I would like to see this ransomeware test against Appguard with my settings. Please?
Heilig Defense RansomOff Bypassed
- Thread starter [correlate]
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 16, 2018
- 1,363
I'm very upset.
The nerve of these people.
.
Someday, feelings are going to bring down the entire internet. Wait a second. Isn't that supposed to happen in 2022 ?
Not only he is a bad tester, he actually disabled self protection on this product to get a bypass.
In addition, his music is ear cancer.
How can he disable self protection, then claims self protection needs to be improved? scratching head on that one.
- Oct 31, 2014
- 1,712
I don't believe it. First time we agree on something perfectly after so many years here
He made a ransomware and tries to project himself.
The tests is not good. Look and you the video with COMODO internet security. And after tell my your opinion.
You've already made clear that you have a personal problem with RoxasDev. So anything that anyone says or posts that does not fit your view, then you will disagree with them.
In that regard this person is no different than many other people who make similar videos and then post them on Youtube. I do not see anything wrong or underhanded with the videos. Actually, I do not automatically see self-promotion. The intent can be interpreted in any of a number of ways.
In English this message identifies that Kyrox Ransomware is for testing purposes and it identifies its publisher. It mimics the ransom note that is present in just about every ransomware. There is nothing wrong with it. Or would you prefer that the person did not call it Kyrox and identify themselves as RoxasDev ? Would it be acceptable if the publisher remained anonymous ?
You would have to provide a link.
In that regard this person is no different than many other people who make similar videos and then post them on Youtube. I do not see anything wrong or underhanded with the videos. Actually, I do not automatically see self-promotion. The intent can be interpreted in any of a number of ways.
In English this message identifies that Kyrox Ransomware is for testing purposes and it identifies its publisher. It mimics the ransom note that is present in just about every ransomware. There is nothing wrong with it. Or would you prefer that the person did not call it Kyrox and identify themselves as RoxasDev ? Would it be acceptable if the publisher remained anonymous ?
You would have to provide a link.
- Oct 31, 2014
- 1,712
- Oct 31, 2014
- 1,712
- Oct 31, 2014
- 1,712
I have not personal problem with him. I do not know him, nor are we married to have personal problems with him.
I just agree with you. When you are on youtube you do it either to make money or to promote something. But when you test a product at a company you do not display your own product. Then you are not objective
So he doesn't test at Heilig Defense RansomOff, but he does advertise his product.
Are you implying or saying that RoxasDev is the publisher of another product and that their test videos are designed to show weaknesses in competitor products ?
Why does this person use Comodo products then, instead of just their own product ?
What product is he advertising ?
In this test the person shows what happens when someone does not block (allows) at the HIPS notification and does not contain (allows to run outside the sandbox) at the sandbox notification.
I understand the argument that they should have blocked the launch at the very first notification, but in reality it is far more common for a user to select allow - because they want to run the downloaded program. The same applies to the second, containment notification. Many would allow the downloaded program to run outside of the sandbox.
It isn't an invalid test. It does show that files will be encrypted if the user makes unwise allow decisions.
RoxasDev ran the test with self-protection enabled under the Security settings:
Heilig Defense RansomOff is a U.S.-based company based in ARLINGTON, VA
This company offers us an advanced Anti-Ransomware solution to protect you from 0day ransomware attacks that traditional antivirus doesn't see.
RansomOff is coded with a HIPS-Lite module that is a shield that protects against intrusions on the system and allows to authorize actions only through legitimate and approved processes. This module was automatically configured by the software I didn't touch the settings in it.
In terms of the protection of records, nothing has been touched.
Unfortunately the dropper LaunchMe dropp Kyrox in the folder %temp% and registered to restart the machine, once the machine restarted the machine is fully encrypted, the bypass was quite simple, Kyrox simply prevented the start of ransomOff at the restart of the system since Kyrox launches itself even before the Anti-Ransomware protection, so my home ransomware was able to stop RansomOff's services.
Conclusion: Heilig Defense RansomOff is not bad, it remains a very good security tool to protect you from 0day ransomware attacks, but it would be necessary to add a secure start of the machine and better protect the services and processes of the software to prevent this type of action from happening. Otherwise this software can be a real benefit for security coupled with a traditional antivirus.
Kyrox was developed for testing purposes. It is not available on the internet and never will be.
/!'- Don't bother asking me for the sample of Kyrox, it won't be shared publicly /!
RoxasDev
Level 1
- Jul 1, 2017
- 18
I advertise which product? I do not advertise any product more monetization of my videos on Youtube are not activated because of more I'm not there to make money but simply show that no product can provide protection to perfect and that the security will also depend on the user's choices about the execution of the malicious program.
RoxasDev
Level 1
- Jul 1, 2017
- 18
Thank you very much you replied to what I'm trying to show COMODO alert of an unknown program and was isolated for security reason except that I purposely added in my sample an Anti-Sandbox method, if the program detects that it is confined it will not do any action which could force the user to run this program outside the sandbox.
- Oct 31, 2014
- 1,712
- Oct 31, 2014
- 1,712
I would agree with you, and with the tester if he didn't write COMODO Bypassed. What does a user with no experience say when they see this video?
- Oct 31, 2014
- 1,712
If you had a different title in your video, and not COMODO bypassed I would congratulate you
RoxasDev
Level 1
- Jul 1, 2017
- 18
I can understand your point of view. What I can blame COMODO is not to have reacted with his HIPS module, the sandbox has responded very well but not the rest of COMODO, if COMODO through allow the execution outside the sandbox makes a kind of whitelist in the HIPS module I find a pity and it represents a security risk. After that I may be wrong and COMODO still monitors the behavior of the program with its HIPS module even if running outside the sandbox was allowed.
- Oct 31, 2014
- 1,712
I accept what you say here. They are correct. But you will have to use a different title in the video.
Similar threads
