Battle Comparing Anti-Ransomware

[generalwu]

Hi All,

I'm currently using Avast AV Free along with Zemana Anti-Keylogger and recently I came across Kaspersky Anti-Ransomware which I'm curious if I were to use it to protect myself against Ransomware would be a waste of resources?

Thanks.

 

[mekelek]

I wouldn't really call Zemana an "anti-ransomware" to be honest..
KAR would be useful but Avast has some decent-ish antiransomware modules/hardening?

 

[ispx]

for ransomware feel free to replace avast with kaspersky if you like but stay with zal for the anti-key logging business.

 

[Glashouse]

for ransomware feel free to replace avast with kaspersky if you like but stay with zal for the anti-key logging business

I played with different anti logging, keystroke encryption tools in the past and came to the conclusion that I like to prevent getting infected instead of mitigating the result of the infection.
All of the encryption products had issues with my Multiplicity installation so I am avoiding them, now.

 

[Sajeesh]

Ransomware can be blocked by behavior analysis, prefer to SentinelOne, CarbonBlack. However cost is on high with these products.

 

[brod56]

Zemana is a decent product, but it is not the definitive solution against ransomwares.
Kaspersky Anti-Ransomware is very nice, but I think there are better options.
If you want a complete zero-day solution, try Voodooshield or Comodo Firewall with cruelsister's settings.

 

[generalwu]

I wouldn't really call Zemana an "anti-ransomware" to be honest..
KAR would be useful but Avast has some decent-ish antiransomware modules/hardening?

I've already activated the hardened mode based on the guide provided here, does that means I'm protected against Ransomware?

for ransomware feel free to replace avast with kaspersky if you like but stay with zal for the anti-key logging business.

Are you suggesting that I remove my AV and replace with Kaspersky AV?

I'm definitely keeping Zemana.

Thanks.

 

[generalwu]

I played with different anti logging, keystroke encryption tools in the past and came to the conclusion that I like to prevent getting infected instead of mitigating the result of the infection.
All of the encryption products had issues with my Multiplicity installation so I am avoiding them, now.

Multiplicity software?

Ransomware can be blocked by behavior analysis, prefer to SentinelOne, CarbonBlack. However cost is on high with these products.

Ouch, I'm not touching those. Too heavy on the wallet.

Zemana is a decent product, but it is not the definitive solution against ransomwares.
Kaspersky Anti-Ransomware is very nice, but I think there are better options.
If you want a complete zero-day solution, try Voodooshield or Comodo Firewall with cruelsister's settings.

Thanks, I'm not keen on trying those.

I've tried Voodooshield before and found that it's prompting too much.
It's like UAC on steroid and it's VoodooAI is not helping much.
I'm currently using SecureAPlus as an alternative now and it's much better (Or less secure. )

Firewall wise I'm using Glasswire Free to act as a monitor, I read that Comodo is also on steroid hence the not very keen part.

 

[Glashouse]

@generalwu : Multiplicity | Software KVM Switch | Stardock

 

[ispx]

Are you suggesting that I remove my AV and replace with Kaspersky AV?

@mekelek has covered that part already. i think what he has suggested is you can stay with avast or move to kaspersky, both are good.

keep zal with either of them is my advice.

@generalwu : Multiplicity | Software KVM Switch | Stardock

have you ever had issues with malwarebytes / zemana in a kvm setup?

i have not worked on a kvm setup in years so i am curious.

 

[Glashouse]

ZAL is having issues with software KVM in my case Multiplicity. Installing ZAL on the main computer to which the keyboard is attached shows scrambled keys on the other systems... I saw the same with other key encryption solutions... sometimes you can add exeptions, but this didn't work for me.
ZAM works without problems as there is no keyboard scrambler

 

[mekelek]

ZAL is having issues with software KVM in my case Multiplicity. Installing ZAL on the main computer to which the keyboard is attached shows scrambled keys on the other systems... I saw the same with other key encryption solutions... sometimes you can add exeptions, but this didn't work for me.
ZAM works without problems as there is no keyboard scrambler

ZAL's anti-keylogging has problems with a lot of things, that's why i never had it turned on when i used it for a brief time.

 

[Evjl's Rain]

best combo for you in my opinion, I'm using it
- avast free: hardened mode aggressive, max heuristics, enabled PUP protection
- appcheck antiransomware free: best in terms of protection and compatibility. much better than kaspersky antiransomware and zemana against zero-day ransomwares. There might be better products but stabilty is the common problem of them. appcheck doesn't have that problem
- disable windows script host (just google for the instruction)
- disable powershell (if you want, it might be useful sometimes)
- unchecky
- use google chrome with ublock origin, add the first 2 blocklists (with low FP rate), also hphosts emd to your ublock custom filters
- consider using avira browser safety/avira safe shopping: disable all extra features (uncheck everthing)


everything is free, there is no need for paid products. It's user-friendly and everyone can use it including unexperienced users. No popups, no prompts

the only weakness I can think of in this setup are exploits and MBR ransomwares (maybe)

mbrfilter may help but it can cause many problems

appcheck antiransomware pro can protect MBR ransomwares but it's $11

 

[brod56]

Multiplicity software?



Ouch, I'm not touching those. Too heavy on the wallet.



Thanks, I'm not keen on trying those.

I've tried Voodooshield before and found that it's prompting too much.
It's like UAC on steroid and it's VoodooAI is not helping much.
I'm currently using SecureAPlus as an alternative now and it's much better (Or less secure. )

Firewall wise I'm using Glasswire Free to act as a monitor, I read that Comodo is also on steroid hence the not very keen part.

