[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

[HarborFront]

Ok, some outstanding issues here

1) MBR protection for ALL partitions instead of just the first partition of a drive. This was mentioned at the Wilders Security Forums by the devleoper. See post #11
RansomOff 4

2) Files restoration
3) Warning message when user click 'Allow'

Right?

 

[HeiDef]

Ok, some outstanding issues here

1) MBR protection for ALL partitions instead of just the first partition of a drive. This was mentioned at the Wilders Security Forums by the devleoper. See post #11
RansomOff 4

2) Files restoration
3) Warning message when user click 'Allow'

Right?

1) Correct. MBR protection right now is per drive not per partition so multi partition drives are not fully covered.
2) There is file restoration but let me explain a bit how it works. It is not system wide. Every change to every file from every process is not restorable. Instead RansomOff, through its detection heuristics, decides if a file should be saved before a change is made. Right now, only processes that have thrown an alert (i.e. ransomware) will have any files that were modified restored. If a process did not cause an alert and closes, the cache of files associated with that process are purged. The default setting is to do the restoration automatically however it can be changed to manual. That is why, when you goto the Restore form in the UI, you likely won't see any processes or files listed. That's because a) no ransomware was detected, b) no files were actually modified by the ransomware, or c) the files have already been restored and cleared from the cache. You can see a record of the cleanup and restoration in the Alerts (must click 'View All Sessions' checkbox to view cleanup messages). So file restoration is there but done differently than other solutions in order to allow RansomOff to be as efficient as possible without using a lot of system resources.
3) Latest build from today (5.2017.99.6252) adds confirmation message.

 

[Jogos]

Sadly version 5.2017.98.6378.64 not working for me. I have Windows 10 x64, in now im downloading latest version, maybe be works.

LoL, I unistall Cyberreason ransomfree first with Total Uninstall, next I install RansomOff (not working, can't reinstall and can't remove folder from Program Files Directory. My IDM not working, Total Uninstall also, System Freezing, High CPU Usage, lot of WerFault.exe processes. I think about use System Refreshing option, because im very frustrating. I don't know who of these applications make sh%it from my system

 

[HeiDef]

Sadly version 5.2017.98.6378.64 not working for me. I have Windows 10 x64, in now im downloading latest version, maybe be works.

LoL, I unistall Cyberreason ransomfree first with Total Uninstall, next I install RansomOff (not working, can't reinstall and can't remove folder from Program Files Directory. My IDM not working, Total Uninstall also, System Freezing, High CPU Usage, lot of WerFault.exe processes. I think about use System Refreshing option, because im very frustrating. I don't know who of these applications make sh%it from my system

Hi Jogos,

We sent you a PM to get some more information. We need to understand a little bit better of what "not working" means. However, if we had to initially guess, it's likely an existing piece of security software does not like RansomOff. Try disabling your other security software and see if that fixes the problem. If so, please let us know if that worked and what you disable so we can try to replicate the issue. Thanks.

 

[HarborFront]

@HeiDef

Just need some confirmation

1) Wrt post #102 above is MBR protection now extended to multi partition drives?
2) How about protection for GPT and VBR drives?

Can't find any mention in your changelogs

Heilig Defense RansomOff

3) Nowadays, many security software have self-protection feature and I have encountered software with self-protection feature enabled which prevented my SSD from re-formatting. That's because I forgot to disable it. Will forgetting to disable the self-protection feature in RansomOff prevents my SSD from reformatting? If yes, is it possible on your side to auto-disable the self-protection feature when it detects that the program is to be uninstalled?
4) Has the ability to auto-disable all real-time protection modules upon detection of uninstallation of the program would be great.

I think the features need to be more detailed on your website

Heilig Defense RansomOff

 

[Windows_Security]

@HeiDef New Gui RC

Issue? After adding a password, I can't remove it anymore

Change? Could not find the 'exclude folders' option anymore for backup/restore

User interface: The 'return to main/exit from detailled setting' seems awkard/inconsistent

 

[HeiDef]

@HeiDef New Gui RC

Issue? After adding a password, I can't remove it anymore

Change? Could not find the 'exclude folders' option anymore for backup/restore

User interface: The 'return to main/exit from detailled setting' seems awkard/inconsistent

Thanks Kees. We'll take a look at the password issue. The 'exclude folders' options for back ups is on the exemptions window with the rest of the exclusion settings. Can you explain the 'return to main' piece a bit more? Not exactly sure what you mean there.

 

[HeiDef]

@HeiDef

Just need some confirmation

1) Wrt post #102 above is MBR protection now extended to multi partition drives?
2) How about protection for GPT and VBR drives?

Can't find any mention in your changelogs

Heilig Defense RansomOff

3) Nowadays, many security software have self-protection feature and I have encountered software with self-protection feature enabled which prevented my SSD from re-formatting. That's because I forgot to disable it. Will forgetting to disable the self-protection feature in RansomOff prevents my SSD from reformatting? If yes, is it possible on your side to auto-disable the self-protection feature when it detects that the program is to be uninstalled?
4) Has the ability to auto-disable all real-time protection modules upon detection of uninstallation of the program would be great.

