Discussion in 'other anti-malware software' started by haakon, Dec 17, 2015.
the old set it and forget it. if am I remember right the Diskeeper people coined that one.
Yes, WAR seems to be quite effective, I would be really surprised if didn't even monitor the file system, similar to HMPA and MBARW.
Which video? I never saw a video of WAR generating any false positives. But I did see a screenshot in this thread, and apparently WAR has a huge white-list, in order to avoid false positives.
I was referring to cruelsister's video, and when I speak about the FP's and popups is due to my experience when I used the app.
OK I see. The thing is, the fact that it generates a lot of false positives, still doesn't tell what type of behavioral techniques it's using. But can you tell a bit more, what type of apps did it falsely flag as possible ransomware?
WinAntiRansom pre-release 2016.8.532
https:----removed - see post #412------
• Added over 30 new behaviors to AI Engine, including improved detection of Trojans and Rats.
• Improved program discovery. (Will run post-update.)
• Yellow tray icon denotes program discovery in progress.
• Fixed bug where program discovery dialog would not always open.
• Improved service start-up on Windows XP.
• “Daily” files no longer necessary.
• Fixed bug that could result in false positives that refuse to be “allowed.”
The reference to "Daily" files refers to the abandonment of the downloads of certHashDaily and programDaily xml files for known good look-ups. This process in now handled in the cloud. I base this on the discussions I've had with Bret regarding my TCP/IP logs and that the xml files haven't quite been daily lately.
As usual, the final release might have a different version number.
Running smooth so far windows 7, 64 bit .
Jury is still out over here as to keep this enabled or not. I'm leaning toward the former...
With that turned on will it allow nasties to down load ? I think it should not be there.
you guys always get the update notification first. I click on check for update and still shows old version
link is 5 posts up, go download it there.
WinAntiRansom pre-release 2016.8.533
Fixes a nasty bug in pre-release .532 that beaks WARSvc when tray item Stop WinAntiRansom Protection is selected on some systems. Like mine. Which I reported less than an hour ago.
That's not an old version. It would be if WAR redirected your browser to the Web site download page for a new one.
Some developers allow their users to enable pre-release/beta updates by way of an advanced setting buried in the config GUI, most universally with a warning as to the risks, serious risks, and an OK to click.
WAR does not have that option. It checks for the current stable release. Just like MBAE.
That you would expect a check for update to pull down a pre-release would suggest you should stick to the stable ones.
Bret generously permits me to post them up here with the understanding the members should have an understanding of pre-release as I refer to them.
True, noobs might get zapped. But how else will they learn?
Any thoughts on how this pre release is working, any idea when full release is likely to become available
Thanks , so far have not had any problems with the latest Pre releases . Of course I'm well aware of the possible risks involved .
No issues here either with pre-releases YMMV.
Version 2016.8.533 now formally released
"Have War monitor your system for newly added programs and attempt to whitelist them upon discover" is what the option says it does.How it attempts to whitelist (whether behaviour or cloud/offline whitelist) im not exactly sure
50% off annual license at BitsDuJour; http://www.bitsdujour.com/software/winantiransom/in=todays-deals-home
What’s new in 2016.8.533
Added over 30 new behaviors to AI Engine, including improved detection of Trojans and Rats.
Improved program discovery. (Will run post-update)
Yellow tray icon denotes program discovery in progress.
Fixed bug where program discovery dialog would not always open.
Improved service start-up on Windows XP
“Daily” files no longer necessary
Fixed bug that could result in false positives that refuse to be “allowed”
Enhance Program Discovery to find additional programs.
Reduced CPU usage when updates are being applied.
Enhanced engine to detect/block additional attack vectors.
I'm confused with WAR. If I uninstall something I get pop-ups; if I install something I get pop-ups. At the end of the day I'm taking the decision to ignore the prompt to block. What's the difference between WAR and an anti-exe? With both the user has the final say. And, I believe, both would stop a sneaky download.
Good question, normally WAR should only alert when it detects suspicious behavior. So can you perhaps tell what type of alerts you get to see and also name the apps that triggered them?
HitmanPro.ALERT will not let me run ESET Banking & Payment protection (browser). Where can you allow this? All programs of ESET Smart Security is whitelist. And it do not run. I do not see the history.
Uninstall HitmaPro.ALERT and install WinAntiRansom.
You posted this question in the wrong product thread...
Sorry, I wrote wrong! I've tried both (HitmanPro.ALERTand WinAntiRansom) neither run ESET Banking & Payment protection (browser)....
WinAntiRansom will not let me run ESET Banking & Payment protection (browser). Where can you allow this? All programs of ESET Smart Security is whitelist. And it do not run. I do not see the history.
Separate names with a comma.