- Sep 5, 2017
i did not consider Application control as real time protection as it is considered as default deny one " whitelist and then block" if you used solid core in mcafee ePO or vodooshiled it would mostly act the sameUnfortunately I forgot to turn off Kaspersky cloud telemetry whilst writing custom ransomware, my executable was uploaded and was detected the next day (I was just finishing the file iterator), so I couldn't test it against truly unseen ransomware
I had to change the whole key generator logic + the note writer module and it's too much hassle.
The ransomware I discovered was all detected by heuristics set to max. It could be stopped by Application Control as well.
but as behavior blocker the differences appears
sorry for your ransomware baby hope you give birth to another one xd