RansomOff

Discussion in 'other anti-malware software' started by co22, Mar 28, 2017.

  1. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Yes. When ever it auto-updates, the system will need to be restarted for changes to take effect.
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Then sorry because I don't install anything that takes an reboot to function since I install all new programs in Shadow Mode.
     
  3. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    On install there is add button, please explain in regards to Window Creator?
    Because I add Windows Defender and restarted my Laptop and would NOT
    reboot. Missing necessary boot sector files?

    :'(
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    That is usually common practice for most update/upgrades so thanks for the reminder.

    You guys are really pressing ahead on the improvements. Keep up the pace. It's been fairly regular for sure.
     
  5. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Hi @Moose World. Sorry to hear you are having issues.

    First, the add button is to just add additional directories that RansomOff will exempt processes in. It's mainly designed for other security software and Windows Defender is generally added automatically. Not sure what you are asking with regards to Windows Creator. That's just a new Windows version and shouldn't have any bearing on the exemptions list.

    Can we ask a few questions to help us figure out what happened? First what is your OS version (Creator we are assuming) and architecture (32/64 bit)? You posted a thread earlier where you were asking about Sandboxie and Shadow Defender and possible conflicts with RansomOff. Did you install RansomOff with either of those programs running? Do you have other security software running besides Windows Defender? Does the boot error message name the file that is missing? We haven't encountered that error before but have a feeling it's related to the MBR protection driver. If you had a virtualization program running while installing it may have interfered with proper installation.

    RansomOff creates a system restore point before install so if you are able to boot into Safe Mode you'll be able to rollback the installation.
     
  6. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks. We just want to make a good product that folks want to use.
     
  7. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    No worries. Everyone has their own preferred setup. Plus you probably don't need the protection that RansomOff provides if always running in Shadow Mode anyway.
     
  8. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    @HeiDef

    FeedBack:

    Can we ask a few questions to help us figure out what happened? Yes!
    First what is your OS version (Creator we are assuming) and architecture (32/64 bit)? Creator, X64 Bits
    You posted a thread earlier where you were asking about Sandboxie and Shadow Defender and possible conflicts with RansomOff.Yes! Did not want any headaches!
    Did you install RansomOff with either of those programs running? Do you have other security software running besides Windows Defender? Yes, AppCheck, Voodoo Shield Pro, Sandboxie and ShadowDefender.
    Sandboxie and ShadowDefender are on demand!

    Does the boot error message name the file that is missing? boot mgr is missing
    We haven't encountered that error before but have a feeling it's related to the MBR protection driver. Not sure
    If you had a virtualization program running while installing it may have interfered with proper installation. No! virtualzation running at all.

    RansomOff creates a system restore point before install so if you are able to boot into Safe Mode you'll be able to rollback the installation. No Safe Mode! But under advance, I was able to get to system restore,
    in which, I did a system restore the day before!

    Install on 2 pcs so, one it well on and the 2nd one it had headaches!
    I have a total of 5 pcs.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Tried to see if Moose World's current issue might cause some concern on mine Windows 10.

    I just want to confirm for sake of discussion (if applicable) that RansomOff install to a current version of Windows 10 x64 Enterprise Version so far shows compatibility even in tandem with, in this order for me.
    • Shadow Defender (Install)
    • Appguard (Install)
    • RansomOff (Install)
    Only just getting the feet wet with this Mr Crypto junk but man that stuff is horrible.
    The files were preserved nicely enough but Cerber left a collection of copied junk behind.
    Shadow Defender dismissed it as usual. Need to study it more before running Full On RansomOff alone with confidence.
    Turned Appguard OFF by the way so it was just Shadow Mode + RansonOff. I'm new to this garbage so bear with me.

    Was somewhat concerned with Moose World's issue so made an attempt to duplicate but looks like Shadow Defender OFF or ACTIVE did not prevent normal operation nor seemed not to interfere with normal boot up after a Reboot either.

    I make mention of it because was not sure if the competing MBR protections might overlap/interfere or make some issue similar to what Moose World has experienced.
     
  10. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks @EASTER

    We are playing with SD now as well to see if there is some interference. So far, we haven't had any issues. We'll have to start adding AppCheck and Voodoo to try and recreate his environment the best we can.

