Advice Request Do you use AppCheck Anti-Ransom?

[Handsome Recluse]

It's data damage control. You're system might be infected but at least your data is intact. Might save people from the holes in the downtime of backups. This could be really important for some. Notably people who basically inputs data everytime. Especially because antivirus is the most likely main protection and this is just an easy install.

 

[HarborFront]

Nope, just tested today Petya on GPT. Ended up without any partitions and a big red skull on my display

You mean there's a ransomware that attacks GPT? Or are you referring to the MBR part (for backware compatibility) of the GPT?

If you also have MBRFilter installed maybe this will save you.

Thanks

 

[Quassar]

I dont use any standalone apps kind of anti ransome etc.
I stay with solid SRP/HIPS regroup with facing aplications in Virtual and Sandbox database/systems

SpyShelter + AppGuard
Vmware / Sandbox and SadowDefender on main system

 

[Peter2150]

It's data damage control. You're system might be infected but at least your data is intact. Might save people from the holes in the downtime of backups. This could be really important for some. Notably people who basically inputs data everytime. Especially because antivirus is the most likely main protection and this is just an easy install.

My downtime from backups is nil. My hourly incrementals take on average 45 seconds. I just did a restore from the most recent incremental. The restore took a whopping 45 seconds.

 

[Deleted member 178]

@Peter2150 seems macrium really boosted their solution since last time i used it (long long time ago) ; btw , welcome to to MT, didn't remembered you registered

 

[roger_m]

I was using this for a few weeks. But I uninstalled it, as it was casuing issues with Unchecky.

 

[Amelith Nargothrond]

You mean there's a ransomware that attacks GPT? Or are you referring to the MBR part (for backware compatibility) of the GPT?

If you also have MBRFilter installed maybe this will save you.

Thanks

I mean that Petya (two options):

• overwrote part of (if not the entire) Partition Entry Array, which is in the primary GPT header (LBA2), adding its own entries in the GPT structure or
• overwrote the first sectors of the hdd, adding its own classic MBR at the beginning of the HDD, creating the EFI partition and encrypting the rest of the content in bulk

, otherwise the pc would not boot, the HDD would still have all the partitions, not just one big and valid one (like after the attack).

But if it doesn't overwrite what it overwrites in a controlled manner, might be difficult to recover the HDD if you pay the ransom.

To conclude,
Before the attack: i had UEFI/GPT and 4 partitions
After the attack: i had UEFI and one partition (didn't analyze the structure unfortunately). UEFI can cope with MBR as long as it has the EFI partition table, but i don't think i saw that. So my personal opinion is that Petya created it's own GPT structure entirely. But this needs to be verified, they are just assumptions based on what i saw for a few seconds at the Macrium recovery step in the UI of Reflect.

 

[Evjl's Rain]

any chance that we can attach 2 cruelsister's video about appcheck free and pro in the first post in the spoiler so everyone can have a look what appcheck is and how effective it is?
@shmu26 what do you think? I know you cannot edit your post but maybe a mod/admin can help

Links to the 2 videos:

Spoiler: appcheck free

Spoiler: appcheck pro

 

[jerzy601]

Not on my laptop I do not use this soft because it does not need it because I use other anti-ransomware programs.

 

[shmu26]

any chance that we can attach 2 cruelsister's video about appcheck free and pro in the first post in ther spoiler so everyone can have a look what appcheck is and how effective it is?
@shmu26 what do you think? I know you cannot edit your post but maybe a mod/admin can help

Great idea. Mods?

 

[Peter2150]

@Peter2150 seems macrium really boosted their solution since last time i used it (long long time ago) ; btw , welcome to to MT, didn't remembered you registered

Version 6 was a quantum leap forward, and i've been using there new CBT driver for over nine months. Thanks for the welcome

 

[cruelsister]

Evjl and Shmu- There will also soon be a third one. Starting this weekend will be published a the first of a weekly 4 part ransomware series:

1). RanStop
2). AppCheck
3). HMPA
4). CF10

The same malware will be used for all.

 

[_CyberGhosT_]

Am I the only one who has AppCheck Pro ?
I was the only one who voted "I use AppCheck pro version"
@cruelsister
I know sis has it. Sis vote dammit so I am not the only one lol

 

[cruelsister]

Yeah, I do have the pro version but use it for my tests only. With CF, what's the need for anything else?

 

[_CyberGhosT_]

Yeah, I do have the pro version but use it for my tests only. With CF, what's the need for anything else?

Ok, I guess lol

 

[brod56]

I don't need to. A good AV, tweaked browser, max UAC and common sense are enough to avoid ransomware without the need of all these anti-exe programs slowing the everyday usage.

 

[_CyberGhosT_]

I don't need to. A good AV, tweaked browser, max UAC and common sense are enough to avoid ransomware without the need of all these anti-exe programs slowing the everyday usage.

If I was the only one using my PC, this would be a correct assessment for me as well, Buuuttt
I have 3 daughters and a click happy wife, AppCheck fits right in there
I run Voodoo, W.A.R & HMPA, they could not dream of slowing down this beast

 

[Hector1]

I don't need to. A good AV, tweaked browser, max UAC and common sense are enough to avoid ransomware without the need of all these anti-exe programs slowing the everyday usage.

Then good luck (and God protect you )

 

[Captain Awesome]

I use AppCheck free version with Tweaked Avast Internet Security( Hardened mode: aggressive).

 

[brod56]

If I was the only one using my PC, this would be a correct assessment for me as well, Buuuttt
I have 3 daughters and a click happy wife, AppCheck fits right in there
I run Voodoo, W.A.R & HMPA, they could not dream of slowing down this beast

Yeah sure. I have my parents computer tweaked too with Kaspersky in TAM. If we are experienced, then we don't need any type of anti-exe. But in case on novice users, I always recommend to them one of the three: Kaspersky (TAM), Voodoshield or Comodo Firewall (Proactive).