.0.0 Released (28 June 2017)
    Code:
    https://ransomfree.cybereason.com/download/
    Protection against Petya Ransomware has been added:
     
  8. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,555
    RansomFree v2.3.0.0 should be able to block it
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,972
    Location:
    DC Metro Area
    Yeah but as a 1-day, after the fact apparently.

    The World should be grateful for the vaccine identified by a Cybereason tech, but not necessarily for its RansomFree.
     
    Last edited: Jun 28, 2017
  10. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    573
    Location:
    Phoenix, AZ
    Why not? The fact that a Cybereason security researcher came up with a vaccine does not in any way diminish RF in my view. RF is free, is non intrusive, plays well with other security apps in a layered approach. Is it perfect? No. But then what security is fail safe. I, for one, use and appreciate it.
     
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,972
    Location:
    DC Metro Area
    hawki agrees he was too harsh on RansomFree for the reasons @aztony stated.

    hawki's knee jerked.

    Sorry
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,473
    Location:
    The Netherlands
    Does it protect all partitions? I've checked out AppCheck, but it generates too many I/O writes, which might be bad for SSD drives. So I may give RF a try.
     
  13. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    573
    Location:
    Phoenix, AZ
    I sent an email to RF support to ascertain that some days ago. I haven't received a reply back so far. As soon as I do I will post their reply.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,473
    Location:
    The Netherlands
    OK thanks. But I remember that in the past they claimed they protected all drives, but according to some members it still failed. I don't expect 100% security from these kind of tools, but if it can only protect one drive that's a big flaw.
     
  15. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    573
    Location:
    Phoenix, AZ
    RF support reiterates that claim.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,985
    You know it's funny. I've put RF on to test it, and there is one thing I detest. That is that Icon staring at me. That alone stops me cold.
     
  17. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    573
    Location:
    Phoenix, AZ
    LOL!
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,473
    Location:
    The Netherlands
    OK thanks for letting me know, hopefully someone can test it.
     
  19. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    573
    Location:
    Phoenix, AZ
    Also, this latest release has MBR protection, in that it backup the MBR and restores it if compromised.
     
  20. jimb949

    jimb949 Registered Member

    Joined:
    Jul 6, 2017
    Posts:
    18
    Location:
    LA
    When my computer starts up Cybereason RansomFree shoots a error message telling me I need to restart my computer. Anyone else have this problem?
     
  21. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,972
    Location:
    DC Metro Area
    After you uninstall RF, hawki assumes you will, you need to check running processes. On my rig the RF uninstaller left one of the two processes RF installs behind -- not nice.

    I reinstalled it and "uninstalled" again with iObit Uninstaller using "powerful uninstall" which checks for registry remnants, app data, and such -- same result = incomplete uninstall.

    RF has two "running"components. CyberReasonRansomFree.exe AND CyberReasonRansomFreeServiceHost.exe. The latter got left behind requiring further user action to remove.
     
    Last edited: Jul 17, 2017
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,473
    Location:
    The Netherlands
    BTW, I read that after uninstall, it may also leave a disconnected drive behind, is this correct? Based on what I've read, I decided not to install, at least for now.
     
  23. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,555
    Cybereason RansomFree v2.4.0.0 Released (07 Aug 2017)
    Code:
    https://ransomfree.cybereason.com/download/
     
  24. fmon

    fmon formerly: Impet

    Joined:
    May 5, 2013
    Posts:
    1,100
    Is it fixed in the meantime?

    However, RansomFree disabled automatic WLAN connection on some computer, sorry had to uninstall it finally.
     
    Last edited: Aug 21, 2017
  25. luckyguyinpa

    luckyguyinpa Registered Member

    Joined:
    Sep 5, 2017
    Posts:
    1
    Location:
    PA
    newbie here..be gentle :)

    i just installed ransom free about 2 weeks ago. last night i was looking to free up space on my C drive and noticed at the top and bottom of the directory list were strange folders with weird files in. when i tried to delete them ransom program said activity has been detected and do i want to stop it. i said yes of course. and windows explorer closed. but the folders reappeared again no matter what i do!

    are these the honeypots you guys are talking about ? that the cyberreason program is creating these folders and i shouldnt worry. i ran norton/kaspersky/malwarebytes/tdsskiller all with no detection. the only thing malwarebytes has been getting for the past week is PUP no drives and it does reappear every reboot even after quarantine.

    the files in the directories were things like PEM MDB along with word and excel and text files, SQL and JPG as well.