Next time you try Voodoshield, try it in AutoPilot mode. I find it still pretty good and way less annoying.

 

[jamescv7]

Kaspersky Anti-Ransomware capabilities are indeed very good from their Cloud and generic detection however that should bind with a strong anti-exe based.

Honestly you don't need Anti-ransomware protection alone; you can have a typical AV + Anti-Exe within maximum settings; although better yet equip with rollback/snapshot utility just in case cause any security program will fail for newer strands.

 

[212eta]

Comparing Anti-Ransomware. List of products to compare:
Kaspersky Anti-Ransomware & Zemana Anti-Keylogger

* For Kaspersky O.K.
* But Zemana is an Anti-Keylogger rather than an Anti-Ransomware.

Anyway, what I recommend is: AppCheck Anti-Ransomware

 

[bribon77]

Good. I've tried AppCheck Anti-Ransomware, with samples of ramsonware and left me a mess of things by all sides,in consumption this very well-better than Kaspersky antirasonware, but Kasperky is more long-winded. leaves no traces block and already

 

[frogboy]

For my two cents worth always have a current backup on hand just in case all else fails. It works for me.

 

[generalwu]

@generalwu : Multiplicity | Software KVM Switch | Stardock

Nice, thanks for sharing but I have no use case for it yet. Perhaps in the furture.

@mekelek has covered that part already. i think what he has suggested is you can stay with avast or move to kaspersky, both are good.

keep zal with either of them is my advice.



have you ever had issues with malwarebytes / zemana in a kvm setup?

i have not worked on a kvm setup in years so i am curious.

Thanks, I'll stay with Avast for now.

best combo for you in my opinion, I'm using it
- avast free: hardened mode aggressive, max heuristics, enabled PUP protection
- appcheck antiransomware free: best in terms of protection and compatibility. much better than kaspersky antiransomware and zemana against zero-day ransomwares. There might be better products but stabilty is the common problem of them. appcheck doesn't have that problem
- disable windows script host (just google for the instruction)
- disable powershell (if you want, it might be useful sometimes)
- unchecky
- use google chrome with ublock origin, add the first 2 blocklists (with low FP rate), also hphosts emd to your ublock custom filters
- consider using avira browser safety/avira safe shopping: disable all extra features (uncheck everthing)


everything is free, there is no need for paid products. It's user-friendly and everyone can use it including unexperienced users. No popups, no prompts

the only weakness I can think of in this setup are exploits and MBR ransomwares (maybe)

mbrfilter may help but it can cause many problems

appcheck antiransomware pro can protect MBR ransomwares but it's $11

So you're saying kaspersky antiransomware is not as stable as appcheck? I still don't quite understand how's appcheck better than kaspersky.

I've uninstalled unchecky as I found that it doesn't really helped me as there's more false positive than actual hits.

I'm looking at the appcheck version comparison and there's a column saying that it does not automatic block ransonware behaviour, do you know what it means?

Thank you for the suggestions, i'll have a look at the rest.

Next time you try Voodoshield, try it in AutoPilot mode. I find it still pretty good and way less annoying.

Hmm... Alright then, I'll give it a go once my subscription with SecureAPlus is up.

Kaspersky Anti-Ransomware capabilities are indeed very good from their Cloud and generic detection however that should bind with a strong anti-exe based.

Honestly you don't need Anti-ransomware protection alone; you can have a typical AV + Anti-Exe within maximum settings; although better yet equip with rollback/snapshot utility just in case cause any security program will fail for newer strands.

Haha, I've the AV + Anti-EXE combo already, just being paranoid.

I'm hesitant with rollback/snapshot due to frequent updates to software/app and OS. I'm afraid that updating the snapshots would be a major hassle.

* For Kaspersky O.K.
* But Zemana is an Anti-Keylogger rather than an Anti-Ransomware.

Anyway, what I recommend is: AppCheck Anti-Ransomware

Thanks for sharing, I'll probably check it out.

Good. I've tried AppCheck Anti-Ransomware, with samples of ramsonware and left me a mess of things by all sides,in consumption this very well-better than Kaspersky antirasonware, but Kasperky is more long-winded. leaves no traces block and already

For my two cents worth always have a current backup on hand just in case all else fails. It works for me.

What's long-winded. leaves no traces block?

Thanks.

 

[Evjl's Rain]

appcheck and kaspersky are very stable

appcheck > kaspersky: zero-day ransomwares. appcheck can revert most encrypted files, sometimes, it misses but files can be found in the backup folder
kaspersky (online only) > appcheck: a few day old ransomwares, MBR ransomwares

kaspersky has KSN (cloud) which can detect many ransomwares instantly. It has system watcher (a weaker version of the actual kaspersky suits) but it's much less effective than appcheck as malware hub tests proved it

another solution is 360 folder protector. it's not an antiransomware tool but it can backup files before any change applied. it can be used with other other tools in case antiransomware tools and AVs fail to protect, files will be safe (backed up) regardless of the infection

I can recommend kaspersky antiransomware + qihoo 360 folder protector = free. this combo is also great and your files will be aafe in most cases, better than appcheck free alone
appcheck pro can do everything: backup, protect MBR if you are willing to try and pay

360 folder protector is good if you know where to recover the files but not good for users friends who don't know anything about PC + you can't help them