WinPatrol WAR (formerly WinAntiRansom)

Discussion in 'other anti-malware software' started by haakon, Dec 17, 2015.

  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    Id also like to know a little more.I installed latest version ,downloaded some .exe,s from malcode (through internet download manager) and not a peep out of WAR.The files don't even show on the program list??In fact loads of stuff on my disk downloaded through internet download manager are not shown at all in WARs program list.
     
    Last edited: Oct 3, 2016
  2. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    You also ran the .exe files besides downloading them? If so then I'm also curious why WAR didn't stop it.
     
  3. haakon

    haakon Guest

    Firewall will alert if something tries to setup an outbound that acts as a server. Otherwise, outbounds are, for the sake of simplified discussion, pretty much unrestricted.

    One has to consider there is far more going on under the hood than Defender's anti-virus and Windows' "traditional" Firewall when considering the effectiveness of overall system protection in the default setup of Windows 10 . All those are beyond the scope of this thread as well as having been well discussed all over the place for quite some time. But one for example: Defender's Network Inspection System Engine.

    The only downside IMHO of Defender's threat scanning is its dependence on Windows Update to maintain the definitions on which it primarily depends. With MS releasing five to ten sets a day, Windows Update is adequate, barely. A popular process is setting up a scheduled task to run a command line update every hour (MpCmdRun.exe -SignatureUpdate -MMPC). I don't use Defender without it - how-to's are posted up elsewhere. There's the Update button in Defender's GUI too.

    One can observe the definition releases via the RSS feed:
    https://www.microsoft.com/security/portal/rss/updatesrss.aspx

    The default Windows 10 setup and WAR will provide superb protection which holds true for your "half decent AV program & firewall" as well.

    Personally, I would add the free version of Malwarebytes Anti-Exploit as it adds front-line layers of protection to supported browsers (and other stuff). Any browser needs all the protection it can get.
     
    Last edited by a moderator: Oct 3, 2016
  4. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    The files
    I just remembered i posted about IDM and WAR back in February (POST 136).Basically IDM (internet download manager is rightly whitelisted.Problem is if i then open any files through IDM war does nothing.Also WAR program listing doesn't sshot-1.jpg seem to be able to find files downloaded through IDM?
     
  5. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    @ellison64
    Hmm, did you report it to the developer as a security issue?
     
  6. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    I think Bret was aware of the issue in post 163,although that was regarding the war test file.That was fixed for that file ,but I guess the root problem is still there.

    EDIT..Actually i can launch the war test file successfully through IDM again without a war pop up.Im sure that was fixed in a previous build
     
    Last edited: Oct 3, 2016
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Ellison

    upload_2016-10-4_8-44-42.png

    yes I remember that bug. I just tried the test file with the latest version and it catches it. I have not tried any other malware though.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,956
    Location:
    Under a bushel ...
  9. chabbo

    chabbo Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    366

    done clean install still same problem!
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,688
    Location:
    The Netherlands
    Can you explain what you mean exactly? Because there is a big difference between anti-executable tools and a behavior blocker. I still wonder how all of a sudden it can spot all kinds of malware without using any signatures, and I assume without generating a lot of false positives. I mean, isn't this the holy grail of the computer security industry? Does it has got some kind of edge over big AV companies?

    So you're saying that if malware is launched as a child process from IDM, WAR doesn't alert about it? Sounds like a major bug to me, because it should look at process behavior, it shouldn't care about the parent process being trusted, I mean that's what AI is all about?
     
  11. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    -snip-
    [/QUOTE]So you're saying that if malware is launched as a child process from IDM, WAR doesn't alert about it? Sounds like a major bug to me, because it should look at process behavior, it shouldn't care about the parent process being trusted, I mean that's what AI is all about?[/QUOTE]

    That seems to be the case.Not only that but programs downloaded with IDM don't even show under WAR >programs.I remember that I also could launch stuff from my mail client (becky) without any WAR intervention.This was fixed by WAR developer,but Ive always had the nagging feeling that these "proxy/parent programs" have to be added to some sort of exception list rather than a process behavior detection in this case.IDM has 30 day trial so anyone feel free to experiment.
     
  12. Terabytes

    Terabytes Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    17
    Location:
    United Kingdom
    I don't want to upset anyone at all but I bought a 5 PC licence WAR a few days ago after some lurking on here & elsewhere & I'm most impressed. Recently I've changed my security on all 4 PC's from ESET (still good) but up for renewal & Mbam (falling behind the times IMO) etc.to something more consistent with the latest threats such as ransomware which is pretty abhorrent with bells on. Anyway, I had a discussion yesterday with my eldest son (whose company got hit a few weeks ago with ransomware) & a friend who was deeply into IT (as his job) before he had an accident & is now somewhat disabled & both were pretty impressed with my latest security setup which also includes Zemana & Panda cloud AV.

