- Apr 13, 2013
- 3,224
An Interlude with WinAntiRansom
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
WinAntiRansom continuing to solidify itself as a real threat to ransomware devs. Good for them!
- Sep 22, 2014
- 1,767
His test is finished very bad for WinAntiRansom.
Did Britec use some bad settings or something wrong in his video?
Did Britec use some bad settings or something wrong in his video?
I'm wondering that myself. I've yet to see any testing of samples that WinAntiRansom hasn't blocked.
- May 7, 2016
- 1,307
Very good demonstration.What is the good setting for WinAntiRansom?@cruelsister
- Apr 13, 2013
- 3,224
The curious thing is that to stop ransomware there really isn't any setting other than default. Install WAR, plop in the reg code and it will work with or without a reboot. As I'm very, very familiar with Tesla and have a fairly good idea of WAR's mechanism of action I engaged in a bit more research. Try as I might I couldn't reproduce what B found in his video without initially manipulating C++ runtime (things only seem to be running).
- Jun 21, 2013
- 1,492
@cruelsister Do you think an Anti-Ransomware is necessary if you already have a good Anti-Executable (e.g. Blue Ridge AppGuard, NVT EXE Radar Pro, VoodooShield)?
- Apr 13, 2013
- 3,224
No- if you already have an adequate defense nothing more should be needed. The issue is that most people don't have an adequate defense.
- Mar 17, 2016
- 464
After watching britec's video twice
...
But I do agree with his comment don't rely on any one piece of software to protect your system against ransomware(malware).
...But I do agree with his comment don't rely on any one piece of software to protect your system against ransomware(malware).
What does the number in the parenthesis next to the detection means? I mean it says: "Ransom like activity/blalahalaj (71)" What does the 71 signify? Probability of True Positive?
- Apr 17, 2016
- 36
Anyone have any insights on WAR protection ? Is this another HIPS ? I purchase WAR but i am not sure if it will work with Comodo FW, since i dont know how WAR is supposed to work.
Well it's not as chatty as HIPS, but it is a tad chatty in my opinion. I was hoping (when I bought it) that it would be a clear cut YES or NO for ransmware...basically if it goes off I was hoping it was because it honesty thinks it's ransomware. But I found it going off for many other reasons that were nowhere near ransomware.
Hence my original question above regarding the number in the parenthesis. Since so far I might as well just run HIPS or MAMUTU.
-----------------------------------------------------
Reason for saying HIPS or MAMUTU is because if WAR is going to be as chatty as those two then there is no point in actual protection value. Eventually I will slip up and allow ransomware.
Last edited by a moderator:
- Mar 15, 2011
- 13,070
@1qay1qay: Its more as Behavior based where it will determine immediately the possible malicious/ransomware attacks.
-----------------
Seems weird and mysterious about Britec's video unless possible misaligned on the configuration? We don't know.
-----------------
Seems weird and mysterious about Britec's video unless possible misaligned on the configuration? We don't know.
Britec09's test of the Bitdefender product showed it failed miserably also. The results of that and the WAR testing should be disqualified.
WinAntiRansom
Note: VirusTotal's policy has changed so the feature is no longer available as of the next release scheduled for Monday, June 13. See the latest postings in the WAR thread at Wilders Security for more detail.
Cheers.
AI engine. WinPatrol recently adopted the oh-so-pretty-pretty page design so popular these days. Here's a better one...
WinAntiRansom
Note: VirusTotal's policy has changed so the feature is no longer available as of the next release scheduled for Monday, June 13. See the latest postings in the WAR thread at Wilders Security for more detail.
Cheers.
Last edited by a moderator:
Release candidate 2016.6.473
"Engine support for detection of suspicious scripts (to help fight RAA Ransomware)."
Details and download link for testing:
WAR: Release candidate 2016.6.473
"Engine support for detection of suspicious scripts (to help fight RAA Ransomware)."
Details and download link for testing:
WAR: Release candidate 2016.6.473
WinAntiRansom 2016.8.533 August 19th, 2016 - Stable Release
downloads
Added over 30 new behaviors to AI Engine, including improved detection of Trojans and Rats.
Improved program discovery. (Will run post-update)
Yellow tray icon denotes program discovery in progress.
Fixed bug where program discovery dialog would not always open.
Improved service start-up on Windows XP
“Daily” files no longer necessary
Fixed bug that could result in false positives that refuse to be “allowed”
Enhance Program Discovery to find additional programs.
Reduced CPU usage when updates are being applied.
Enhanced engine to detect/block additional attack vectors.
downloads
Added over 30 new behaviors to AI Engine, including improved detection of Trojans and Rats.
Improved program discovery. (Will run post-update)
Yellow tray icon denotes program discovery in progress.
Fixed bug where program discovery dialog would not always open.
Improved service start-up on Windows XP
“Daily” files no longer necessary
Fixed bug that could result in false positives that refuse to be “allowed”
Enhance Program Discovery to find additional programs.
Reduced CPU usage when updates are being applied.
Enhanced engine to detect/block additional attack vectors.
I am finding that the latest WInAntiRansom is acting way too chatty even in a regular game install, it popped up twice during STEAM Deus EX Humanity Divided install. That is bad since I am beginning to just disregard the warnings and allow them all...and that is not how it should work.
Similar threads
