What is your security setup these days?

dj, you can try filling the drive with junk files multiple times as a last resort.

 

Certainly.
Local resource replacements are better because Decentraleyes resources are too outdated.
Example.
In the website below:

https://meafarma.it/

there are 2 local replacements with LocalCDN.
Zero replacements with Decentraleyes.

Another possible test is LocalCDN's "Worst-Case" test:



With LocalCDN only 1 test failed in chrome-based browsers.
With Decentraleyes they all failed.

It is a bit difficult to delete all the rules in UBO once you decide to do without the extension.
But I have already memorized their location.
However, it would also be possible to write only 2 rules,obviously to the disadvantage of UBO's performance.

@Page42

I hope my answer is also satisfactory to you.

P.S.

Regarding the privacy functionality of the extension in chrome-based browsers I defer the decision to users.

In Firefox thanks to the Total Cookie Protection feature the extension is not necessary.

 

Great to know that AppCheck really is capable to block the newest ransomware samples!

 

Your input is appreciated. I have (at least temporarily) uninstalled Decentraleyes and installed LocalCDN.

 

Also @cruelsister done a short spin around the video block with a recent AppCheck test. Which sorta kinda inspired me to give them a whirl. A couple of years ago and as recent as last year I really didn't bother with that Anti Ransomware Program BUT it appears that it's quite capable and the development continues.

 

Back to Decentraleyes for me. Old habits and all that.

 

Well @Page42, what works for one often doesn't pan out for us. Know what you mean about old habits. I literally reinstalled old NVT ERP Radar Pro and it's as sharp as a razor. Sure, here comes that time consuming effort again to set user configured rules but the app is a dragnet and like you, I just won't let it go.

 

Someone who understands. Security is often described as peace of mind.

 

I don't know if this proverb also exists in your countries:

"He who leaves the old road for the new knows what he leaves but does not know what he finds."

It is human nature,in my opinion,to experiment and to travel new paths.

 

But "don't go mistaking Paradise for that home across the road."

 

Absolutely and affirmative @Sampei Nihira - Thank You for the reply and sharing your own experience.

 

@Page42
@EASTER

 

I took Decentraleyes off (again) and put LocalCDN back on. Also contemplating installing OSArmor, to run with ESET NOD32. Always appreciate the input.

 

OK cool, and how did AppCheck perform in Cruelsister's test?

 

W.10 Home x64 21H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Quad9 DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --time-zone-for-testing --enable-features="GpuAppContainer,IsolateSandboxedIframes,EnableCsrssLockdown"

• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Always HTTPS
• Quad9 DOH
• Share browsing data with other Windows features - disabled
• 4 Insecure Cipher Suites - 0x002f,0x0035,0xc013,0x009c - disabled
• TLS_RSA_WITH_AES_256_GCM_SHA384 - enabled
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - enabled
• IL AppContainer - enabled
• Audio Service -sandboxed
• Network Service - sandboxed

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Enables the BrowsingDataLifetimeManager service to run
• Experimental QUIC protocol
• Enable Back/Forward Cache
• Project Robin experiment
• Automatic HTTPS
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Block insecure private network requests
• Enable Digital Signature for PDF
• Partitioned cookies

Disabled:

• Show feature and workflow recommendations
• Allow tab-to-search using Microsoft Search with Bing
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Consider SameParty cookies to be first-party

Extensions:

• LocalCDN
• UBO - Hard Mode
• Don't add custom search engines
• JShelter

 

OSArmor now installed on two 7x64 machines. Still rocking LocalCDN and liking it. Malwarebytes went bye-bye.

 

Code:

https://www.youtube.com/watch?v=hDDjY94fdg8

 

OS: Windows 11 21H2
Backup: Macrium Reflect
Updates: SUMo
Anti-Malware: Eset Internet Security
Content blocker: uBlock Origin

 

Thanks, will check it out!

 

Hi @Rasheed187- You should or could take it for a spin yourself if you have a separate box or VM where you can throw some samples at it and watch the reaction 'time' and/or speed that AppCheck goes into motion against baddies. I'll be perfectly honest. A couple years ago when Ransomoff was really a rave in this forum it didnt cross my mind to bother with AppCheck. Plus it was green yet so not very user adaptable in spite of their making hay about it's ability.

But they were definitely on the right course and as you see today, ransomoff is faded out of existence while AppCheck by CheckMal is not only vastly improved but is still actively developed and produces positive results. Now with that being said, any Anti Ransomware program it seems relies on initial backups or duplicates in a secured area where they can simply overwrite encrypted files since most times ransomeware is a one and done type baddie. Except those that hollow out a process etc for persistence to re-encrypt again or some other novel method.

The actual and ONLY real prevention so far that i seen that stops ransomware doesn't actually stop the problems they use to file infect/rename but confine them in Sandbox Containment like Comodo uses and perhaps Shadow Defender. That said initial prevention is basically the key as in monitoring then suspending the offensive infector's loaders while at the same time default/deny like OSA and others, Voodoo Shield/H-C etc implements that hardens areas of the O/S against bullying new code on LoLBins etc.

As is 'recognition' like AV's and Antimalware Programs use to ward off a suspicious file trying to make it's way in your system, will have to be sufficient against those as well as a Backup Image should all else prove futile.

But AppCheck and even WiseVector StopX in their respective raw forms do seem incredibly advanced to belly up against the worse of them at a very high percentage success rate.

 

GlassWire Elite, AppGuard Solo, Spyshelter Premium, 1Password, Malwarebytes Premium, Macrium Reflect Home Edition, Heimdal Free, Shadow Defender, AdBlocker Ultimate for Windows, O&O ShutUp10++

 

I looked at the programs they update in the free version and found I have hardly any of them installed. The programs I do have installed are more thoroughly covered by PatchMyPC.

https://patchmypc.com/home-updater

 

Thanks for the feedback, I have checked out Cruelsister's video, and from what I understood it did quite well, however I didn't understand the part about AppCheck's backup function. Was she talking about Auto Backup or the RansomShelter feature? I mean what did save the system? And perhaps she can also checkout NeuShield. And I also saw that AppCheck has its own YouTube channel where it has posted quite a lot video of AC successfully blocking many ransomware sample, pretty cool.

 

You'll get a better handle on it by asking @cruelsister herself. She chimes in when tagged now and then and always can much better explain her test results findings and the position she takes on how well programs like this appeal or not.