Good antiviruses at blocking ransomware

[TheMalwareMaster]

Ransomware is one of the most important threats these days, and I'd like to ask if you know some antiviruses with a built-in specifical component to protect from ransomware. By now, I found only 360 TS on the Free side (it detects when a process is attempting to inject code in an other, or when your files are being modified. You only need to click block to stop the ransomware). On the paid side I found bitdefender and I think also kaspersky has a file protection module. Do you have any other antivirus to add?

 

[Mihir :-)]

Avast! has good Ransomware signatures also i test avast with some ransom

 

[TheMalwareMaster]

Well, I saw avast bypassed by ransomware there days

 

[Kate_L]

Free: Avast, Qihoo, Comodo
Paid: BitDefender, Kaspersky, Avast, Emsisoft.

 

[TheMalwareMaster]

Does avast have a specifical component for blocking ransomware? (comodo obviously use his sandbox)

 

[Evgeny]

Emsisoft, Kaspersky, Bitdefender.

 

[CMLew]

Malwarebytes Anti-Ransomware (still in Beta)

 

[Mihir :-)]

Well, I saw avast bypassed by ransomware there days

It may happen to any AV,but avast! did some great job basically the Evo-gen,File rep.

 

[Kate_L]

Does avast have a specifical component for blocking ransomware? (comodo obviously use his sandbox)

No, only DeepScreen (with Secure Virtual Machines) or Hardened Mode.

 

[Mihir :-)]

Does avast have a specifical component for blocking ransomware? (comodo obviously use his sandbox)

No.They use their Deepscreen,EVO-Gen.

 

[TheMalwareMaster]

At that point, quihoo is a more secure solution because it has a specifical component

 

[Mihir :-)]

No, only DeepScreen (with Secure Virtual Machines) or Hardened Mode.

If you use Hardened Mode then deepscreen not in work.SVM is just useless.Not support many users & Windows 10.

 

[Mihir :-)]

At that point, quihoo is a more secure solution because it has a specifical component

What component?

 

[Deleted Member 333v73x]

Does avast have a specifical component for blocking ransomware? (comodo obviously use his sandbox)

Avast has all kinds of ransomware in its signatures, instead of having a separate component it does what it does best - blocks malware before it even has started to download and if you do go onto a website that is injecting code Avast will 'Abort Connection' to that website. P.S: Avast has an updater which on default keeps Java, browsers, Skype and flash players up-to date. When I used Avast, because of their web blocking component File Shield never came in handy apart from on USBs. I did test it against ransomware/exploits and blocked EVERY website. I disabled Web Shield and their extension and when it started to get into processes it was blocked immediately.

 

[TheMalwareMaster]

Quihoo HIPS is able to detect when a process is injecting code in an other, and you can block it (ransomware behaviour). It can also detect when files are being hijacked (you can block also this). In setting, you can see "protect my files from being hijacked" is enabled by default. If you open the help page, quihoo explains about ransomware

 

[Deleted Member 333v73x]

What component?

Qihoo 360 Total Security has advanced heuristics and registry/file protection.

It stops itself from being disabled/edited:

It protects documents in case the ransomware executes before it is blocked:

 

[hjlbx]

At this point in time, they're all fairly good at blocking ransomware - either via signature or other mitigation technique.

@TheMalwareMaster - I assume you are searching for security softs that alert - or automatically block - file\folder modification.

If that is the case, then there is:

• HitmanPro.Alert (paid)
• AppGuard (paid) - Lock Down mode blocks everything; use it and you have no absolute need of AV - just occasional companion AV scan...
  
• COMODO (free) - must add folders or files to HIPS > Protected Objects > Protected Files and/or Protected Data Folders
• Webroot (paid) - it's rollback feature does work against some ransomware (not sure if all)
• Emsisoft (paid) - it's behavior blocker now includes anti-exploit\anti-ransomware protections

I would think most of the other paid products include anti-cryptoware as well; I just don't have the specifics for each and every one.

 

[Deleted Member 333v73x]

Also Windows Defender is getting better at blocking ransomware before it encrypts your files + Windows SmartScreen is being improved to act like Microsoft EMET.

 

[TheMalwareMaster]

At this point in time, they're all fairly good at blocking ransomware - either via signature or other mitigation technique.

@TheMalwareMaster - I assume you are searching for security softs that alert - or automatically block - file\folder modification.

If that is the case, then there is:

• HitmanPro.Alert (paid)
• AppGuard (paid) - Lock Down mode blocks everything; use it and you have no need of AV...
  
• COMODO (free) - must add folders or files to HIPS > Protected Objects > Protected Files and/or Protected Data Folders
• Webroot (paid) - it's rollback feature does work against some ransomware (not sure if all)
• Emsisoft (paid) - it's behavior blocker now includes anti-exploit\anti-ransomware protections

I would think most of the other paid products include anti-cryptoware as well; I just don't have the specifics for each and every one.

Thank you yes, I was looking for software that stops ransomware not only with definitions

 

[LabZero]

Data shield protection of Panda (not present in free edition).

What is the Data Shield protection of Panda?