    However both remarked a dog as an icon looks somewhat amateur. I'm not against dogs in anyway though I at this time have a very grumpy cat, & as a long term Winpatrol user have Scotty bark from time to time but I can hide him (sorry). But I do agree with them that the dog does make the whole program look none mainstream & a somewhat a homemade type look that's like some shareware 20 odd years ago, the rest of the interface IMO is great. Anyone else feel a more modern tray icon would give the program a more professional air? Or do these things not matter? I really like the program & understand that this minor gripe is very, very minor & sorry if I've offended the dog in any way at all ! .. Paul :shifty:
     
  13. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    it is a guard dog, not scotty. bullguard has a dog also. and to answer your question, no it does not bother me at all.
     
  14. Terabytes

    Terabytes Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    17
    Location:
    United Kingdom
    I see it's a different dog to Scotty, it was just a comment that's all boredog :) It does look a bit underfed as opposed to the bulldog Bullguard use?
     
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    congratulations on your choice to buy WAR. Voodoshield and it play well together. I am not sure if this dog has a name. I have never seen it. It does wear a military outfit along with a helmet.
    it has been said if he thinks you do not like him, he will jump out of the screen and bite you in the tu tu
     
  16. Terabytes

    Terabytes Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    17
    Location:
    United Kingdom
    Actually I hadn't noticed the dogs outfit/helmet on the splash screen which is worrying now I've said what I have. (does it really need a splash screen?) Eset for example give the option to disable their splash - But seriously I do think to some people the interface does make a difference. The gear we sell ends up in a comms room totally alone 99% of the time but it's looks does make quite a difference to some customers regardless of that, as do our premises & literature etc. The icons on the program IMO could do with a makeover, the preemptive icon is low quality & looks like a 1940's Lancaster? & the tree isn't wonderful either. I've been a fan of DB Power Amp suite for some time & until recently had Windows 3 or earlier icons on the program which recently been improved & it looks better for it & the developer acknowledged this - I'm not being critical just an observation that 'may' make a difference to 'some' people perhaps? Paul
     
  17. LittleDude

    LittleDude Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    72
    Terabytes you are not alone...I think the icons look amateurish. Just like people, we shouldn't judge on their appearance...but we do.
    I may be a little OCD because ugly icons sitting on my taskbar bug me :)
     
  18. The whole point of machine learning is that it looks at static PE characteristics. 99,99% of the malware does not have a valid signature, 40% of the malware is packed or obfuscated, 30% use product descriptions which look like reputable brands, et cetera. There are over 100 aspects to look at.

    Determine a good blend of ML/AI pre-execution characteristics is as difficult as designing a complelling perfume: it is part science and part art with the current state of AI knowledge. Remove one element which causes noise and add one element with high prediction relevance and your ML/AI could propel itself from mediocre to leader of the pack.
     
    Last edited by a moderator: Oct 8, 2016
  19. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    801
    Location:
    Melbourne, Australia
    .582 is working fine. Have tested it with WD, TSE, Avast and Tencent, and no excessive CPU. Obviously, .580 didn't like me.:( But now we're friends.:)
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,688
    Location:
    The Netherlands
    Thanks for the feedback. It's clear to me that WAR is quite effective, it's just hard to believe that it will perform even better than top quality AV's, who use various advanced methods trying to identify malware. But can you perhaps name a few more aspects that WAR probably looks at?
     
  21. haakon

    haakon Guest

    Limited time offer... 35% Off WinPatrol Products:

    WAR: $9.72, $12.97 and $16.22 USD for 1, 3 and 5 user 1 year.

    https://www.winpatrol.com/products35/
     
  22. guest

    guest Guest

    Does the new version gives many pop-ups?
     
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    this might have been mentioned in this thread but off all the security programs I have only two stay connect to the internet full time, WAR and Cylance.
    This seems odd since I know voodoshield uses the cloud too but don't ever see connected to the internet. unless voodoshield only connect when it is inspecting a file?

    and those sent and received numbers remain pretty much the same all the time.
     

    Attached Files:

  24. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    SHvFI

    I have been watching my resource monitor now for over two hours still shows the same as my screen shot above. unless I open another web app like IE, Edge , Outlook ect. still see Cylance and WAR. although adguard showed up for a short while along with a warning when clicking on either of the links stapp posted in this thread.

    https://www.wilderssecurity.com/threads/geswall-for-windows-10-fake.389280/
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    SHvFI
    not to go off topic to far but were you using adguard and did the popup say it was blocked and still went to the site like me?
    VS does only when it scans a file with AI but WAR stays connected full time.
    I guess we will have to wait to see if anyone else is using WAR and monitoring there internet connections.

    are you using WAR at present?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.