App Review Emsisoft vs. Ransomware - Double Feature (Juan Diaz)

Der.Reisende · Feb 11, 2019

HUB Thread for #FCrypt Ransomware:

https://malwaretips.com/threads/fcrypt-ransomware.90430/#post-797420

Wraith · Feb 12, 2019

It seems that Emsisoft doesn't monitor the child processes if it's a trusted process. Fcrypt used cmd to encrypt the files and since cmd is a trusted windows component, the BB ignored it's actions. I wonder how OSArmor would fare in such a situation.

bribon77 · Feb 12, 2019

Big Emsisoft flaw. You must correct that.

Arequire · Feb 12, 2019

bribon77 said:
Big Emsisoft flaw. You must correct that.

It's being worked on:

Fabian Wosar said:
We are currently reworking the way trust works in EAM, so it assigns trust based on a trust-chain. That means, GPG may be trusted when it is started by a trusted process, but not if it is started by an unknown or untrusted process.

There is no ETA yet for when this change will roll out ...

Search

App Review Emsisoft vs. Ransomware - Double Feature (Juan Diaz)

Der.Reisende

Level 45

Wraith

Level 13

bribon77

Level 35

Arequire

Level 29

Similar threads