App Review Heilig Defense RansomOff Bypassed

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Not only he is a bad tester, he actually disabled self protection on this product to get a bypass.

In addition, his music is ear cancer.
I don't believe it. First time we agree on something perfectly after so many years here :ROFLMAO: :ROFLMAO:

The tests are OK.



You should know that many people have very deep feelings about these tests. So the mere posting of a video without making a single comment is still sure to upset quite a number of people.
He made a ransomware and tries to project himself.
Opera Στιγμιότυπο_2019-09-22_233104_www.youtube.com.png

The tests is not good. Look and you the video with COMODO internet security. And after tell my your opinion.
 
9

93803123

You've already made clear that you have a personal problem with RoxasDev. So anything that anyone says or posts that does not fit your view, then you will disagree with them.

He made a ransomware and tries to project himself.

In that regard this person is no different than many other people who make similar videos and then post them on Youtube. I do not see anything wrong or underhanded with the videos. Actually, I do not automatically see self-promotion. The intent can be interpreted in any of a number of ways.


In English this message identifies that Kyrox Ransomware is for testing purposes and it identifies its publisher. It mimics the ransom note that is present in just about every ransomware. There is nothing wrong with it. Or would you prefer that the person did not call it Kyrox and identify themselves as RoxasDev ? Would it be acceptable if the publisher remained anonymous ?

The tests is not good. Look and you the video with COMODO internet security. And after tell my your opinion.

You would have to provide a link.
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
You've already made clear that you have a personal problem with RoxasDev. So anything that anyone says or posts that does not fit your view, then you will disagree with them.



In that regard this person is no different than many other people who make similar videos and then post them on Youtube. I do not see anything wrong or underhanded with the videos. Actually, I do not automatically see self-promotion. The intent can be interpreted in any of a number of ways.



In English this message identifies that Kyrox Ransomware is for testing purposes and it identifies its publisher. It mimics the ransom note that is present in just about every ransomware. There is nothing wrong with it. Or would you prefer that the person did not call it Kyrox and identify themselves as RoxasDev ? Would it be acceptable if the publisher remained anonymous ?



You would have to provide a link.
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
You've already made clear that you have a personal problem with RoxasDev. So anything that anyone says or posts that does not fit your view, then you will disagree with them.
I have not personal problem with him. I do not know him, nor are we married to have personal problems with him.

In that regard this person is no different than many other people who make similar videos and then post them on Youtube. I do not see anything wrong or underhanded with the videos. Actually, I do not automatically see self-promotion. The intent can be interpreted in any of a number of ways.
I just agree with you. When you are on youtube you do it either to make money or to promote something. But when you test a product at a company you do not display your own product. Then you are not objective

In English this message identifies that Kyrox Ransomware is for testing purposes and it identifies its publisher. It mimics the ransom note that is present in just about every ransomware. There is nothing wrong with it. Or would you prefer that the person did not call it Kyrox and identify themselves as RoxasDev ? Would it be acceptable if the publisher remained anonymous ?
So he doesn't test at Heilig Defense RansomOff, but he does advertise his product.
 
9

93803123

I just agree with you. When you are on youtube you do it either to make money or to promote something. But when you test a product at a company you do not display your own product. Then you are not objective

Are you implying or saying that RoxasDev is the publisher of another product and that their test videos are designed to show weaknesses in competitor products ?

Why does this person use Comodo products then, instead of just their own product ?

So he doesn't test at Heilig Defense RansomOff, but he does advertise his product.

What product is he advertising ?
 
9

93803123



In this test the person shows what happens when someone does not block (allows) at the HIPS notification and does not contain (allows to run outside the sandbox) at the sandbox notification.

I understand the argument that they should have blocked the launch at the very first notification, but in reality it is far more common for a user to select allow - because they want to run the downloaded program. The same applies to the second, containment notification. Many would allow the downloaded program to run outside of the sandbox.

It isn't an invalid test. It does show that files will be encrypted if the user makes unwise allow decisions.
 
9

93803123

Not only he is a bad tester, he actually disabled self protection on this product to get a bypass.

RoxasDev ran the test with self-protection enabled under the Security settings:

LiesLiesandMoreLies.PNG


Heilig Defense RansomOff is a U.S.-based company based in ARLINGTON, VA

This company offers us an advanced Anti-Ransomware solution to protect you from 0day ransomware attacks that traditional antivirus doesn't see.