    When you ran Cerber, did RansomOff alert or did one of your other solutions kick in first?
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    RansomOff popped up the Options Alert Screen! FIRST!

    DENY of course. Had Appguard 0FF as mentioned above.

    I am experiencing some screen error [Blue] NOT RELATED to RansomOff. Systematically drilling backward to discover just what.

    Been a long time since messing with Win 10 because I don't care for it. Am a Windows 8.1 fan.

    As far as I am concerned though Shadow Defender isn't any issue on this end. Gonna pull the other safety app and play a bit too.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Interesting, always a good reminder that you should be careful before installing and combining security tools.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Most especially while they're in BETA :cool:

    Always keep a READY IMAGE handy in case of severe conflict is a MUST
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    I am curious if anyone is successfully running MB3 3.1.1.1722 beta alongside RO.

    I have whitelisted all MB executables in RO, but I am getting the following errors in MB3:

    'Unable to contact license server. Check your network settings or contact your system administrator for help'.

    and

    'SSL validation error
    There was a problem validating SSL certificates. Please launch IE once and try the operation again'.

    I have not previously had this issue and was wondering if it could be RO-related, as RO has only recently arrived on that machine?

    Of course it could equally be MB3, which is also beta, and I have posted and sent logs on their forum but thought I'd ask here in the meantime.

    I do not otherwise have any network issues on that machine.
     
  15. guest

    guest Guest

    I think you can find it out after uninstalling RansomOff.
    But for me it could be rather a MBAM3-Issue. :cautious:
    Uninstall RansomOff and see if it can connect to the license server.
     
  16. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks for the heads up. We are looking into it now and hopefully we'll be able to figure what's going on and if it is caused by RO.
     
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I was running a scan with Rogue killer the other da while in shadow mode and blue screened. Only time it has ever done that.
     
  18. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Definitely an interesting problem. It's an issue with the SSL handshake where the client (MB3) can't validate the sever certificate. We haven't figured out why that's the case yet but it doesn't seem to be just a RO problem. Even after we completely disabled RansomOff and restarted the system, we still got the "unable to contact the license server" error. We even did a reinstall of MB3 without RansomOff running but still got the error.

    When MB3 was initially installed while RansomOff was running, there seems to have been some interaction that's causing this. On a fresh VM without anything installed, MB3 is able to connect. We will keep digging to figure out what's going on.
     
  19. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    HeiDef- You really, really have my utmost compliments for the time it takes you to follow up on issues presented. There is no "we'll just blow this one off" with you guys, is there?
     
  20. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,176
    Location:
    Canada
    How do I uninstall Ransomoff from my PC. The program is not listed in the Uninstall Control Panel?:(
    Thanks
     
  21. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Thanks @cruelsister

    The way we see it is if people take the time to use our product and provide feedback then we need to do right by them and get their issues fixed. It makes for a better product and hopefully happy future customers. :)
     
  22. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    That's strange. There definitely should be an uninstall listing. Either way, just go to the RansomOff installation folder (by default it's in C:\Program Files {(x86) if 32 bit}\Heilig Defense, LLC\RansomOff\. You should see an executable called hdransomoffinstall.exe. Just run that and it should give you the uninstall screen.

    Just curious, what OS and architecture are you running? Did RansomOff install successfully?
     
  23. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,176
    Location:
    Canada
    Thanks for your input HeiDef. Using Win 10 64 bits.

    There was definitely no uninstall listing, even Revo Uninstaller could not find any! And yes RansomOff install successfully and was functioning O.K.
    for the last two weeks. The reason I uninstalled it is because I feel I don't really need it for now with Voodooshield I think I am well protected.:)
     
  24. HeiDef

    HeiDef Developer

    Joined:
    Apr 6, 2017
    Posts:
    388
    Location:
    Arlington, VA
    Hey no worries. Glad to hear no issue when you were running RansomOff. But hopefully we can win you back with our upcoming release. Have a couple new features that we are pretty excited about.
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    I didn't try uninstalling RO, only tried turning protection off without success.

    They are indeed amazing.

    We figured out it was a conflict with the certificates that RansomOff adds during installation and the certificate chain MB uses in it's SSL communications. We both use DigiCert for our cert CA but for some reason, they are conflicting.

    We will work on fix for you to get MB3 working again and add this fix to our upcoming release.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.