[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

1

128BPM

Level 2
Verified
Feb 21, 2018
90
HeiDef said:
If the HIPS setting is enabled, it will block when the file is created.
Click to expand...

I was playing with the HitmanPro Alert Exploit Test Tool 64 bits.
In this tool there is a test with a blue icon called URLMon, the purpose of this test is to drop a dll file to the desktop.

When I run that test this happens:

1-The URLMon button is pressed
2-The Iexplorer 11 browser opens
3-The calculator opens
4-The dll file is downloaded to the desktop

But when the dll file is dropped to the desktop RO does not react, why can this be?

Thank you.
 
  • Like
Reactions: Sunshine-boy
HeiDef

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
128BPM said:
I was playing with the HitmanPro Alert Exploit Test Tool 64 bits.
In this tool there is a test with a blue icon called URLMon, the purpose of this test is to drop a dll file to the desktop.

When I run that test this happens:

1-The URLMon button is pressed
2-The Iexplorer 11 browser opens
3-The calculator opens
4-The dll file is downloaded to the desktop

But when the dll file is dropped to the desktop RO does not react, why can this be?

Thank you.
Click to expand...

Works fine on my end. Do you have HIPS enabled along with 'Executable drop' option? If so, what settings do you have set for the drop detection? Is IE exempted?
 

Attachments

  • hmpro.png
    hmpro.png
    139.5 KB · Views: 567
  • Like
Reactions: XhenEd and harlan4096
1

128BPM

Level 2
Verified
Feb 21, 2018
90
HeiDef said:
Works fine on my end. Do you have HIPS enabled along with 'Executable drop' option? If so, what settings do you have set for the drop detection? Is IE exempted?
Click to expand...

Hi HeiDef,

Yes, HIPS enabled, Executable drop option enabled, IE not exempted, but there is a difference with the test that I did. I used the exploit tool for 64 bits, could that change the result?
 
HeiDef

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
128BPM said:
Hi HeiDef,

Yes, HIPS enabled, Executable drop option enabled, IE not exempted, but there is a difference with the test that I did. I used the exploit tool for 64 bits, could that change the result?
Click to expand...

Bitness should have no impact on how RO works but I'm not really sure what might be the problem at the moment. We did just release an update so maybe give the new version a try and let me know.
 
  • Like
Reactions: ZeroDay, harlan4096 and XhenEd
1

128BPM

Level 2
Verified
Feb 21, 2018
90
HeiDef said:
Bitness should have no impact on how RO works but I'm not really sure what might be the problem at the moment. We did just release an update so maybe give the new version a try and let me know.
Click to expand...

Thanks for your answer. With the new version it seems that now detection works, I don't know what would happen before. On the other hand, I wonder if RO detects code injection? And how many code injection methods are detected?
 
HeiDef

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
128BPM said:
Thanks for your answer. With the new version it seems that now detection works, I don't know what would happen before. On the other hand, I wonder if RO detects code injection? And how many code injection methods are detected?
Click to expand...

Glad to hear it's working for you now. RO does detect some types of code injection but only uses that info internally to make protection decisions. There aren't any notifications for the detections except for process hollowing, which is a HIPS setting. And because ransomware generally injects into system processes, RO can help to prevent injection in the first place through the system process protection HIPS setting.
 
  • Like
Reactions: harlan4096
Windows_Security

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@HeiDef

David,

I had not noticed your 'wink referral with a smile' to 'Kees mode', thanks for implementing those default settings. Works like a charm on my PC. I have emailed you a few UI/UX remarks (two minor anomalies and one similarity improvement suggestion)

1534234079200.png


Regards Kees
 
Last edited:
  • Like
Reactions: HeiDef, harlan4096 and Andrew999
alakazam

alakazam

Level 9
Verified
Mar 25, 2014
398
This software messed up my PC. I installed it today on my Windows 10 PC and then it required a reboot. The reboot took a very long time, it showed a black screen for almost a minute before displaying the Windows start page. I wanted to uninstall the software, but it told me that I had to turn it off first. Mission impossible. Clicking on the icon from the taskbar didn't do anything. It kept taking me a small window asking me to choose between "wait" and "ok". I tried to turn it off from the Task Manager, but the only thing it did was increase its CPU usage and make it unresponsive. It would not turn off the program. Then I restarted the PC and it would simply not log into Windows anymore. It showed a black screen every time I restarted the PC. After doing some online searching on my smartphone I found out how to make the Windows start page appear: by creating explorer.exe in the Task Manager. I uninstalled RansomOff, but the modifications it did in my system remained. Now it takes several seconds of black screen before logging into Windows every time I reboot it and just a few minutes ago clicking Alt+Ctrl+Del showed me this error: "the sign in process couldn't display security and sign in options when ctrl alt delete was pressed".

The security suite I'm using is TrustPort Total Protection, but I don't know whether it's a conflict between RansomOff and TrustPort or whether RansomOff just messed up my PC's settings.

Can someone tell me how to fix these problems, please? :emoji_disappointed:
 
D

dabluez98

Level 3
Verified
Oct 2, 2018
138
alakazam said:
This software messed up my PC. I installed it today on my Windows 10 PC and then it required a reboot. The reboot took a very long time, it showed a black screen for almost a minute before displaying the Windows start page. I wanted to uninstall the software, but it told me that I had to turn it off first. Mission impossible. Clicking on the icon from the taskbar didn't do anything. It kept taking me a small window asking me to choose between "wait" and "ok". I tried to turn it off from the Task Manager, but the only thing it did was increase its CPU usage and make it unresponsive. It would not turn off the program. Then I restarted the PC and it would simply not log into Windows anymore. It showed a black screen every time I restarted the PC. After doing some online searching on my smartphone I found out how to make the Windows start page appear: by creating explorer.exe in the Task Manager. I uninstalled RansomOff, but the modifications it did in my system remained. Now it takes several seconds of black screen before logging into Windows every time I reboot it and just a few minutes ago clicking Alt+Ctrl+Del showed me this error: "the sign in process couldn't display security and sign in options when ctrl alt delete was pressed".

