Discussion in 'other anti-malware software' started by Blackcat, Dec 19, 2016.
Very beautiful software! Instantly neutralized the threat from the Rabbit.
In addition to RansomFree, use Cisco Talos MBRFilter https://www.talosintelligence.com/mbrfilter to protect the MBR, this pair really protects.
Does it still use bait folders?
Never mind, they do. No Thank you
Yes, CryptoPrevent creates folders with "HoneyPot" files on each partition of the hard drive.
HoneyPots are useless if crypto-ransomware starts encrypting hmm... network shared folders?
HoneyPots are very useful, they are needed to make it easier to detect the beginning of the virus. Here is an example of triggering in the CryptoPrevent.
But as long malware isn't touching honeypot files, malware won't be detected.
Aldist- actually Honeypots are not very useful. The theory is (and was once the case) that ransomware would attack the "low hanging fruit" first- this includes both Honeypot files as well as things that the User may create that resides in a directory on c: root. This would give an anti-ransomware application time to "see" what is happening and protect those things that they want to protect.
The downside to this protection method is twofold:
1). Essentially a Honeypot is indistinguishable from some directory that the User places on C: Root; also Fortress class ransomware will encrypt non-running exe and dll files in addition to personal files like doc's and jpg's. So when the Honeypot falls, so do these things (see my last video on Trend Micro for an example).
2). Many ransomware types can be termed Fast Encryptors; this type of malware will encrypt everything simultaneously: HoneyPot files AND your Personal files will fall at the same time.
ps- I really suggest that you do not rely on CP...
Separate names with a comma.