128BPM

Level 2
If the HIPS setting is enabled, it will block when the file is created.
I was playing with the HitmanPro Alert Exploit Test Tool 64 bits.
In this tool there is a test with a blue icon called URLMon, the purpose of this test is to drop a dll file to the desktop.

When I run that test this happens:

1-The URLMon button is pressed
2-The Iexplorer 11 browser opens
3-The calculator opens
4-The dll file is downloaded to the desktop

But when the dll file is dropped to the desktop RO does not react, why can this be?

Thank you.
 
  • Like
Reactions: Sunshine-boy

HeiDef

From HeiDef
Verified
Developer
I was playing with the HitmanPro Alert Exploit Test Tool 64 bits.
In this tool there is a test with a blue icon called URLMon, the purpose of this test is to drop a dll file to the desktop.

When I run that test this happens:

1-The URLMon button is pressed
2-The Iexplorer 11 browser opens
3-The calculator opens
4-The dll file is downloaded to the desktop

But when the dll file is dropped to the desktop RO does not react, why can this be?

Thank you.
Works fine on my end. Do you have HIPS enabled along with 'Executable drop' option? If so, what settings do you have set for the drop detection? Is IE exempted?
 

Attachments

128BPM

Level 2
Works fine on my end. Do you have HIPS enabled along with 'Executable drop' option? If so, what settings do you have set for the drop detection? Is IE exempted?
Hi HeiDef,

Yes, HIPS enabled, Executable drop option enabled, IE not exempted, but there is a difference with the test that I did. I used the exploit tool for 64 bits, could that change the result?
 

HeiDef

From HeiDef
Verified
Developer
Hi HeiDef,

Yes, HIPS enabled, Executable drop option enabled, IE not exempted, but there is a difference with the test that I did. I used the exploit tool for 64 bits, could that change the result?
Bitness should have no impact on how RO works but I'm not really sure what might be the problem at the moment. We did just release an update so maybe give the new version a try and let me know.
 

128BPM

Level 2
Bitness should have no impact on how RO works but I'm not really sure what might be the problem at the moment. We did just release an update so maybe give the new version a try and let me know.
Thanks for your answer. With the new version it seems that now detection works, I don't know what would happen before. On the other hand, I wonder if RO detects code injection? And how many code injection methods are detected?
 

HeiDef

From HeiDef
Verified
Developer
Thanks for your answer. With the new version it seems that now detection works, I don't know what would happen before. On the other hand, I wonder if RO detects code injection? And how many code injection methods are detected?
Glad to hear it's working for you now. RO does detect some types of code injection but only uses that info internally to make protection decisions. There aren't any notifications for the detections except for process hollowing, which is a HIPS setting. And because ransomware generally injects into system processes, RO can help to prevent injection in the first place through the system process protection HIPS setting.
 
  • Like
Reactions: harlan4096

Windows_Security

Level 23
Verified
Trusted
Content Creator
@HeiDef

David,

I had not noticed your 'wink referral with a smile' to 'Kees mode', thanks for implementing those default settings. Works like a charm on my PC. I have emailed you a few UI/UX remarks (two minor anomalies and one similarity improvement suggestion)

1534234079200.png


Regards Kees
 
Last edited:

alakazam

Level 6
This software messed up my PC. I installed it today on my Windows 10 PC and then it required a reboot. The reboot took a very long time, it showed a black screen for almost a minute before displaying the Windows start page. I wanted to uninstall the software, but it told me that I had to turn it off first. Mission impossible. Clicking on the icon from the taskbar didn't do anything. It kept taking me a small window asking me to choose between "wait" and "ok". I tried to turn it off from the Task Manager, but the only thing it did was increase its CPU usage and make it unresponsive. It would not turn off the program. Then I restarted the PC and it would simply not log into Windows anymore. It showed a black screen every time I restarted the PC. After doing some online searching on my smartphone I found out how to make the Windows start page appear: by creating explorer.exe in the Task Manager. I uninstalled RansomOff, but the modifications it did in my system remained. Now it takes several seconds of black screen before logging into Windows every time I reboot it and just a few minutes ago clicking Alt+Ctrl+Del showed me this error: "the sign in process couldn't display security and sign in options when ctrl alt delete was pressed".

The security suite I'm using is TrustPort Total Protection, but I don't know whether it's a conflict between RansomOff and TrustPort or whether RansomOff just messed up my PC's settings.