The security suite I'm using is TrustPort Total Protection, but I don't know whether it's a conflict between RansomOff and TrustPort or whether RansomOff just messed up my PC's settings.

Can someone tell me how to fix these problems, please? :emoji_disappointed:
Click to expand...
Why do you keep installjng random software in the first place? I would be careful with any software even if they are from most reputable companies. Maybe do something else?? Seriously this pain is not worth it if it happens again
 
alakazam

alakazam

Level 9
Verified
Mar 25, 2014
398
dabluez98 said:
Why do you keep installjng random software in the first place? I would be careful with any software even if they are from most reputable companies. Maybe do something else?? Seriously this pain is not worth it if it happens again
Click to expand...
Well, I'm looking for a good anti-ransomware. That's all. I'm not installing random software. I'm installing software that is supported by developers here on MalwareTips. I thought that this was a safe community.
 
  • Like
Reactions: harlan4096
D

dabluez98

Level 3
Verified
Oct 2, 2018
138
The community is safe but i assume developpersnhere except users to be cautious too. Two police you and the devleoppers
 
paulderdash

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
alakazam said:
This software messed up my PC. I installed it today on my Windows 10 PC and then it required a reboot. The reboot took a very long time, it showed a black screen for almost a minute before displaying the Windows start page. I wanted to uninstall the software, but it told me that I had to turn it off first. Mission impossible. Clicking on the icon from the taskbar didn't do anything. It kept taking me a small window asking me to choose between "wait" and "ok". I tried to turn it off from the Task Manager, but the only thing it did was increase its CPU usage and make it unresponsive. It would not turn off the program. Then I restarted the PC and it would simply not log into Windows anymore. It showed a black screen every time I restarted the PC. After doing some online searching on my smartphone I found out how to make the Windows start page appear: by creating explorer.exe in the Task Manager. I uninstalled RansomOff, but the modifications it did in my system remained. Now it takes several seconds of black screen before logging into Windows every time I reboot it and just a few minutes ago clicking Alt+Ctrl+Del showed me this error: "the sign in process couldn't display security and sign in options when ctrl alt delete was pressed".

The security suite I'm using is TrustPort Total Protection, but I don't know whether it's a conflict between RansomOff and TrustPort or whether RansomOff just messed up my PC's settings.

Can someone tell me how to fix these problems, please? :emoji_disappointed:
Click to expand...
The dev at dheilig at heidef.com is very responsive and helpful.
 
  • Applause
Reactions: upnorth
alakazam

alakazam

Level 9
Verified
Mar 25, 2014
398
His profile says that he visited the forum yesterday. He most likely read this thread. He saw the problem that his software caused to my PC. He obviously hasn't addressed it so far.
 
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
alakazam said:
I'm installing software that is supported by developers here on MalwareTips. I thought that this was a safe community.
Click to expand...
Did someone on this community recommend to you to install Heilig software? This thread has been silent for about half a year. until you started posting . Apparently, not very many people on MT are actively involved with this software, although it used to be relatively popular to play around with, when it first came out. I gave it up because it had too many bugs and issues. As far as I know, the dev did not promise to use MT as a permanent support forum for his product.

MT is an open community that allows devs to discuss and even provide support for their software. But no one guaranteed that all software will always work well for everyone. If you want software like that, I would recommend not to use any Microsoft products, and that includes Windows. It doesn't always work well for everyone.
 
Last edited:
  • Like
Reactions: ZeroDay and Moonhorse
alakazam

alakazam

Level 9
Verified
Mar 25, 2014
398
shmu26 said:
As far as I know, the dev did not promise to use MT as a permanent support forum for his product.
Click to expand...
No, he didn't. But he did say that feedback for his software was appreciated.

HeiDef said:
there is room for improvement and will only get better thanks to feedback from people like you.
Click to expand...

And that's what I'm doing: providing feedback for his software. Why are you so defensive, @shmu26 ? I merely expressed my disappointment in regards to his lack of reply to my feedback. I didn't say that I demand support. I didn't even PM him. If he wants to reply, fine. Otherwise, best of luck to him. I've already uninstalled RansomOff and I'll try another program.
 
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
alakazam said:
Why are you so defensive, @shmu26 ?
Click to expand...
I was responding to your statement, "I thought that this was a safe community," implying that you are disappointed with the level of safety of this community. I was addressing that point specifically, which is clearly indicated by the quote that I included in my post.
 
  • Applause
Reactions: ZeroDay

Similar threads

Trident
    • Like
    • +Reputation
    • Thanks
New Update Announcing ZoneAlarm Anti-Ransomware for Mac (BETA)
Replies
6
Views
933
Other security for Windows, Mac, Linux
Trident
Trident
Brownie2019
  • Locked
On Sale! ZoneAlarm Extreme Security NextGen/ 5Dev./1yr/ €41.95
Replies
2
Views
451
Discounts and Deals
penta_gramm
P
Brownie2019
    • +Reputation
On Sale! ZoneAlarm Extreme Security NextGen 5Dev./1yr/€26.95
Replies
3
Views
549
Discounts and Deals
cartaphilus
cartaphilus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top