I think the features need to be more detailed on your website

Heilig Defense RansomOff

Hey @HarborFront

1) No. Still only 1 per physical drive.
2) All drives have an MBR or MBR-like area for backwards compatibility. RO protects the area the same regardless of what is there. It does not protect the actual GPT though.
3) Self-protection and reformatting seem to be very independent things. And not sure about your SSD issue.
4) What program? RO or just some other random application? If you are referring to some other application then if RO could do that what would stop a ransomware author from mimicking an uninstall in order to get RO to auto-drop its protections? It's not something that's really possible to do reliably and without introducing risk.

 

[HarborFront]

Hey @HarborFront

1) No. Still only 1 per physical drive.
2) All drives have an MBR or MBR-like area for backwards compatibility. RO protects the area the same regardless of what is there. It does not protect the actual GPT though.
3) Self-protection and reformatting seem to be very independent things. And not sure about your SSD issue.
4) What program? RO or just some other random application? If you are referring to some other application then if RO could do that what would stop a ransomware author from mimicking an uninstall in order to get RO to auto-drop its protections? It's not something that's really possible to do reliably and without introducing risk.

Hi

For 4) I'm referring to RO. Thanks again

 

[Windows_Security]

Thanks Kees. We'll take a look at the password issue. The 'exclude folders' options for back ups is on the exemptions window with the rest of the exclusion settings. Can you explain the 'return to main' piece a bit more? Not exactly sure what you mean there.

Thanks found the exclusions

The SAVE icon is really small. I thought that in other screens other mechanisms were used (like Save and Cancel button)

When opening a PDF I get this error in the debug log
[1114/213322.019:ERROR:registration_protocol_win.cc(84)] TransactNamedPipe: The pipe has been ended. (0x6D)

 

[128BPM]

Hi @HeiDef,

I wondered if RansomOff + OSArmor would be overkill?

Thanks.

 

[HeiDef]

Hi @HeiDef,

I wondered if RansomOff + OSArmor would be overkill?

Thanks.

Really depends on your habits. RansomOff is very strong against ransomware with minimal configuration. It also has other features that can protect against a number of different attack vectors. I have not used OSA but from what I've read it seems to be a very strong policy-like enforcement tool that can really lock down areas of your system that can be abused. They should play nicely together and really complement each other because the mechanisms of detection and enforcement are different. So if you are using torrents, click random email link and love Flash, it's probably not overkill but if you are cautious and think about your cyber actions it might be. It's not a straight forward answer and even though I'd like you to use RansomOff it's really user dependent.

 

[128BPM]

Really depends on your habits. RansomOff is very strong against ransomware with minimal configuration. It also has other features that can protect against a number of different attack vectors. I have not used OSA but from what I've read it seems to be a very strong policy-like enforcement tool that can really lock down areas of your system that can be abused. They should play nicely together and really complement each other because the mechanisms of detection and enforcement are different. So if you are using torrents, click random email link and love Flash, it's probably not overkill but if you are cautious and think about your cyber actions it might be. It's not a straight forward answer and even though I'd like you to use RansomOff it's really user dependent.

@HeiDef

Thank you for your answer. I think your software is very interesting, is there any plan to expand detection capabilities for other types of malware? I mean transform RansomOff in a more complete solution.

Or perhaps a Correlate version for home users?

Regards.

 

[HeiDef]

@HeiDef

Thank you for your answer. I think your software is very interesting, is there any plan to expand detection capabilities for other types of malware? I mean transform RansomOff in a more complete solution.

Or perhaps a Correlate version for home users?

Regards.

Thanks.

It's still in the early stages but we have begun to look at releasing a broader anti-malware solution not necessarily tied to RansomOff. As you mentioned Correlate, which is where RansomOff came from, has a wide range of capabilities some of which would be useful in a standalone home version. Most of Correlate is geared towards enterprise environments so a straight "Correlate Home" isn't in the cards but we should be able to adapt pieces of it into a home endpoint solution.

 

[HarborFront]

Thanks.

It's still in the early stages but we have begun to look at releasing a broader anti-malware solution not necessarily tied to RansomOff. As you mentioned Correlate, which is where RansomOff came from, has a wide range of capabilities some of which would be useful in a standalone home version. Most of Correlate is geared towards enterprise environments so a straight "Correlate Home" isn't in the cards but we should be able to adapt pieces of it into a home endpoint solution.

It would be great if you can have a signature-less anti-malware which can provide real-time protection when online and offline like Cylance PROTECT

 

[HeiDef]

It would be great if you can have a signature-less anti-malware which can provide real-time protection when online and offline like Cylance PROTECT

That's the plan. There's little value in creating another signature based solution. RansomOff and Correlate are both signature-less and any future product we develop will be the same.

 

[128BPM]

That is the reason why this software is interesting, for its technology. @cruelsister said that RansomOff was able to detect a RAT that others not.

I think that these capabilities covering more vectors, it would be very effective hunting other threats

 

[HarborFront]

That's the plan. There's little value in creating another signature based solution. RansomOff and Correlate are both signature-less and any future product we develop will be the same.

If possible, for home users,

- a paid PRO version for 2/3 yr license and a FREE version
- big differences between PRO and FREE versions in terms of protection
- PRO to totally detect, block and disinfect

and I'll buy the PRO from you.

 

[128BPM]

@HeiDef,

RansomOff blocks dropped files on-access or on-execution?

Thanks.

 

[HeiDef]

@HeiDef,

RansomOff blocks dropped files on-access or on-execution?

Thanks.

If the HIPS setting is enabled, it will block when the file is created.