WinPatrol WAR (formerly WinAntiRansom)

Boredog- The base system that I use in my videos is Windows 7 (currently the most widely used Windows version). The Windows XP logo that you noted on the last video was from Hiren's Boot CD XP recovery environment and was not the underlying system OS.

 

Cruelsister these tests are amazing.

 

Do you think that WinAntiRansom Plus would be able add much additional protection to my current setup? If yes, would it require much 'tweaking' to get along with Sandboxie and AppGuard?

 

I had been a very long time licensed user of WinPatrol and more recently WinPrivacy, neither in use now. I've been keeping any eye on WinAntiRansom and I'm running the trial in Windows 7 x64 in parallel with BDIS 2016, MBAE and ZAL Premiums. (For reasons best off topic, I've abandoned MBAM Premium after almost seven years with little intention of return.)

Given a couple of days of use, I find WAR to be the friendliest whitelisting utility I've ever used. As well, with a powerful and efficient feature set.

The Action Pages logging and tools are excellent. Easy Mode and Smart Recognition are standout components, though once I've squared away all my stuff I'll disable the latter. That shouldn't pose any issues for some one who runs BD in Paranoid-all Aggressive-No Profile/AutoPilot, like me.

Within the context of the Cruelsister YouTube videos, to WAR+ anything not whitelisted/signed will report as "Ransomware/Malware like action." I've had to manually whitelist several pre-ransomware era applications but they represent less than a dozen of the 119 programs Smart Recognition'd and whitelisted to date.

For example and just for grins, I opened mplay32.exe - Ransomware/Malware like action. (For you Millenniums, that's Windows Media Player 5.1.)

• That is not to be misconstrued as a criticism, but rather a testament to WAR+ effectiveness and thus its superior potential in protection against ransomware and malware. 3/30 Edit: Nor am I dismissing WAR's AI engine which extends protection above and beyond whitelisting/signing/etc.

Cruelsister's commentary that developers "have forgotten that not all ransomware are encryptors" is spot-on. The failures of Malwarebytes (yes, still in beta) and SurfRight is disappointing.

As of this point in time, I can't find any reason as to why I won't purchase WAR+ at the end of trial.

 

Will WinAntiRansom Plus allow you to automatically block non-whitelisted programs with no pop-ups (silent)? If I install it on my wife's PC, there can be no pop-ups at all.

 

If one would poke around at Malware Tips, a 50% off promo code can be found. Lifetime, 5 PCs.

 

Yes , it is a very good program , it had a few teething problems , but seems they have been fixed and is now working well . At least on my win 7-64 computers . Easy to use , has very good logging of al the actions programs take .
Only thing I would like added is to password protect the prog .

 

Set as 0 minutes for Prompt Duration to prevent any prompts from being raised.
Disable "Show taskbar icons for WinAntiRansom program prompts."
Obviously, don't disable "Smart Recognition" or "Easy Mode."
https://www.winpatrol.com/winantiransom-settings/

 

Salutations/Greetings!

https://www.youtube.com/watch?v=sxz0i7RfMpY
https://www.youtube.com/channel/UC7czj0EMrBm51e2x6OoDxOA

Check out!

 

judging from the icon in system tray, that machine was offline...

 

He is testing it with no internet connection.. quite ridiculous....

 

Noob question for those using WAR : Is it feasible to set C:\Users\username as the SafeZone folder?

 

To be honest, I still don't understand why WAR seems to be better in stopping certain ransomware variants compared to HMPA and MBARW. According to Cruelsister "anti-encryption is not the same thing as Anti-ransomware", I wonder what she means with this. And if I'm correct, WAR also uses signatures to spot ransomware, so it's not only behavior based monitoring. But in all of the tests, WAR is using behavior blocking to stop the ransomware, if I'm correct.

 

oh no! it no use teh webbuhnetz must. have. webbuhnetz.

 

Whitelisting or its AI engine. What's to understand?

In that vid, the petya PreEmptive Strike Block! alerts to "action (71)."

In WAR's Strike Action pane, I've logged that and actions (5) and (19) in my use so far.

I can't find where one might lookup those, nor would I expect Bret to present such information. Maybe he will some day, but in the meantime I would want him to devote his time and effort to further develop his technology. Your understand gets low low priority in the meantime.

Who cares what snags the bad stuff but that it gets snagged?

And for snagging the bad stuff, WinAntiRansom rocks the superb.

 

And what are actions 5 and 19? And of course the end result is the most important thing, but I always like to know the tech behind it. Also, if it's using signatures then it's not completely fair to compare it with HMPA and MBARW who are both purely "behavior blocking" based.

 

Scroll down to SafeZone Folder:
https://www.winpatrol.com/winantiransom-settings/

As a noob, this is known as "online documentation."

There's more...
https://www.winpatrol.com/winantiransom-documentation/
These pages will open to the context sensitive Help button in WAR's UI.

Enjoy.

 

We'll never know.

 

I had read that doc, which states that MyDocuments and MyPictures can't be used as they are deemed 'special' folders by MS.
Was wondering if a containing folder C:\Users\username would therefore also be rejected. All the data I'd want to protect would be in that folder.
Will just have to try it I guess.
Btw I have tried WAR (paid) before with default SafeZone, but abandoned it because it gave me problems.

 

OK, so I guess no info is displayed.

 

I have just bought and installed WAR but I cannot get it to run (v 2016.3.368.0). I've raised this query with Ruiware - but no response from them at all.

It seems to install OK, the services run and the tray icon appears but if I right click any of the options all that happens is that a white splash screen pops up with the words "loading configuration". This is followed by a popup box saying "error starting service WinAntiRansom Service, terminating. Please try later" (see attached screenshot).

I have completely uninstalled WAR twice with Revo Uninstaller, rebooted after every re-installation but no luck.

I'm running win7 64 and the only other security progs I'm running are Emsisoft Anti Malware and HitmanPro Alert - both of which I've disabled before installation.

P.S. Sorry about the three files. I didn't think the original had attached itself!

 

Just my 2 cents....you don't really need WAR if you already have EAM+HPA combo.

 

You're right but I got WAR for a good price for and it's always useful and interesting to have a fallback or an alternative configuration on one of my other PCs.
However, unless Ruiware respond to my emails I'll be lodging a complaint to PayPal. Ho hum.

 

Probably not. But to be fair, WAR performed better than HMPA in the latest tests against ransomware. But EAM is probably also quite effective.

 

not sure if this has been posted yet but their preemptive strike test file is here.

https://www.winpatrol.com/downloads/textpad.pdf.exe

When I clicked on it to run, where it asks to save, run or cancel from bottom browser it just t opened text pad but said can not open the file. when I went to where it was downloaded in my downloads folder and tried to run , I did get a warning from WARW.

IE and Win 10 64bit

Could someone else verify this please?