[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

[HeiDef]

Thanks everyone for the patience. We found an issue with the 32-bit MSI installer and it took a little longer than expected to fix it. But we just updated the website (Heilig Defense Correlate RansomOff) with the new version. We also added a few new features based on some of the initial feedback to include an attempt to clean up any artifacts dropped by the ransomware as well as doing a better job of terminating the full process tree.

For those of you testing on a Win7 system, please make sure you have KB3033929 installed. That's what allows for drivers signed with SHA-256 to load. Thanks again and looking forward to hearing any feedback.

 

[Captain Awesome]

Thanks everyone for the patience. We found an issue with the 32-bit MSI installer and it took a little longer than expected to fix it. But we just updated the website (Heilig Defense Correlate RansomOff) with the new version. We also added a few new features based on some of the initial feedback to include an attempt to clean up any artifacts dropped by the ransomware as well as doing a better job of terminating the full process tree.

For those of you testing on a Windows 7 system, please make sure you have KB3033929 installed. That's what allows for drivers signed with SHA-256 to load. Thanks again and looking forward to hearing any feedback.

Looking forward to test it.One question about MBR ransomware protection of RansomOff.Is RansomOff protected by this type of ransomwares?

 

[HeiDef]

Looking forward to test it.One question about MBR ransomware protection of RansomOff.Is RansomOff protected by this type of ransomwares?

RansomOff does not protect against MBR ransomware. Maybe a future release will have that added but MBR ransomware is relatively rare compared to regular ransomware and we want to get that right first before working on a different problem set.

 

[_CyberGhosT_]

RansomOff does not protect against MBR ransomware. Maybe a future release will have that added but MBR ransomware is relatively rare compared to regular ransomware and we want to get that right first before working on a different problem set.

Baby steps, makes very good sense

 

[HarborFront]

Hi @HiDef

So any FREE giveaway for MT say 50 copies...or more if you wish?

 

[HeiDef]

Hi @HiDef

So any FREE giveaway for MT say 50 copies will do?

It's already free and we have no plans for any type of licensing for home and personal use in the future either.

 

[HeiDef]

For anyone interested.

 

[Evjl's Rain]

I tested it. Good result. Something should improve

Video Review - Heilig Defense RansomOff 4.8068.349.5901 (Beta) Win 7x86 - Review

 

[Captain Awesome]

I tested it. Good result. Something should improve

Video Review - Heilig Defense RansomOff 4.8068.349.5901 (Beta) Win 7x86 - Review

Do you recommend this anti-ransomware protection?

 

[Evjl's Rain]

Do you recommend this anti-ransomware protection?

not now but after 1 or 2 versions
I noticed a few problems with it:
- after the BSOD and reboot, it created so many empty files with various extensions (.doc, ppt, xls, txt,...) visible (not hidden) almost everywhere in the machine and could not be opened or deleted. It broke the functionality of many other applications, extremely annoying. I thought I got hit by ransomwares. After the second reboot, they were gone and things were normal again
- It conflicted with office 2007 portable and the ransomwares after the reboot => BSOD again (perhaps another reboot could have solved the problem but I didn't want to)
- The startup speed was very slow although it didn't impact the boot time. It just started itself slowly and consumed a little CPU and disk activity => vulnerable during this period

you can try it now but consider what I wrote here

 

[Amelith Nargothrond]

not now but after 1 or 2 versions
I noticed a few problems with it:
- after the BSOD and reboot, it created so many empty files with various extensions (.doc, ppt, xls, txt,...) visible (not hidden) almost everywhere in the machine and could not be opened or deleted. It broke the functionality of many other applications, exetremely annoying. I thought I got hit by ransomwares. After the second reboot, they were gone and things were normal again
- It conflicted with office 2007 portable and the after the ransomwares after the reboot => BSOD again (perhaps another reboot could have solved the problem but I didn't want to)
- The startup speed was very slow although it didn't impact the boot time. It just started itself slowly and consumed a little CPU and disk activity => vulnerable during this period

you can try it now but consider what I wrote here

Isn't it killing some system processes that got injected by the ransomware? I would prefer that rather to lose my files.

 

[Evjl's Rain]

Isn't it killing some system processes that got injected by the ransomware? I would prefer that rather to lose my files.

it did kill some processes but not all of them. Some were still running and some duplicated themselves in different folder and set autorun entries to start on boot

I saw 1 sample blocked by RansomOff but it was running on boot and infected the VM. It had to get rid of it before restarting the video. I forgot to write it down on the text. People don't like read too much

 

[Amelith Nargothrond]

it did kill some processes but not all of them. Some were still running and some duplicated themselves in different folder and set autorun entries to start on boot

I saw 1 sample blocked by RansomOff but it was running on boot and infected the VM. It had to get rid of it before restarting the video. I forgot to write it down on the text. People don't like read too much

Strange, my results were pretty bad, yours are pretty good. I didn't had any BSOD (except from petya), but you had many.

 

[Evjl's Rain]

to conclude, RansomOff is better than most antiransomware tools I have tested but it's not 100% stable to be used daily
I'm impressed. Very impressed

 

[Evjl's Rain]

Strange, my results were pretty bad, yours are pretty good. I didn't had any BSOD (except from petya), but you had many.

I think they improved something in this version so it is better
I'm using windows 7 x86 so the result may be different from yours. Petya causes BSOD itself so it's not BSOD
I used Office 2017 portable and you don't use so it was my fault

 

[_CyberGhosT_]

to conclude, RansomOff is better than most antiransomware tools I have tested but it's not 100% stable to be used daily
I'm impressed. Very impressed

Thanks Evil, very good

 

[Amelith Nargothrond]

to conclude, RansomOff is better than most antiransomware tools I have tested but it's not 100% stable to be used daily
I'm impressed. Very impressed

Better than most free ones, right? Appcheck and Ranstop both have MBR protection and also recover files.

 

[Evjl's Rain]

Better than most free ones, right? Appcheck and Ranstop both have MBR protection and also recover files.

yes better than most free ARs. RansomOff missed nothing in my test while it was running but failed when it was not up
I may have to test more samples like what I did before so the result would be more reliable

appcheck and ranstop missed a few or blocked but some files were deleted

 

[Amelith Nargothrond]

yes better than most free ARs. RansomOff missed nothing in my test while it was running but failed when it was not up
I may have to test more samples like what I did before so the result would be more reliable

appcheck and ranstop missed a few or blocked but some files were deleted

Really? I saw your reviews, i must have missed what did they miss, didn't see any missed ransomware. Thanks @Evjl's Rain !

 

[HarborFront]

Better than most free ones, right? Appcheck and Ranstop both have MBR protection and also recover files.

Free version of AppCheck do not protect the MBR. Only AppCheck Pro paid does.