Hi Dan A Happy New Year to you. Just a quick update to say that I have not come across anything untoward re. the current beta/RC. WIll there be another RC or are you gooing to go for 'lift off' shortly? Regards, Baldrick
Good to hear. Well we are coming up on the 1 year mark of when RO was first released so it's probably about that time. A few things still need fixed up but we are getting close to finally shedding the beta/RC label.
BTW, I saw this interesting article. Does RO make use of similar detecting techniques? https://objective-see.com/blog/blog_0x0F.html
It's specific to OS-X but the techniques are generic that enough that they can be ported to any system. RansomOff uses entropy in some edge cases but doesn't rely on entropy in its primary detection method. Using time is also a bad indicator because it assumes all ransomware does things quickly but a small delay will defeat the check. Either way, I'm sure RansomWhere? is effective against a lot of ransomware, but its not a method that RansomOff uses.
OK cool. I've always wondered why anti-ransom tools have a hard time to offer 100% protection against all ransomware variants. So that's why I find this kind of inside information interesting to know.
What a nice rare delight. With many security software releases it's been my view pushing them out before actually ready as fully released didn't or doesn't always equate to being a truly finished product followed then by user frustrations, complaints, disappointments. I'm sure others can share the same sentiment that it's better to isolate all possible issues despite the time differences that may take until the whole ball of wax is as refined and compatible as humanly/machine possible before assigning the end product a release. Like any and everything else, even then things can crop up but by then those can always go to next to-do list for future reference and add to the discovery/learning lesson. After all, these type of specialized programs have quite a job to do in putting on as many and as useful prevention barriers against mal-intrusion as can be fashioned. Almost like a spaghetti in a bowl. Thanks HeiDef for all you do, your patience, and all the partners right here who continue to be a real asset toward better PC security for us all.
Hi Heidef Reading the documentation and found one disturbing thing. On the Application Lockdown, it doesn't persist through reboot, but has to be turned on again. To me it's one of the features that make this program strong, but it HAS to persist through reboot. Pete
Was interested in this part of one of your response. When you state "other users" do you mean so that you can make general recommendations here? Or for a much broader audience? Perhaps like you, I see little value in this product for me personally (Not that I do not see it as a cool app - I DO.). But like you, I like to find interesting Apps that I might suggest to others who might find the App of use. cheers
There are a few issues with persisting App Lockdown through reboot which is why RansomOff doesn't. Unless you set a list of all programs allowed or denied, App Lockdown is really only useful when a user is logged on. All the stuff that occurs prior to the first login can't be user evaluated so it will either default to allow or deny based on settings. But in the case that a critical system process is denied during boot, then it can cause the system to not load. So there is too much risk with keeping it on if things are not setup exactly right. There are two settings that allow a persistence-like mechanism. First is the auto-turn on after login. You can set a delay of when App Lockdown will turn on after your session has started. And you can set it to auto turn-on based on if a process loads. Obviously you could set it to something early on during system booting but if settings aren't correct, the system will likely freeze. So we just try to reduce the risk but the tools are there if you really want to.
Looks to been quiet around here a few weeks. I assume all is still a-ok with Ransom0ff rolling ahead with modifications/releases etc Went thru a rough rider surgery and still building back to full strength, so theres some cobwebs to clear from my units. Happy Spring all and it can't get here fast enough for this user.
Agree fully on Spring! We should be releasing an update shortly. There were a few things we needed to fix with the RO client but we spent some time cleaning up the server component as well. We plan to make that available for download shortly for people to try out. We are also re-doing some of our back-end operations to not only support RO but also our other products (which aren't publicly available right now). Speaking of other products, we do have a few things in the pipeline that we'll be releasing over the next couple of months. And we actually just put up the docs and a video for AppPacCap (https://www.heidef.com/products/apc/index.html) which is a packet capture framework. It's like Wireshark but much more extensible. So stay tuned!
I am having problems running portable apps from a USB drive like ccleaner and Chrome portable. They seem to run after a fresh reboot but over a short time they become either slow or unresponsive. No other security softs other than what Windows 10 provides. Any ideas? I have added exclusions for these programs with no effect.
Since installing Ransomoff these programs either won't run at all (Chrome Portable) or very slowly (ccleaner) from a usb drive. I haven't evaluated other portable programs yet. Edit: OK these programs seem to be working now after rebooting the PC. Only ccleaner doesn' t seem to clean Chrome's cache and a few other files. 2nd Edit: Spoke too soon. Chrome portable would work for a while then quit working after a bit. Rebooting seems to clear the problem temporarily.
That's pretty unusual because once something is exempted like you said you did, RO leaves it alone completely. Is it only the portable apps showing problems? Do any other regularly installed applications also have issues? When you start to get slowness, take a look in the task manager to see what kind of memory usage the slow apps are using. If the memory usage ballooned then that's an issue that we would need to look into deeper.
All installed programs are operating normally. I see minimal impact in this regard. Chrome portable is now only showing up in task manager for a second or two then terminating. The only other issue I see atm is neither Privazer or ccleaner are able to completely clean installed Chrome's cache. It is installed in Program Files (x86).
That is very strange. Is Chrome crashing or just closing? If it crashes there should be an entry in the Event Viewer under Windows Logs->Application. And is Privazer and CCleaner throwing an error about not being able to clean the cache or are you looking at the cache directory and see files left over?
This problem occurs with Chrome portable when I have the HIPS lite option activated. After a fresh reboot Chrome portable will open and function normally for about 15 minutes (or opened and closed about a dozen times) then it will refuse to open on the screen (it shows up in task manager for a second then disappears). HIPS lite off It works fine. Also no Chrome errors in event viewer. CCleaner and Privazer (portable) are unable to clean the installed version of Chrome's cache completely along with a couple of other files. I know this by rerunning each and they always find leftovers. If Ransomoff is uninstalled they clean everything.
