Or simple use noscript.exe by Symantec to disable the whole Windows Scripting Host. http://i.imgur.com/kMBMacz.png Then check and configure the following value: https://gist.github.com/stamparm/021281a6f7bd405b5b29dd9ed240f2de https://labsblog.f-secure.com/2016/04/19/how-to-disable-windows-script-host/ Btw CryptoPrevent also has an option to disable WSH: http://i.imgur.com/ZGeXmkb.png
There's always an option to disable the Windows Script Engine, Powershell, etc. But if a person sees the need to do this they are in essence admitting that is whatever Protection methods are being used are inadequate. Personally I prefer an overall solution that does not need the user to shut things down in order to provide adequate protection. But maybe that's just me...
I have done so for some time with zip negative effect other than a HIPS alert when I manually run cmd.exe(also one that should be monitored) or PowerShell. Now a software developer and the like would of course have issues with these restrictions.
I block all those processes with Appguard. Have never seen a negative effect. I don't call that a weakness, I call it smart.
I also block these processes, err, well rather ERP does it for me. ERP alerts and holds them up like a HIPS where you can read the paths/filename/destination etc.
Well, I have trust in my security setup but don't really see a reason to keep it enabled since I don't use it. Disabling a unnecessary and dangerous feature for extra security never hurt. It is called hardening of the OS. Call me a noob if you want but I don't care. +1
New beta-Release: RansomOff v5.2017.116.6374 (Beta) Edit: RansomOff v5.2017.116.7686 (Beta) https://www.ransomoff.com/#downloads
Thanks for posting these updates. If you dont mind me asking, do you use any software to monitor the web site for changes or is done manually?
No, i don't monitor them. Sometimes i look for updates, and if i can find an update i'll try to post it.
@mood As someone who has looked at these softs and having some insight into how they work, could one run RansomOff alongside HMP.A and AppCheck (your sig). Would there be any benefit, or are mechanisms similar and cause conflict? I run HMP.A CryptoGuard (AppCheck excluded in Exploit Mitigations) and AppCheck free on one machine, just AppCheck free on the other. Was wondering if I could play with RansomOff alongside on at least the latter machine, or should I remove AppCheck first.
I would at least remove AppCheck if you want to test RansomOff. They are both "Anti-Ransomware"-solutions, so it might be better to install only one of these products.
Trying to download x64 version, just get an error screen. Dunno if it's just me, or a temporary Heilig Defense glitch.
It was just a few minor bug fixes of things we found after posting the previous version. But we just added a new change log entry to reflect that.
Concur that it's best to only have one solution of something running. Generally products in the same category bump heads. We'll test it out though to see what issues, if any, do occur.