WinPatrol WAR (formerly WinAntiRansom)

Discussion in 'other anti-malware software' started by haakon, Dec 17, 2015.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    victek

    the old set it and forget it. if am I remember right the Diskeeper people coined that one.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,156
    Location:
    The Netherlands
    Yes, WAR seems to be quite effective, I would be really surprised if didn't even monitor the file system, similar to HMPA and MBARW.

    Which video? I never saw a video of WAR generating any false positives. But I did see a screenshot in this thread, and apparently WAR has a huge white-list, in order to avoid false positives.
     
  3. guest

    guest Guest

    I was referring to cruelsister's video, and when I speak about the FP's and popups is due to my experience when I used the app.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,156
    Location:
    The Netherlands
    OK I see. The thing is, the fact that it generates a lot of false positives, still doesn't tell what type of behavioral techniques it's using. But can you tell a bit more, what type of apps did it falsely flag as possible ransomware?
     
  5. haakon

    haakon Guest

    WinAntiRansom pre-release 2016.8.532

    https:----removed - see post #412------

    • Added over 30 new behaviors to AI Engine, including improved detection of Trojans and Rats.
    • Improved program discovery. (Will run post-update.)
    • Yellow tray icon denotes program discovery in progress.
    • Fixed bug where program discovery dialog would not always open.
    • Improved service start-up on Windows XP.
    • “Daily” files no longer necessary.
    • Fixed bug that could result in false positives that refuse to be “allowed.”


    The reference to "Daily" files refers to the abandonment of the downloads of certHashDaily and programDaily xml files for known good look-ups. This process in now handled in the cloud. I base this on the discussions I've had with Bret regarding my TCP/IP logs and that the xml files haven't quite been daily lately.

    As usual, the final release might have a different version number.
     
    Last edited by a moderator: Aug 16, 2016
  6. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    831
    Running smooth so far windows 7, 64 bit .
     
  7. haakon

    haakon Guest

    New setting:

    WARautoDisc.jpg

    Jury is still out over here as to keep this enabled or not. :doubt: I'm leaning toward the former...
     
  8. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    831
    With that turned on will it allow nasties to down load ? I think it should not be there.
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    you guys always get the update notification first. I click on check for update and still shows old version :(
     
  10. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    831
    link is 5 posts up, go download it there.
     
  11. haakon

    haakon Guest

    WinAntiRansom pre-release 2016.8.533

    https://data.winpatrol.com/downloads/winantiransom-setup-2016.8.533.exe

    Fixes a nasty bug in pre-release .532 that beaks WARSvc when tray item Stop WinAntiRansom Protection is selected on some systems. Like mine. Which I reported less than an hour ago.
     
    Last edited by a moderator: Aug 17, 2016
  12. haakon

    haakon Guest

    That's not an old version. It would be if WAR redirected your browser to the Web site download page for a new one.

    Some developers allow their users to enable pre-release/beta updates by way of an advanced setting buried in the config GUI, most universally with a warning as to the risks, serious risks, and an OK to click.

    WAR does not have that option. It checks for the current stable release. Just like MBAE.

    That you would expect a check for update to pull down a pre-release would suggest you should stick to the stable ones.

    Bret generously permits me to post them up here with the understanding the members should have an understanding of pre-release as I refer to them.

    True, noobs might get zapped. But how else will they learn? :D
     
  13. james246

    james246 Registered Member

    Joined:
    Nov 5, 2005
    Posts:
    120
    Any thoughts on how this pre release is working, any idea when full release is likely to become available
     
  14. Jerry666

    Jerry666 Registered Member

    Joined:
    May 28, 2002
    Posts:
    167
    Thanks , so far have not had any problems with the latest Pre releases . Of course I'm well aware of the possible risks involved .
     
  15. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
  16. james246

    james246 Registered Member

    Joined:
    Nov 5, 2005
    Posts:
    120
    Version 2016.8.533 now formally released

     
  17. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    "Have War monitor your system for newly added programs and attempt to whitelist them upon discover" is what the option says it does.How it attempts to whitelist (whether behaviour or cloud/offline whitelist) im not exactly sure
     
  18. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
  19. haakon

    haakon Guest

    https://www.winpatrol.com/mydownloads/

    What’s new in 2016.8.533

    • Added over 30 new behaviors to AI Engine, including improved detection of Trojans and Rats.
    • Improved program discovery. (Will run post-update)
    • Yellow tray icon denotes program discovery in progress.
    • Fixed bug where program discovery dialog would not always open.
    • Improved service start-up on Windows XP
    • “Daily” files no longer necessary
    • Fixed bug that could result in false positives that refuse to be “allowed”
    • Enhance Program Discovery to find additional programs.
    • Reduced CPU usage when updates are being applied.
    • Enhanced engine to detect/block additional attack vectors.
     
  20. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    776
    Location:
    Melbourne, Australia
    I'm confused with WAR. If I uninstall something I get pop-ups; if I install something I get pop-ups. At the end of the day I'm taking the decision to ignore the prompt to block. What's the difference between WAR and an anti-exe? With both the user has the final say. And, I believe, both would stop a sneaky download.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,156
    Location:
    The Netherlands
    Good question, normally WAR should only alert when it detects suspicious behavior. So can you perhaps tell what type of alerts you get to see and also name the apps that triggered them?
     
  22. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    163
    HitmanPro.ALERT will not let me run ESET Banking & Payment protection (browser). Where can you allow this? All programs of ESET Smart Security is whitelist. And it do not run. I do not see the history.
     
  23. haakon

    haakon Guest

    Uninstall HitmaPro.ALERT and install WinAntiRansom.
     
  24. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,942
    Location:
    USA
    You posted this question in the wrong product thread...
     
  25. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    163
    Sorry, I wrote wrong! I've tried both (HitmanPro.ALERTand WinAntiRansom) neither run ESET Banking & Payment protection (browser)....

    WinAntiRansom will not let me run ESET Banking & Payment protection (browser). Where can you allow this? All programs of ESET Smart Security is whitelist. And it do not run. I do not see the history.
     
    Last edited: Sep 2, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.