Can someone tell me how to fix these problems, please? :emoji_disappointed:
 

dabluez98

Level 2
This software messed up my PC. I installed it today on my Windows 10 PC and then it required a reboot. The reboot took a very long time, it showed a black screen for almost a minute before displaying the Windows start page. I wanted to uninstall the software, but it told me that I had to turn it off first. Mission impossible. Clicking on the icon from the taskbar didn't do anything. It kept taking me a small window asking me to choose between "wait" and "ok". I tried to turn it off from the Task Manager, but the only thing it did was increase its CPU usage and make it unresponsive. It would not turn off the program. Then I restarted the PC and it would simply not log into Windows anymore. It showed a black screen every time I restarted the PC. After doing some online searching on my smartphone I found out how to make the Windows start page appear: by creating explorer.exe in the Task Manager. I uninstalled RansomOff, but the modifications it did in my system remained. Now it takes several seconds of black screen before logging into Windows every time I reboot it and just a few minutes ago clicking Alt+Ctrl+Del showed me this error: "the sign in process couldn't display security and sign in options when ctrl alt delete was pressed".

The security suite I'm using is TrustPort Total Protection, but I don't know whether it's a conflict between RansomOff and TrustPort or whether RansomOff just messed up my PC's settings.

Can someone tell me how to fix these problems, please? :emoji_disappointed:
Why do you keep installjng random software in the first place? I would be careful with any software even if they are from most reputable companies. Maybe do something else?? Seriously this pain is not worth it if it happens again
 

alakazam

Level 6
Why do you keep installjng random software in the first place? I would be careful with any software even if they are from most reputable companies. Maybe do something else?? Seriously this pain is not worth it if it happens again
Well, I'm looking for a good anti-ransomware. That's all. I'm not installing random software. I'm installing software that is supported by developers here on MalwareTips. I thought that this was a safe community.
 
  • Like
Reactions: harlan4096

dabluez98

Level 2
The community is safe but i assume developpersnhere except users to be cautious too. Two police you and the devleoppers
 

paulderdash

Level 4
This software messed up my PC. I installed it today on my Windows 10 PC and then it required a reboot. The reboot took a very long time, it showed a black screen for almost a minute before displaying the Windows start page. I wanted to uninstall the software, but it told me that I had to turn it off first. Mission impossible. Clicking on the icon from the taskbar didn't do anything. It kept taking me a small window asking me to choose between "wait" and "ok". I tried to turn it off from the Task Manager, but the only thing it did was increase its CPU usage and make it unresponsive. It would not turn off the program. Then I restarted the PC and it would simply not log into Windows anymore. It showed a black screen every time I restarted the PC. After doing some online searching on my smartphone I found out how to make the Windows start page appear: by creating explorer.exe in the Task Manager. I uninstalled RansomOff, but the modifications it did in my system remained. Now it takes several seconds of black screen before logging into Windows every time I reboot it and just a few minutes ago clicking Alt+Ctrl+Del showed me this error: "the sign in process couldn't display security and sign in options when ctrl alt delete was pressed".

The security suite I'm using is TrustPort Total Protection, but I don't know whether it's a conflict between RansomOff and TrustPort or whether RansomOff just messed up my PC's settings.

Can someone tell me how to fix these problems, please? :emoji_disappointed:
The dev at dheilig at heidef.com is very responsive and helpful.
 
  • Applause
Reactions: upnorth

alakazam

Level 6
His profile says that he visited the forum yesterday. He most likely read this thread. He saw the problem that his software caused to my PC. He obviously hasn't addressed it so far.
 

shmu26

Level 83
Verified
Trusted
Content Creator
I'm installing software that is supported by developers here on MalwareTips. I thought that this was a safe community.
Did someone on this community recommend to you to install Heilig software? This thread has been silent for about half a year. until you started posting . Apparently, not very many people on MT are actively involved with this software, although it used to be relatively popular to play around with, when it first came out. I gave it up because it had too many bugs and issues. As far as I know, the dev did not promise to use MT as a permanent support forum for his product.

MT is an open community that allows devs to discuss and even provide support for their software. But no one guaranteed that all software will always work well for everyone. If you want software like that, I would recommend not to use any Microsoft products, and that includes Windows. It doesn't always work well for everyone.
 
Last edited:

alakazam

Level 6
As far as I know, the dev did not promise to use MT as a permanent support forum for his product.
No, he didn't. But he did say that feedback for his software was appreciated.

there is room for improvement and will only get better thanks to feedback from people like you.
And that's what I'm doing: providing feedback for his software. Why are you so defensive, @shmu26 ? I merely expressed my disappointment in regards to his lack of reply to my feedback. I didn't say that I demand support. I didn't even PM him. If he wants to reply, fine. Otherwise, best of luck to him. I've already uninstalled RansomOff and I'll try another program.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Why are you so defensive, @shmu26 ?
I was responding to your statement, "I thought that this was a safe community," implying that you are disappointed with the level of safety of this community. I was addressing that point specifically, which is clearly indicated by the quote that I included in my post.
 
  • Applause
Reactions: ZeroDay