RansomOff

Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.

  1. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    We actually got RansomOff, AppCheck and WinPatrol WAR all installed and running at the same time. While they all run together initially, long term it's tough to say how they may interact so caveat emptor. But interesting to see which product detected various ransomware samples first ;)
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    By the same token, would RansomOff 'bump heads' with HmP.A's CryptoGuard component? Could you also test that?
     
  3. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Can't say for sure but we'll give it a go to find out.
     
  4. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Salutations/Greetings!:geek:

    What would Antiviruses or security software suggest using with RansomOff?
    For a layering effect! Just in case the other security software misses the malware?

    Kind Regards,
     
    Last edited: Apr 27, 2017
  5. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    We noticed a few adverse effects with RansomOff and HMP.A. We tested both on a Win10 x64 VM. A few times at start up, it appeared as if HMP.A prevented RansomOff's service from loading which caused a system freeze. It didn't happen all the time but it's something we'll investigate more. We were only testing the trial version, but HMP.A's scanning would not run. It just simply said 'Failed.' We also noticed some third party application freezes which is likely due to the "head bumping" between the drivers. Obviously we want RansomOff to be compatible and complementary with other security solutions so users can create a layered defense so these are issues we'll look deeper into.
     
  6. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Hi @Moose World. The layering that you require really depends on your risk profile as a user. If you are "fast and loose" then you'll definitely want to layer up on various defensive products but if you are more disciplined then having a few tailored options to cover some of the more severe issues may be ok.

    RansomOff is strictly looking for ransomware, so if that's a primary concern for you then you should definitely use it or some other solution solely designed for ransomware. We obviously are a biased source of information so we'll leave it to the other smart folks on this forum to provide suggestions on other security options. But again, it really depends on you as a user to figure out what works best for you.
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    Thanks @HeiDef.

    Testing RansomOff 5.2017.116.7686 (Beta) on my secondary machine (no HmP.A, or other anti-ransomware softs).

    So far I have received two FP ransomware alerts for ccleaner64.exe and dropbox.exe, so I have exempted them.

    FWIW after initial install and reboot, Aduard and VoodooShield did not start. I could not start Adguard service in services.msc either (service not found or some such message, even though it was listed though), though I could manually start VoodooShield. I have subsequently reinstalled those programs and all seems OK, so it may be nothing to do with RansomOff, just coincidence, but you may want to check those.
     
  8. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks for the feedback. We'll definitely look into these.
     
  9. guest

    guest Guest

    New beta-Release:
    RansomOff v5.2017.119.4637 (Beta)
     
  10. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    Just a thought, I am wondering if I install Sandboxie, Shadow Defender would there be a conflict between RansomOff newest beta?
    Anybody?
    There is no conflict between Sandoxie and Shadow Defender period. You can run both at the same time!!!
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    Auto-updated!
     
  12. guest

    guest Guest

    :thumb:
    Yeah, this feature was added 2 weeks ago:
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    Kudos to @HeiDef who is also very responsive and helpful.
     
  14. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    I addition to the auto-update feature working fine, it was nice to see that RO did an improved job cleaning left over crap from ransomware. An example is RAA ransomware: It formerly stopped the encryption process fine, but did leave residual ransomware relics in various places. Now all of these things are detected and automatically deleted leaving the system totally clean.

    Isn't it pleasant when a developer makes constant improvements to a product?
     
  15. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    The next update, which should be in a few days, will have registry clean up as well. Good for any ransomware that adds a start up entry or something like Kangaroo that adds a bogus legal notice to the winlogon section which is displayed on start.
     
  16. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,917
    Is it compatible with Kaspersky Internet Security?
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi HeiDef

    Found what seems like a big overlook. I suspect there is a good reason for scanning what is the folders of security software. But you forget the stuff is not only installed in Program Files, but Program Files (X86)
     
  18. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    The latest update improved compatibility with existing security software. We haven't fully tested with KIS yet but will try it out and post back if we notice any issues.
     
  19. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks @Peter2150

    The installer uses WMI to query Windows to tell it what security software is installed. Generally only third party AV and firewalls register with Windows for a few reasons. But RO will only automatically finds what Windows tells it. We could add some of the more popular security tools to search for but keeping lists like that is difficult and time consuming. So that's why it has a manual option to add other security product folders because the user knows best what's on their own system.
     
  20. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,917
    OK, thanks for your post. Much appreciated.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    No problem doing it manually, just let it do Program Files (x86) Don't make it to complicated.
     
  22. guest

    guest Guest

    New beta-Release:
    RansomOff v5.2017.124.3598 (Beta)

    Now it is able to remove artifacts from the registry
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Fix auto-update bug affecting Windows 8.1 systems <--- Thanks!
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    Still on 5.2017.119.4637 but will await the auto-update.

    I have been giving them some feedback, to which they have always promptly responded, and as a result fixed some issues with Dropbox and LibreOffice.
    Some security apps, like Adguard, need to be added to exemptions.

    I think this is a promising product and it would be good if @cruelsister could review it again when it come out of beta. :)

    Edit: I am impressed at the rate they are working on this, and their responsiveness to suggestions.
     
    Last edited: May 4, 2017
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Does this require a reboot to function?

    Version 5.2017.124.3598 (Beta

    Released 4 May 2017

    • Added registry artifact cleanup.
    • Added ability to delete recent file or registry start up changes.
    • Fix auto-update bug affecting Windows 8.1 systems.
    • Modified installer to allow for over-the-top update without uninstalling first.
    • Updated database update procedures to keep existing data.
    • Published documentation to website.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.