App Review AppCheck AntiRansomware

[Ikko]

@Ikko
Does CheckMal have a Twitter page ?

Sorry, we only have facebook page currently, and it's written all over in Korean.

Hello, _CyberGhosT_

Thanks for translating our website, but some of them are incorrect, but I understand your curiosity.

The price you've mentioned is for 2 years plan in Korea, with time limited 20% price off.
We are planning for the pricing for international, please be patient.

Heads Up,
Pro is 58, 400 Won, that's roughly 50.00 US dollars, a year ?
Priced like that they will find it very hard to penetrate the US market with the prices W.A.R
& other competitors offer. I am very curious though.
I was going to go ahead and buy it, but I am having a very hard time translating the Site: 체크멀(CheckMAL)
Pro Adds these additional features:
MBR protection
Protecting against malicious code and Ransomware modifying MBR

● ●

Shared Folder File Protection
Remote PC infected with Ransomware protects files in shared folders

● ●

Automatic treatment
Automatic malware detection and automatic malware detection

● ●

Automatic backup
Periodically automatic backup and folder protection of specified folder by file history method

● ●

Custom Protection Extensions
Modified and added protection extensions specified by default

● ●

Update Stable
Up to 24 hours delay update to provide stable update version

● ●

Server OS Support
Server OS support for Windows Server 2008 R2 or later

 

[Handsome Recluse]

@SHvFl

So you installed them side by side without problems, great thanks (and also thanks to @cruelsister for testing AppCheck)

Regards Kees

I'm curious as to what damage control apps you found though

 

[cruelsister]

How cool is that? CheckMal cares enough to initiate a presence here on MT! And finally there are developers who actually seem to understand ransomware and surpass the typical group Policy drivel used by so many others. AppCheck made me smile...

 

[nclr11111]

Sorry, we only have facebook page currently, and it's written all over in Korean.

Hello, _CyberGhosT_

Thanks for translating our website, but some of them are incorrect, but I understand your curiosity.

The price you've mentioned is for 2 years plan in Korea, with time limited 20% price off.
We are planning for the pricing for international, please be patient.

Why not do a little "Giveaway" of the Pro version here at MT for the community to test? Might give you some good "free" useful feedback for the US and Europe markets!?

 

[Der.Reisende]

Why not do a little "Giveaway" of the Pro version here at MT for the community to test? Might give you some good "free" useful feedback for the US and Europe markets!?

Sounds like a great idea, count me in please

 

[Anker_by]

Very very nice product i will check it on my VM also good video!

 

[Windows_Security]

I'm curious as to what damage control apps you found though

AppCheck Free and MBRfilter free.

I believe (from own testing) AppCheck steps in after two consecutive updates of a file and 12 file deletes. But better ask the dev which seems to be joined MalwareTips. CruelSister's video shows that she only had 40 files left from the 57 files originally. So she probably has a much faster PC (mine is simple dual core Pentium). Maybe @Ikko could tell after how many file updates/deletes AppCheck steps in.

So besides the two programs mentioned, using an old slow CPU is als a form of damage control

 

[Duotone]

@cruelsister after 6 months I've made the request you finally tested it... how does their methods differ from other anti-ransomware?!!

Great test by the way!!!

 

[cruelsister]

Duo- My apologies. I do remember (Kinda-Sorta) testing this one in the past and was not impressed. But (If I am correct) they have made great strides. The one really, really important thing to note is that AppCheck is a pure anti-ransomware product (and they specifically watch for encryption on a case by case basis instead of using either definitions or the stupid Group Policy restrictions used by other products currently- a better path to walk especially for truly novel and zero-day stuff) . This is important to note as it should never be expected to do anything other than what is its intended purpose.

