Good antiviruses at blocking ransomware

[hjlbx]

Thank you yes, I was looking for software that stops ransomware not only with definitions

AppGuard + NoVirusThanks Exe Radar Pro is best combo against most malwares... but it is not very good security soft "toy" because there is not much to play with.

 

[Deleted Member 333v73x]

AppGuard + NoVirusThanks Exe Radar Pro is best combo against most malwares... but it is not very good security soft "toy" because there is not much to play with.

Why would you need both, they both do the same thing very well?

 

[hjlbx]

Why would you need both, they both do the same thing very well?

AppGuard does a lot more things than just block executions - like memory and folder protections.

NVT ERP is used primarily to monitor vulnerable processes - which AppGuard currently does not do.

When installing softs, NVT ERP covers openings created by lowering AppGuard to Install Mode.

AppGuard is SRP (software restriction policy) soft.

NVT ERP is pure anti-executable.

So both are needed for maximum lock-down; each one compliments the other.

For typical use - AppGuard - used properly - is sufficient.

 

[CySecy825]

I Think Comodo and Qihoo is good for blocking Ransomwares (Free)

Thanks

 

[Atlas147]

Most AVs are only good at blocking ransomware after they have been discovered, in the early days of deployment very few AVs have the capabilities to block the malware. If you want prevention the only way is to get a whitelisting application like voodooshield and only run programmes that you are 100% sure that you trust. No AV can have perfect scores in blocking the ransomware.

 

[Evgeny]

Also this > this is one of the best ways to protect yourself

 

[sunrise]

Check out cruelsister video review where it shows various antivirus being tested against 3 different rypes of ransomware based onseverity.

So far, the ones who pass are Q360TS, BitFAV, Eset

 

[Kate_L]

Check out cruelsister video review where it shows various antivirus being tested against 3 different rypes of ransomware based onseverity.

So far, the ones who pass are Q360TS, BitFAV, Eset

You forgot about AVG.

If anyone uses Avast, there is an option in the web-shield called "Warn when downloading files with poor reputation", this option is very good, you should check it.

 

[Der.Reisende]

Ransomware is one of the most important threats these days, and I'd like to ask if you know some antiviruses with a built-in specifical component to protect from ransomware. By now, I found only 360 TS on the Free side (it detects when a process is attempting to inject code in an other, or when your files are being modified. You only need to click block to stop the ransomware). On the paid side I found bitdefender and I think also kaspersky has a file protection module. Do you have any other antivirus to add?

Agree on Qihoo 360 TS, doing an awesome job!
But they seem to have a problem with identifying bad files sometimes, I often get messages like this:
Pic-Upload.de - image.png

Compare it to Avira Statement, same file...
Pic-Upload.de - image.png

HMP.A is good too, but not free.

P.S. Submitted the dropped TeslaCrypt from today's virus exchange, will post Qihoo's answer as soon as I get it, to be clear whether the one above is really a FP or if Qihoo did not detect it.

https://malwaretips.com/threads/samples-9.55950/
https://www.virustotal.com/de/file/...2296fa62ac6cd57828ad9268f623dfb16fc/analysis/

UPDATE: I assume some Time-lag between the analysis and the Report following it of SUDed files and the real detection. Probably the reason I've got a bunch of those mails like the one screenshotet from yesterdays SUD and the one thats now detected in todays 1st malware pack (Re-SUD yesterday. Usually, newly detected files caused a Mail with "proper actions have been taken".

 

[done]

Quihoo HIPS is able to detect when a process is injecting code in an other, and you can block it (ransomware behaviour). It can also detect when files are being hijacked (you can block also this). In setting, you can see "protect my files from being hijacked" is enabled by default. If you open the help page, quihoo explains about ransomware

So far and as far as I know (maybe wrong) the only antiviruses that have this kind of protection are the Chinese, Qihoo, tencent and I think baidou not sure.
So far the best of these 3 is Qihoo. With Qihoo you'll have to remember that without stable internet connection these feature will not work. So with solid internet connection the best option I think is Qihoo.

 

[Ink]

There are also standalone Ransomware Removal and Protection tools, that you can run alongside your existing Antivirus software.

Trend Micro (AntiRansomware Removal Tool)
eSupport - Trend Micro Inc.

Bitdefender (Anti-CryptoWall Protection Tool)
Bitdefender Offers CryptoWall Vaccine | Bitdefender Labs

HitmanPro.Kickstart (Removal USB Tool)
HitmanPro.Kickstart - Anti ransomware, politievirus, bundestrojaner, Reveton, BKA, GVU - SurfRight

CryptoPrevent (Protection Tool)
CryptoPrevent Malware Prevention

Special Decryption tools against CoinVault/Bitcryptor for affected Bitcoin users.

Kaspersky (Removal Tool)
Kaspersky Ransomware Decryptor

 

[jamescv7]

The problem on ransomware protection type in AV's are limited and does not rarely focus to explore or configure nowadays. Because of lack configuration to adjust or place some directories to protect it.

on views.Those 3rd party anti-exe mentioned definitely rely on those ruleset but powerful on detecting any suspicious presented