Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.
Auto-updated to v5.2018.270.2797: https://www.ransomoff.com/changelog.php
When does it do an auto update
First you have to have auto-update enabled. It will still check for updates if disabled but just won't do the actual update, just notify. Otherwise it does a check on start and then will periodically check every hour or so.
Okay, I'v'e looked. Where do you enable auto update. Haven't found it yet.
Never mind, found it. Could have bitten me. It's on
I just started following this thread. I admit that I have not gone back through 42 pages of posts. But, I have a couple questions: 1) is this software primarily for business or personal/home use? I guess I haven't heard too often of personal or the average home user getting hit with ransomware? 2) do you really need this software if all of your browsing is done within Sandboxie? 3) I do use Outlook 365 for my email which is not Sandboxed. (I've never been able to figure out how to get Outlook 365 to work sandboxed.) I assume that this software could be very helpful in this case?
Someone else, indeed Dave himself, could give you a much more comprehensive answer but ...
1) It is free (so far), so I would guess primarily home use? 2) My primary requirement is for the folder protection it offers; I use it to protect external USB backup folders from anything but legit apps (Macrium, Bvckup 2, etc). In this regard, it offers the functionalitity of Secure Folders (but better i.e. folder / app combination), more like Excubits' Pumpernickel (FIDES) with a GUI. But it has an impressive array of other functions (besides Ransomware protection obviously, also App lockdown (anti-exe), HIPS-Lite, both of which can be turned Off/On and customised) - well worth checking out (after taking an image of course, ). Recommended.
I would also add my recommendation. I've wanted to use it for while, but my machine wasn't happy with it. Now with few minor changes I've made plus a major one Dave made it's on my machine and it's happy.
RO was derived from a different product of ours that's meant for business. While RO has some enterprise features, like the server compatibility, it really is meant for home use. Ransomware is a terrible thing so we wanted to get something out to help stop it.
I've known folks that have been hit with ransomware on personal systems. But everyone's mileage will vary. Obviously habits play a big part in your risk. Browsers themselves all utilize sandbox technology but there have been sandbox escapes. And browser sandboxes don't do anything if you download malicious software accidentally or on purpose (remember when CCleaner was compromised?). Adding an additional sandbox layer like Sandboxie doesn't hurt but again may not always stop everything, inadvertent or otherwise.
Like Paul mentioned, RO has a number of other features that can add to your defense in depth. The more layers the better but it comes down to what you're comfortable with. RO provides a lot of flexibility to get to the right balance and could be configured to provide protection to 365.
I have never used Ransomoff, but it looks appealing. I think that Memory Sentry Combined with Ransomoff would make a great product.
I read that Ransomoff has some memory protection in it to protect against fileless malware. I assume that is a mitigation feature taken from Memory Sentry. Is Memory Sentry close to having an alpha release, or has that already occurred?
From what I have read Ransomoff is something I would be interested in testing soon. I espcially like it's use of HIPS since i'm a big fan of HIPS when it is done correctly. I'm a little busy with school right now, but maybe soon I can do some beta testing if needed.
Best of luck. It's a, how should I say it, @Cutting_Edgetech ransomware + multi-defensive program that blows 'em out of the water IMHO.
Been absent testing many of these recents BUT downloaded the latest release yesterday and that puppy is going onto one of my Windows 10 units since I want to try to at least like Win 10 a little. On Windows 8.1 this program R0-knock the socks out of so many ransomwares samples I laid on it bare bones. Heck, the additional features is icing on the cake like the Lite HIPS + Anti-Exe etc.
Think you will be just as impressed and definitely even without testing, your good machine will be solidly sealed from ransomwares of any sort for certain. This thing is dangerous to ransomwares
Feedback on RO:
Happen from time to time.
When I start the computer up after, it been sitting over night.
Something RO will not load/start. Icon will disappear! Below is what
come up the desktop/screen.
Could not load necessary the shared resources(0x2),
RansomOff agend cannot continue
I check all updates on security software. ect...
Then when,I restart the computer the second time after it been sitting
for awhile about 5 minutes. RO will load/start.
Also, under View Alerts in RO, here what it said,
HIPS Lite Notifications
Windows Start Up Change (Registry) alert recorded at 2018 Sep 3014:49:522
Windows 10 Home Edition
Memory install 8.00 GB
64 Bits OS
Install Security Software on PC's
* Heilig Defense RansomOff
* Voodoo Shield
* Windows Defender
Any suggestions on how to correct this to keep it from happening?
In the future?
Under Advance Mode:
For now, I am going to turning off HIPS Lite! When, I am not
using the PC's. But when, I am would using the computer, I
will turn it back ON!
There maybe a very little problem with Sandboxie with HIPS Lite.
Ummm! Not sure!
I also had similar, with and without that message, on more than one version, but never isolated the problem with the dev.
However, I have never had it since unchecking 'Enable self-protection' in Options. You can try that?
Though I also have Sandboxie, so you may be onto something there.
I thought I would give Ransomoff a try tonight. Upon rebooting to complete Ransomoff installation my machine began to freeze. I ignored it because it did not freeze for long at first, but my machine was noticeably running much slower than before (applications were taking a long time to launch). After browsing online for about 5 minutes my browser froze, and stopped responding. My browser never recovered. It was just stuck frozen on the screen. I tried accessing Ransomoff tray icon settings, and it informed me that it was connecting to the service (this went on for about 6-8 seconds before connecting). I'm not sure if this is expected behavior, or something is causing the service to crash. I never checked to see if it was actually running or not. I have attached a screen shot of the prompt informing that it was connecting to the service. Is this expected behavior? Shortly after that Windows stopped responding, and after waiting for about 15 minutes it was not showing any sign of recovering so I did a hard shut down.
