App Review AppGuard against Ransomware

erreale · Mar 10, 2017

XhenEd said:
I'm not sure what you mean by "scanning".

My mistake. I mean Scan with..second opinion av

509322 · Mar 10, 2017

erreale said:
My mistake. I mean Scan with..second opinion av

Second opinion scan is OK and all, but what if it doesn't detect anything because it has no signatures to detect with ?

It is better testing methodology to manually inspect what is running in active memory using Process Explorer, Process Hacker, System Explorer, etc. If you find something, then you can check for its autorun.

Also, check if anything placed inside Documents\My Private Folder or any other user-created Private Folders has been encrypted.

If anything else in User Space is encrypted - it isn't important - because after a ransomware infection, you will need to clean install the OS to start over with a known clean system.

The goal of AppGuard Private Folders is to protect user data - and that's it - but a user has to take full advantage of Private Folders.

Duotone · Mar 10, 2017

Nice test...

Lockdown said:
Guarded ransomware can still encrypt C:\Users\* directories.

Even in lockdown?!

Lockdown said:
The goal of AppGuard Private Folders is to protect user data - and that's it - but a user has to take full advantage of Private Folders.

If I add a drive say F: and set it to protected would that suffice?! I store macrium images on that drive..

XhenEd · Mar 10, 2017

Duotone said:
Nice test...

Even in lockdown?!

Yes if it's Guarded.

But you have to manually put it into Guarded list to do this, as Locked Down mode just blocks its execution. So, why would you put it into Guarded list in the first place?

Duotone · Mar 10, 2017

XhenEd said:
So, why would you put it into Guarded list in the first place?

LOL... Good point

509322 · Mar 10, 2017

Duotone said:
Nice test...

Even in lockdown?!

Guarded protections does not block encryption. Add any archiver to Guarded Apps and it can still be used to archive files.

To protect your valuable datas stored in User Space, you must place that data inside a Private Folder.

Read the AppGuard Help file.

Video Review - AppGuard against Ransomware

509322 · Mar 10, 2017

Duotone said:
If I add a drive say F: and set it to protected would that suffice?! I store macrium images on that drive..

Protected mode, at this time, does not block the execution of files with a proper certificate. However, the digitally signed ransomware would have to encrypt connected drives and specifically the Macrium image file type.

All this matters if you are paranoid. In that case, don't leave any external drives connected to the system all the time.

Search

Search

App Review AppGuard against Ransomware

erreale

Level 9

509322

Duotone

Level 10

XhenEd

Level 28

Duotone

Level 10

509322

509322

You may also like...