RansomOff is coded with a HIPS-Lite module that is a shield that protects against intrusions on the system and allows to authorize actions only through legitimate and approved processes. This module was automatically configured by the software I didn't touch the settings in it.

In terms of the protection of records, nothing has been touched.

Unfortunately the dropper LaunchMe dropp Kyrox in the folder %temp% and registered to restart the machine, once the machine restarted the machine is fully encrypted, the bypass was quite simple, Kyrox simply prevented the start of ransomOff at the restart of the system since Kyrox launches itself even before the Anti-Ransomware protection, so my home ransomware was able to stop RansomOff's services.

Conclusion: Heilig Defense RansomOff is not bad, it remains a very good security tool to protect you from 0day ransomware attacks, but it would be necessary to add a secure start of the machine and better protect the services and processes of the software to prevent this type of action from happening. Otherwise this software can be a real benefit for security coupled with a traditional antivirus.

Kyrox was developed for testing purposes. It is not available on the internet and never will be.

/!'- Don't bother asking me for the sample of Kyrox, it won't be shared publicly /!
 

RoxasDev

Level 1
Jul 1, 2017
18
I have not personal problem with him. I do not know him, nor are we married to have personal problems with him.


I just agree with you. When you are on youtube you do it either to make money or to promote something. But when you test a product at a company you do not display your own product. Then you are not objective


So he doesn't test at Heilig Defense RansomOff, but he does advertise his product.

I advertise which product? I do not advertise any product more monetization of my videos on Youtube are not activated because of more I'm not there to make money but simply show that no product can provide protection to perfect and that the security will also depend on the user's choices about the execution of the malicious program.
 

RoxasDev

Level 1
Jul 1, 2017
18
In this test the person shows what happens when someone does not block (allows) at the HIPS notification and does not contain (allows to run outside the sandbox) at the sandbox notification.

I understand the argument that they should have blocked the launch at the very first notification, but in reality it is far more common for a user to select allow - because they want to run the downloaded program. The same applies to the second, containment notification. Many would allow the downloaded program to run outside of the sandbox.

It isn't an invalid test. It does show that files will be encrypted if the user makes unwise allow decisions.

Thank you very much you replied to what I'm trying to show COMODO alert of an unknown program and was isolated for security reason except that I purposely added in my sample an Anti-Sandbox method, if the program detects that it is confined it will not do any action which could force the user to run this program outside the sandbox.
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
I advertise which product? I do not advertise any product more monetization of my videos on Youtube are not activated because of more I'm not there to make money but simply show that no product can provide protection to perfect and that the security will also depend on the user's choices about the execution of the malicious program.
your job. .
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
In this test the person shows what happens when someone does not block (allows) at the HIPS notification and does not contain (allows to run outside the sandbox) at the sandbox notification.

I understand the argument that they should have blocked the launch at the very first notification, but in reality it is far more common for a user to select allow - because they want to run the downloaded program. The same applies to the second, containment notification. Many would allow the downloaded program to run outside of the sandbox.

It isn't an invalid test. It does show that files will be encrypted if the user makes unwise allow decisions.
I would agree with you, and with the tester if he didn't write COMODO Bypassed. What does a user with no experience say when they see this video?
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Thank you very much you replied to what I'm trying to show COMODO alert of an unknown program and was isolated for security reason except that I purposely added in my sample an Anti-Sandbox method, if the program detects that it is confined it will not do any action which could force the user to run this program outside the sandbox.
If you had a different title in your video, and not COMODO bypassed I would congratulate you
 

RoxasDev

Level 1
Jul 1, 2017
18
I would agree with you, and with the tester if he didn't write COMODO Bypassed. What does a user with no experience say when they see this video?

If you had a different title in your video, and not COMODO bypassed I would congratulate you

I can understand your point of view. What I can blame COMODO is not to have reacted with his HIPS module, the sandbox has responded very well but not the rest of COMODO, if COMODO through allow the execution outside the sandbox makes a kind of whitelist in the HIPS module I find a pity and it represents a security risk. After that I may be wrong and COMODO still monitors the behavior of the program with its HIPS module even if running outside the sandbox was allowed.
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
I can understand your point of view. What I can blame COMODO is not to have reacted with his HIPS module, the sandbox has responded very well but not the rest of COMODO, if COMODO through allow the execution outside the sandbox makes a kind of whitelist in the HIPS module I find a pity and it represents a security risk. After that I may be wrong and COMODO still monitors the behavior of the program with its HIPS module even if running outside the sandbox was allowed.
I accept what you say here. They are correct. But you will have to use a different title in the video.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top