I rebooted a couple of times, and tried doing simple task like surfing the web, and each time Windows began freezing, and each time it took 2-3 minutes before Windows began responding again. Applications that were already open before the freeze began stopped responding as well (browsers, pdf reader, and flashcard app). At least I did not have to do a hard shut down again, but I did not use Ransomoff long after that because i'm swamped with school work.
I'm using Windows 10 x64 Pro version 1709. I think the problem was due to an application conflict with either Eset, AppGuard, or Malwarebytes Anti-Exploit. I believe it was most likely AppGuard, or maybe MBAE. I did not have any time for testing, but I though I would report my experience. I will have to try it without AppGuard, and MBAE next time to see what happens.
FWIW I do have RO installed (without issues so far) alongside AppGuard Solo v18.104.22.1680 beta, but AppGuard is 'Off' at the moment and not customised, as I haven't had time to start customising and testing yet.
@paulderdash appreciate the feedback! I will give it a shot!
@Cutting_Edgetech " rebooted a couple of times, and tried doing simple task like surfing the web, and each time Windows began freezing, and each time it took 2-3 minutes before Windows began responding again. Applications that were already open before the freeze began stopped responding as well (browsers)
I only have been experiences this with various BROWSERS. For example, Brave and Mozilla FirefoxThis only happen if you go to use RO before letting it set there for a few minutes.
Key is to let your PC sit for a few minutes then start using your PC.
Currently, using Puffin Browser for window and it seem to be working very well.
Keep the feedback coming everyone.
@HeiDef, I will my eyes on Event Viewer! Like and Eagle!!!
There is nothing in RO based on Memory Sentry. And we don't have a plan to release Memory Sentry for consumer use at this time.
For your other issues, the first reboot after installation is always the longest but in your case, it does seem as if something went wrong. It would not be surprising if there is a conflict with some other security app. If their driver or service loads before RO and they block operations that RO needs then it would easily cause problems. It sounds like the service wasn't able to load properly which made things stuck (hence the freezes). When you have some time for more testing, I'd be curious to know if the service actually was still running when you experienced the freezes. If you could also check your Event Viewer for any signs of crashes that'd be helpful as well.
Like Paul said, he's been experiencing that same icon disappear issue and we haven't been able to identify the cause yet. It's something we are still working on but is difficult because we can't replicate on our test systems. We test with a few other security apps but nothing to the degree that some users use to lock their systems down. So, a conflict with other app (where RO is not able to perform an action it needs) is the likely cause but we haven't been able to figure out specifically what that is.
You can toggle individual HIPS settings on or off. The start-up change message most of the time is just informational. RO evaluates the change and it will either notify if it thinks it should or just note that a change occurred.
That might be a good piece of software to start testing against a little deeper. Maybe you can send me a message with how you have it configured so we can replicate your environment to some degree.
During boot up, RO has to evaluate each process to make sure nothing funny is going on. Based on system speed and the number of processes that load, and the fact that RO itself also has to load and compete for resources during boot, it can take some time to fully complete. That's why you'll have apps that appear to not load right away or freeze because RO has essentially suspended them while the behavior is analyzed. We use a number of heuristics to make this go quicker but a lot of things can throw it off because RO doesn't want to let something slip through the cracks. We are constantly tweaking and looking for efficiencies but given the way that RO evaluates programs, there are somethings we just can't loosen without sacrificing its effectiveness.
Dave - on that machine Sandboxie IIRC has no special configurations, all standard settings, only set to Program Start>Force firefox.exe.
But here is my Sandboxie.ini config. anyway ...
I haven't seen any issues between Appguard,SBIE and RO. I have noticed sometime going in and out of ShadowDefender RO seems to loose it settings. Will monitor.
Ransomware in particular is extremely-instantly aggressive in order to (just like some past file infector viruses) power it's way inside and unleash a torrential cascade of encrypting etc. R0 in my experience does an excellent preemptive suspension sweep to ensure integrity that files/processes loaded are not jumping onto channels or unloading into other files (ransomware behavior) issues to skirt around basic security programs they no doubt scouted ahead of time and have a fairly good idea how to circumvent-bypass those etc.
I not seen issues on this end but I will agree R0 adds something of a reasonable short delay on first start, if some call it that, while it clears that preliminary level and sets up normal monitoring as all other drivers-services-processes are acceptably safe.
There have been posts where users expressed concerns that their machine experienced some problem after first install. So did mine, but just like some other softwares, after continuous use (unless a real conflict is taken place between apps) I notice R0 settles in nicely and previous hiccups or whatever smooth out.
It's a beast this R0, and rightfully so, and well formed to take on and block with a vengeance what's become the most notorious of PC intrusions ever seen in modern times. Some machines just might not be able to handle over layering with multiple security programs and therein conflicts will be enevitable IMO.
Dave I have a question. i have auto update on, but it hasn't updated. Probably because it was block at initial install. I have downloaded the new version so should I install over the top, or uninstall and then install?
You can install over top. Just shutdown RO first.
Separate names with a comma.