RansomOff

Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.

  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Well said, Easter...completely agree. :thumb:
     
  2. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Just to give an update as it has been a bit quiet. We should be releasing an update likely near the end of the week. We are doing a UI redesign and it has taken a bit longer than anticipated. We do have a new feature ready to go so instead of waiting for the UI to be done we will release an update in the meantime. We are calling the new feature 'HIPS-Lite' and it will provide HIPS like detection focused on various ransomware behaviors. So, while the core RO detection is focused on ransomware file modifications the new HIPS-Lite detections will provide an even earlier warning of possible malicious activity.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    This just keep getting better.

    Thanks a bunch HeiDef and in my own opinion think that it's very sharp of your team to ADD yet another criteria to help offset matters.

    Just because most of the whole windows world have rallied to curtail the spread of ransomwares after all those previous barn burning intrusions unleashed, and basically have some provisions in place, does not mean they are done by any stretch.

    The bad guys always (as a common trend) simply lay low for awhile and then change tactics or other areas yet not as pronounced for security and now is that smart window of opportunity for security vendors just like Heilig Defense to enhance even more the defenses your software already employs by adding additional improvements like this.

    BRAVO!
     
  4. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    2,137
    Yet another silly program that you don't need with very basic common sense computing habits.
     
  5. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks EASTER. Always appreciate the feedback.
     
  6. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Where did that come from and why?

    Silly? Not so much when you pit it against some of the cleverest/severest of today's/yesterday's ransomwares and see positive results where data CAN actually be not only preserved but RESTORED without stopping to refit an image etc. Cleanup is bare minimal if any at all.

    Needed? I and likely others just like you don't "need" a program like this but i for one do choose to based on exceptional pre-protection against the wiles of crap coders who stop at no length to interrupt basic operations with those well devised, drawn up and then released to wild ransomware mostly forced straight into the stream of openings that prove to spread like lightning at times.

    But again every end user as well as business also appreciates having a near-failsafe software apparatus/protection standard which can smoothly integrate into their current system(s) that offers concrete tried and tested results against today's PC threats in ransomware especially. Notorious stuff if it gets the first toehold.

    Silly? Nah. You may have a different solution that better fits your expectations/preferences and there is where personal choice comes in at of course.

    But basic common sense computing habits doesn't always prevent and definitely can't guarantee these machines from being exempt from what can slip in and wreak mayhem least expected.

    FWIW, that's why there's some degree of appreciation most dedicated users can't help but to feel for to security software developers who have to go through great expense, time, and pains just to first meet compatibility issues with the Windows system itself, let alone drawing up and fashioning a workable reliable program that helps prevent against the ills that can be so easily pushed into these same systems, and most with horrid results if not also equipped with good security programs like this to intercept problems, and indeed in this case, even reverse the intended damage!

    But as mentioned, it's not for everyone. But silly? Not at all.
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Starting to feel like an unnecessary feature hips. Many users install hips like spy shelter and firewall hips with commodo and outpost. I hope it has a clean off switch to prevent conflicts

    Antiexe I can live with that overlap but hips is too far imo
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Is the update available now, or only near the end of the week? The site still shows 5.2017.214.6672 (RC1) - 1 Aug 2017.
     
  10. guest

    guest Guest

    Near the end of the week :)
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    OK, I wasn't clear. I thought maybe HIPS-Lite was 'in the meantime', and new UI at the end of the week.

    Edit: I actually have an experimental build v 5.2017.223.3909 (RC1) but it doesn't have an active HIPS-Lite, only a screen mock-up showing this.
     
    Last edited: Aug 30, 2017
  12. guest

    guest Guest

    Ah, ok. Yes, you're right.
    There will be an update in the meantime but it is not yet available as you have said. :cautious:
    I guess it is in preparation and will be released soon

     
    Last edited by a moderator: Aug 30, 2017
  13. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    It will have an off switch so you can disable.
     
  14. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Sorry for not being clear. HIPS-Lite will hopefully be by the end of the week. UI update will be later in the future.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb:. Looking forward to both.
     
    Last edited: Aug 30, 2017
  16. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    I have not tried the software but it seems like a nice program from all the positive responses here.
    I have a question:
    Is the Alert Window still the same as shown in this YouTube Demo Video?
    https://youtu.be/a8lBmQEIFMw
    If it is, then I have a feedback (Not sure if someone else pointed that out earlier)
    I feel that the DENY and ALLOW buttons should not be so near and of the same size !!
    This is because, one may then accidentally click on ALLOW button in place of DENY (if he feels the threat is real). Accidental click on DENY (in case of trusted program) is much less hazardous than the Accidental click on DENY (in case of unknown program).
    It would be best if the alert window be like Windows SmartScreen Alert, which keeps the Allow option slightly hidden.
     
  17. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks @sg09

    When you click Allow, it does prompt for a verification to prevent that very scenario.

    We are changing everything with the redesign so it will mitigate that possibility even more.
     
  18. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Great to know.. :thumb:

    I have just installed it :) and started reading all the posts in this thread :rolleyes:.

    A minor suggestion: When I try to minimize its interface it closes to tray, and when I try to close (X) it asks confirmation about quitting. It would be best if both Minimize and Close button closes the software to the tray (or may remove the Minimize button altogether) just like most Security software does. One can always quit the application by Right Clicking on Tray button.
     
  19. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    after a few submissions to virustotal today i am getting a captcha request which does not show up in the windows ransomoff generates.
    The window just shows a submit button and no captcha.

    After leaving it a while i can submit more files but this needs looking at.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    LOL, nice counterpunch. And yes I agree, pro-active monitoring remains important. BTW, with the new HIPS-lite feature, I suppose you mean that people won't have to respond to alerts, but it will automatically block ransomware when it tries to perform stuff like process hollowing/code injection? And can you post some pics of the what the new GUI will look like?
     
  21. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks for the report. Seems unusual that the captcha isn't showing as the RO window is just an IE browser instance. We will take a look at it.
     
  22. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    For HIPS-Lite, you'll have options similar to the App Lockdown settings. That is, you can set it to auto block all processes, auto block all unsigned processes, auto block all except Windows processes, or allow RO to make the decision. You can also set it so you are always notified. This can be set at the individual detection level. Some of the detections are more sensitive than others so we are giving you more control with how you can respond. There will also be preset settings tuned for specific user groups (i.e. novice, experienced, paranoid) built in for easier configuration.

    Process hollowing is independent of any setting and can't be turned off unless the main ransomware protection is disabled. That also means you'll always be notified if detected unless the process has been exempted. As for code injection, RO's code injection protection only covers system processes and is currently controlled by Policy Enforcement (one big option that covers multiple things) so with the HIPS-Lite roll out, we are getting rid of PE and rolling all PE settings to be under HIPS-Lite.

    We are not quite ready to release any UI update shots yet. We've gone through numerous mocks up and designs and only recently settled on the way forward. So still a bit of work to be done before it's ready for show. It's pretty cool though.
     
  23. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Will the captcha show, if IE is uninstalled, via "add/remove Windows features"?
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK thanks for the info. I do believe that blocking process execution isn't really a necessary feature. I would focus more on behaviors that are related to ransomware. And when the GUI is ready, please post some pics, can't wait.
     
  25. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Tried it !!

    Version: Not sure...
    Installer Name: RansomOff.5.2017.214.6672.RC1.x64

    Running smooth for some days and thereafter caused three BSODs due to HDRansomOffDrv.sys

    Uninstalled it but the Driver files remained in the Drivers directory. Had to delete those manually.

    I am using Windows 10 Pro 64bit with all latest patches installed.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.