WinPatrol WAR (formerly WinAntiRansom)

No answer? Please! All programs of ESET Smart Security is Allowed By Sugnature, but it do not run...

 

Is there a way to remove the "red persistent" notification on the lower right hand side of the screen when temporarity turning off the WAR protection?

 

No. I'm just thankful it can be moved.

 

You mean can or can't?

 

I've been informed there is a major release for WAR on the way bringing about changes in the user experience and function.

The core mission of the WAR AI Engine has been redefined and I was surprised to learn that in the current release (2106.8.533) it is right now "about 98% there."

Protection will continue to be network independent. No cloud. No definitions. No signatures.

This is exciting news IMHO and and reflects the developer's ongoing commitment to fortify efficacy and improve usefulness in what is already demonstrably a best-in-class target specific low impact companion solution when others are marginal or continue to flounder in near perpetual beta.

I've been slated to get a sharable pre-release which I'll post up here.

 

I have a lifetime license, which I was lucky to get before the change in subscription model, going forward for this product. Just can't understand why I get these file "does not exist" for c:\windows\softwaredistribution\download\....

I keep removing them, then I get more.

 

You'll see this after each "patch-day".
MS is downloading/extracting updates to this directory and is deleting them after the update is installed. This leads to: "...Does not exist"

 

Shouldn't those entries be auto-purged?

 

"Shouldn't those entries be auto-purged?"

yes that was an issue before. I have not seen those in a long time.

 

That's just another way of saying files got deleted or moved or renamed or subjected to some other fate. But it's not the purpose of WAR to indicate why.

In this case, Mood's #443 reply makes total sense.

In the Settings page there is an on-off for "Automatically remove entries for programs that no longer exist." Set that to On (green) and you'll never see that again in the Programs page.

The feature does have reassuring logistic and forensic value, tho.

Like with KB3184143 I ran today for GWX (which I had blocked and blacklisted) removal:

 

"I've been informed there is a major release for WAR on the way bringing about changes in the user experience and function."

can't wait

 

@mood Thanks! Duly noted.

 

@haakon Thank you for your advice...I will do as you advise.

 

Can someone please confirm what's probably an easy question?
Can some of current types of ransomware encrypt networked drives in addition to the host PC drives? (eg a NAS drive)
If it can is there any way to avoid that from ever happening, apart from not having those network connections in the first place?

thanks

 

Beast- the easiest way that ransomware encrypt other drives is having encoded within the ability to open the MountPointManager which will detect additional locations (other than the C drive) and is the first step to messing with other drives. The only way to prevent this is by stopping the entire malware process in its entirety.

 

thanks, I will take that as yes! and then a no to a 2nd question.
~ Removed Off Topic Remarks ~

 

On a LAN, an FTP server with an FTP enabled backup client(s) can be a solution for a NAS backup-only solution. (FileZilla and Cobian are good.)

Tasks are set to open and close the server and client(s) in a precisely synced plan.

All with the most restrictive and focused network rules for the FTP apps, FTP client/sever authentication and permissions, and NAS folder security permissions, of course. The server blocked from teh webbuhnetz at the router.

Ransomware on a client PC won't know that store point on the server PC even exists. No?

A risk would be a backup running from a newly infected client PC though the ransomware might likely cripple that process. Or not overcome the restrictions described above. Then again, paying attention to your stuff reduces the risk. As in yanking an infected PC from the LAN.

I've actually had such a backup strategy in place for almost two years. With the server waking from hiberbation and hibernating in sync as well (in the system setup, no WOL).

And I run WAR.

I was wanting to check with Mr. Robot on this, but he's in a drug induced stupor at the moment. The moment being... all the time.

 

The pre-release is not yet public but Bret has allowed for me to post up a teaser (emphasis mine). I will also re-iterate - as always, protection has no network dependency and no sigs/defs.

Release Notes:
• WinAntiRansom is now a full-fledged AntiMalware product that specializes in AntiRansomware and Zero-Day threats.
• 100% compatible with all other security solutions.
• Removed the need to whitelist programs. (Remains as a legacy setting for those who really want it.)
• Added program Quarantine, release from quarantine by highlighting and selecting Unquarantine.
• Updated prompt buttons to state, “Allow Next Time” and “Quarantine” to make their functionality more easily understandable.

 

I think that's a good move for WAR sales. When it comes out I hope somebody with the requisite skills shows its worth against a variety of malware, not just ransomware for which WAR is famed.

 

Looking forward to seeing difference tests when it release,

Especially,on the topics of

"• WinAntiRansom is now a full-fledged AntiMalware product that specializes in AntiRansomware and Zero-Day threats.
• 100% compatible with all other security solutions."

https://malwaretips.com/threads/using-dedicated-anti-ransomware-software.63059/page-2#post-546610
Do you agree with Post # 32? Thoughts, and comments! Agree and/or disagree?

 

I don't see what that post #32 has to do with anything here. There's some whimpering and a link to an obsolete thread in WAR's LandzDown forum. He or she uses Secure Folders. So what?

 

Absolutely a good move.

Ransomware is a subset of malware. That the WAR AI Engine snags the broadest spectrum of the nastiest stuff was an inevitable result of its continued development. That it detected other threats was observed some time ago.

As I mentioned in my post #431, the engine's core mission has been redefined. As ~98% of that mission has already been met in the current version 2016.8.533, it has already shown worth, same as the famed one. Only now more famous.

You are running 2016.8.533, aren't you?

 

Not running it at the moment, running VS. Waiting for the latest release of WAR and will then choose between WAR or VS as a complement to WD.

 

can winantiransom work as an anti exe as well?

 

Thanks for that. I have my laptop covered fine with WAR but perhaps if I connect other non WAR PC's to my network, to my very basic level of understanding, that a well locked down ftp server backup via a NAS the best way forward for backup in the worst case scenario with my limited kit at home. Would anyone disagree with this? One thing I didn't get, if you could possibly clarify is this bit "The server blocked from teh webbuhnetz at the router"

thanks