RansomOff

Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.

  1. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    685
    Location:
    Italy
  2. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    370
    Location:
    Arlington, VA
    Not sure I understand your question.
     
  3. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    685
    Location:
    Italy
    I think he is asking if RansomOff is more secure than Trend Micro Ransombuster...
    "Don't bother asking the innkeeper if the wine is good" :argh::argh::argh:
    By the way, I installed RansomOff a couple of days ago and I really like it :thumb:
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,329
    Location:
    U.S.A. (South)
    :cool::D
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,289
    Ransomoff can really button up your system. It's the only one of the "ransom" programs that I think is worth it.
     
  6. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    370
    Location:
    Arlington, VA
  7. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,517
    Location:
    South Wales, UK
    Agreed...:):)
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,329
    Location:
    U.S.A. (South)
    This forum already knows my satisfaction w/o expression.

    I am still and always will be amazed when while testing the beta runs-Ransom0ff rapidly and completely reversed In-Real-Time-Live those worse of the worse ransomwares let out to run on the box. It first stopped the main process in an instant-alerted-then scooped up that foul junk and left nothing to chance that would might restart again. This IS an awesome cutting edge deterrent against that form of PC intrusion.

    I could almost guarantee most if not all commercial AV's would have choked-blue screened-or otherwise gone confused on such matters. Call it an assumption but to a large degree a specialty program like this is proven vital against ransomwares specifically! Hence, well named :thumb:
     
  9. Scyna

    Scyna Registered Member

    Joined:
    Jan 30, 2015
    Posts:
    17
    Ransomoff kept discord from opening for me and i didn't see anything in the logs. When i disabled proctection nothing happen. When I closed ransomoff then the apps started opening.
     
    Last edited: Aug 14, 2018
  10. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    370
    Location:
    Arlington, VA
    Does discord start at boot or did you run it after the system loaded?
     
  11. Scyna

    Scyna Registered Member

    Joined:
    Jan 30, 2015
    Posts:
    17
    Discord starts at boot.
     
  12. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    Didn't try RansomOff for a long while, but in my security setup (WSA + ZAL) it seems to be redundant, isn't it?
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,289
    I don't think ZAL does, I've never tested WSA, but none of the traditional suites probably would.
     
  14. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    Thanks for your reply. :)
    FYI,
    • The new ZAL is just an upgraded version of ZAM, and its 'Pandora Cloud-Sandbox Technology' claims to have Ransomware protection, and according to a 2016 MRG-Effitas report, this technology makes Zemana perform best of the tested products.
    • IMO, WSA is packed with superior technologies in comparison with many of its competitors. According to a PCMag report of late 2017, its Anti-Ransomware is just as best.
    This is why I am afraid of a driver-level conflict of RansomOff with them. :thumbd: Perhaps, @HeiDef would suggest! :geek:
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,289
    I tested ZAM against live malware. wastn't iimpressed, but what ever
     
  16. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    370
    Location:
    Arlington, VA
    I wouldn't worry about driver-level conflicts. The bigger concern would be how RO and ZAL/WSA treat each other in user space. With proper whitelisting RO will leave those program alone but you would want to do the same exemptions so they also leave RO alone as well.
     
  17. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    370
    Location:
    Arlington, VA
    We've had reports of other programs sometimes getting stuck if started at boot so that's why I asked. It doesn't happen often and we have not been able to reproduce on our test systems so it's been hard to figure out why it happens. We'll continue to work on it to see if we can find a solution.
     
  18. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,801
    Location:
    Kolkata, India
    Understood :thumb:
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,329
    Location:
    U.S.A. (South)
    Someone either does some pretty dangerous exploring or else has a powerhouse system quite capable of supporting anti-ransomware layering :D Of which with that combo I wouldn't be afraid of "directly" running any ransomware out there-even their latest junk. LoL

    @sg09- You should be quite safe in that regard-Ransom0ff on it's own is proven really quite formidable in it's own right. Coupled with other security solutions is icing on the cake :thumb:
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,546
    Location:
    U.S.A.
    In the last MRG 360 comparative here: https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG-Effitas-2018Q1-360-Assessment.pdf, ZAM tied for last place in ransomware protection.

    As far as Webroot goes, MRG certified it here: https://www.mrg-effitas.com/wp-content/uploads/2017/02/Webroot_AMTSO_report.pdf. However, that certification expired 12/21/2017.
     
    Last edited: Aug 16, 2018
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,329
    Location:
    U.S.A. (South)
    Never before had seen a security solution slam-tear and then scoop up ransomware as Ransom0ff does. It takes a lot to impress this ole hat, but what was witnessed with the naked eye on a raw system time & time again was nothing short of amazing. A lot of thought-turned effort went into that program and produces results. I admit I even had my doubts at first and run it in Shadow Mode. Not good enough-had to turn the junk loose without virtual support and watch the scramble and then eat the results. o_O

    The results as it turns out blew my mind, and blew away the ransomware. That rapid recovery system built-in Ransom0ff is eyecatching as well. Great stuff. Well, to make a long story short, it only got better :thumb:
     
  22. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    199
    Location:
    UK
    I'm having a real problem trying to install Ransomoff on this system. I did have a very early version installed at one time but now when I run the installer for the current version I get this message
    "
    [*] Starting RansomOff uninstall...
    [*] Uninstalling RansomOff...
    [!] There were errors removing all RansomOff components.
    [!] Please make sure RansomOff is no longer running and re-run this uninstaller."

    Any suggestions please?
     
  23. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    103
    Location:
    Bulgaria
    Hi HD,

    I would like to report a few issues I encountered while I tried the software.

    1. The setting "Only allow admin group user to close" doesn't work as expected since my account have admin rights but when the setting is selected and when I try to close the program it says "You do not have the appropriate permissions to shutdown RansomOff". I guess this shouldn't happen? I unchecked the box for now and I was able to close the application (for testing purpose). However when I started the service manually using the net start HDRansomOffSvc command it took a lot of time for the program to connect to the service but it loaded successfully. I was a little inpatient the first time and I closed the program with the Exit button

    https://i.imgur.com/DzwCgdw.png

    and it crashed with the following error

    https://i.imgur.com/1JkOH59.png

    but I gave it enough time when I ran it again and it loaded successfully.

    2. The master password setting need a little tweaking. The box where you should enter the password hides below other program windows and you are unable to enter the password. I had to kill the application and remove the master password for now.

    I am pleased with the performance of the program and congrats for the result here => https://www.youtube.com/watch?v=1eHqkG86ayU

    However it will be good if someone can test it against RedEye, Kraken, PyLocky and the latest variants of Dharma (*.combo etc).

    Keep up the good work!

    Btw: Another channel where anti-ransomware tools are tested is the one below:

    https://www.youtube.com/channel/UCbjRDDLzQ6jLYBrU0BPGbrA/videos


    Regards,
    Georgi
     
  24. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    370
    Location:
    Arlington, VA
    The installer sees an existing reference to the old version in the registry either because the earlier unininstaller didn't remove it for some reason or it would still be there if you just deleted the files. But it's an easy fix.

    Open an elevated RegEdit process and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Heilig Defense, LLC\Installer\ and then just delete the 'RansomOffClient' key. Once you delete that, the installer should work fine.
     
  25. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    199
    Location:
    UK
    Nope, didn't work. I'm now getting the message in the screenshot. I've hacked out all references to Heilig Defense and Heilig Defense LLC.
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.