By this I mean if a ransomware product has something like a Pony info-stealer coded into it, Appcheck won't stop Pony although it probably will stop the file encryption process. Another example would be from a Private conversation I am having with Peter from Wilders- he brought up a CTBlocker variant which I totally forgot about. This one will spawn a daughter which would then run. On run, it would:
1). encrypt files
2). set itself up for persistence via Task Scheduling- so it will work on reboot via a legitimate svchost!
3). Cause a reboot via DCOM instead of the usual shutdown -r -s command

Being a pure Anti-ransomware product AppCheck WILL stop the encryption process cold (even on reboot), but will NOT stop the spawning, nor the scheduled Task, nor stop the DCOM command . However the Pro version may (or may not) stop this process cascade by deleting the original vector. But as I don't speak Korean (nor do I like like Korean food) I haven't tested or verified this.

 

[Handsome Recluse]

@Windows_Security Sorry, I meant other post damage control apps since your previous post suggests you have tried others before Appcheck. Maybe you just genuinely never found one.

 

[Duotone]

By this I mean if a ransomware product has something like a Pony info-stealer coded into it, Appcheck won't stop Pony although it probably will stop the file encryption process.

That would be a problem..but still AppCheck performed well for the anti-ransom part. Thanks again @cruelsister !

 

[Windows_Security]

@Windows_Security Sorry, I meant other post damage control apps since your previous post suggests you have tried others before Appcheck. Maybe you just genuinely never found one.

Ha CruelSister will dissagree, but I like Kapersky free to because it does real well against against known ransomware and new script based variants. See this post in other forum link as an example on how well liars (or strawman like me) can figure IMO zero day infection risk is lower as FUD-ed by most.

 

[Handsome Recluse]

Ha CruelSister will dissagree, but I like Kapersky free to because it does real well against against known ransomware and new script based variants. See this post in other forum link as an example on how well liars (or strawman like me) can figure IMO zero day infection risk is lower as FUD-ed by most.

What about other stuff like efficiency, resource or usability. Are there properties that antivirus are clearly inferior in a home environment? And how an enterprise environment would differ?

 

[Windows_Security]

Enterprise should be locked down through centrally managed whitelist (combined with a loacal AntiVirus because you don't want clients receiving infected mail or documents).

Home user: I prefere application whitelisting, so I would use Avast hardened mode, Comodo or VoodooShield (auto-pilot) to mention a few freebies and also set UAC to block elevation of unsigned executables.

 

[cruelsister]

WS- You make an important point about the need to block Privilege escalation by unknowns. Comodo finally has added a setting which when enabled will block such things without any popups.

 

[AtlBo]

I believe (from own testing) AppCheck steps in after two consecutive updates of a file and 12 file deletes. But better ask the dev which seems to be joined MalwareTips. CruelSister's video shows that she only had 40 files left from the 57 files originally. So she probably has a much faster PC (mine is simple dual core Pentium). Maybe @Ikko could tell after how many file updates/deletes AppCheck steps in.

I'm buying into this method as long as it works every time. Why do I say this? Well, because logically I should have all my personal files backed up and synced too. For [fingers crossed] an effective free option, why not use this...just make sure to sync anything you can't afford to lose. Can even do this to a small partition on your main drive, so no excuses.

 

[Windows_Security]

WS- You make an important point about the need to block Privilege escalation by unknowns. Comodo finally has added a setting which when enabled will block such things without any popups.

Good because standard Windows block prompt is not very clear (and frankly in Dutch literally translated into something stupid)

 

[shmu26]

WS- You make an important point about the need to block Privilege escalation by unknowns. Comodo finally has added a setting which when enabled will block such things without any popups.

where is the COMODO setting?
EDIT: I guess you mean this, in autosandbox settings/advanced:

 

[cruelsister]

Yes, that's it. Another difference between ver 8 and ver 10 is that in the past CF at default would allow sandboxed application to connect out without warning, so the Firewall setting of "Do Not Show Popup Alerts" with the answer "Block Alerts" would be needed.
In version 10 at default one will get a Firewall alert if a sandboxed app tries connecting out. The above mentioned setting change will silently block as in the past (I really hope to get a video out soon, but real life intrudes big-time).

 

[Handsome Recluse]

WS- You make an important point about the need to block Privilege escalation by unknowns. COMODO finally has added a setting which when enabled will block such things without any popups.

How is that setting different to auto-sandbox? What does it add?