[Heilig Defense] RansomOff - The World's Most Advanced Anti-Ransomware Solution

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Ok, some outstanding issues here

1) MBR protection for ALL partitions instead of just the first partition of a drive. This was mentioned at the Wilders Security Forums by the devleoper. See post #11
RansomOff 4

2) Files restoration
3) Warning message when user click 'Allow'

Right?
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
Ok, some outstanding issues here

1) MBR protection for ALL partitions instead of just the first partition of a drive. This was mentioned at the Wilders Security Forums by the devleoper. See post #11
RansomOff 4

2) Files restoration
3) Warning message when user click 'Allow'

Right?

1) Correct. MBR protection right now is per drive not per partition so multi partition drives are not fully covered.
2) There is file restoration but let me explain a bit how it works. It is not system wide. Every change to every file from every process is not restorable. Instead RansomOff, through its detection heuristics, decides if a file should be saved before a change is made. Right now, only processes that have thrown an alert (i.e. ransomware) will have any files that were modified restored. If a process did not cause an alert and closes, the cache of files associated with that process are purged. The default setting is to do the restoration automatically however it can be changed to manual. That is why, when you goto the Restore form in the UI, you likely won't see any processes or files listed. That's because a) no ransomware was detected, b) no files were actually modified by the ransomware, or c) the files have already been restored and cleared from the cache. You can see a record of the cleanup and restoration in the Alerts (must click 'View All Sessions' checkbox to view cleanup messages). So file restoration is there but done differently than other solutions in order to allow RansomOff to be as efficient as possible without using a lot of system resources.
3) Latest build from today (5.2017.99.6252) adds confirmation message.
 

Jogos

Level 2
Verified
Apr 9, 2017
62
Sadly version 5.2017.98.6378.64 not working for me. I have Windows 10 x64, in now im downloading latest version, maybe be works.

LoL, I unistall Cyberreason ransomfree first with Total Uninstall, next I install RansomOff (not working, can't reinstall and can't remove folder from Program Files Directory. My IDM not working, Total Uninstall also, System Freezing, High CPU Usage, lot of WerFault.exe processes. I think about use System Refreshing option, because im very frustrating. I don't know who of these applications make sh%it from my system
 
Last edited:

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
Sadly version 5.2017.98.6378.64 not working for me. I have Windows 10 x64, in now im downloading latest version, maybe be works.

LoL, I unistall Cyberreason ransomfree first with Total Uninstall, next I install RansomOff (not working, can't reinstall and can't remove folder from Program Files Directory. My IDM not working, Total Uninstall also, System Freezing, High CPU Usage, lot of WerFault.exe processes. I think about use System Refreshing option, because im very frustrating. I don't know who of these applications make sh%it from my system

Hi Jogos,

We sent you a PM to get some more information. We need to understand a little bit better of what "not working" means. However, if we had to initially guess, it's likely an existing piece of security software does not like RansomOff. Try disabling your other security software and see if that fixes the problem. If so, please let us know if that worked and what you disable so we can try to replicate the issue. Thanks.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
@HeiDef

Just need some confirmation

1) Wrt post #102 above is MBR protection now extended to multi partition drives?
2) How about protection for GPT and VBR drives?

Can't find any mention in your changelogs

Heilig Defense RansomOff

3) Nowadays, many security software have self-protection feature and I have encountered software with self-protection feature enabled which prevented my SSD from re-formatting. That's because I forgot to disable it. Will forgetting to disable the self-protection feature in RansomOff prevents my SSD from reformatting? If yes, is it possible on your side to auto-disable the self-protection feature when it detects that the program is to be uninstalled?
4) Has the ability to auto-disable all real-time protection modules upon detection of uninstallation of the program would be great.

I think the features need to be more detailed on your website

Heilig Defense RansomOff
 
Last edited:

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
@HeiDef New Gui RC

Issue? After adding a password, I can't remove it anymore

Change? Could not find the 'exclude folders' option anymore for backup/restore

User interface: The 'return to main/exit from detailled setting' seems awkard/inconsistent

Thanks Kees. We'll take a look at the password issue. The 'exclude folders' options for back ups is on the exemptions window with the rest of the exclusion settings. Can you explain the 'return to main' piece a bit more? Not exactly sure what you mean there.
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
@HeiDef

Just need some confirmation

1) Wrt post #102 above is MBR protection now extended to multi partition drives?
2) How about protection for GPT and VBR drives?

Can't find any mention in your changelogs

Heilig Defense RansomOff

3) Nowadays, many security software have self-protection feature and I have encountered software with self-protection feature enabled which prevented my SSD from re-formatting. That's because I forgot to disable it. Will forgetting to disable the self-protection feature in RansomOff prevents my SSD from reformatting? If yes, is it possible on your side to auto-disable the self-protection feature when it detects that the program is to be uninstalled?
4) Has the ability to auto-disable all real-time protection modules upon detection of uninstallation of the program would be great.

I think the features need to be more detailed on your website

Heilig Defense RansomOff

Hey @HarborFront

1) No. Still only 1 per physical drive.
2) All drives have an MBR or MBR-like area for backwards compatibility. RO protects the area the same regardless of what is there. It does not protect the actual GPT though.
3) Self-protection and reformatting seem to be very independent things. And not sure about your SSD issue.
4) What program? RO or just some other random application? If you are referring to some other application then if RO could do that what would stop a ransomware author from mimicking an uninstall in order to get RO to auto-drop its protections? It's not something that's really possible to do reliably and without introducing risk.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Hey @HarborFront

1) No. Still only 1 per physical drive.
2) All drives have an MBR or MBR-like area for backwards compatibility. RO protects the area the same regardless of what is there. It does not protect the actual GPT though.
3) Self-protection and reformatting seem to be very independent things. And not sure about your SSD issue.
4) What program? RO or just some other random application? If you are referring to some other application then if RO could do that what would stop a ransomware author from mimicking an uninstall in order to get RO to auto-drop its protections? It's not something that's really possible to do reliably and without introducing risk.
Hi

For 4) I'm referring to RO. Thanks again
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Thanks Kees. We'll take a look at the password issue. The 'exclude folders' options for back ups is on the exemptions window with the rest of the exclusion settings. Can you explain the 'return to main' piece a bit more? Not exactly sure what you mean there.
Thanks found the exclusions (y)

The SAVE icon is really small. I thought that in other screens other mechanisms were used (like Save and Cancel button)

upload_2017-11-14_18-32-15.png



When opening a PDF I get this error in the debug log
[1114/213322.019:ERROR:registration_protocol_win.cc(84)] TransactNamedPipe: The pipe has been ended. (0x6D)
 
Last edited:

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
Hi @HeiDef,

I wondered if RansomOff + OSArmor would be overkill?

Thanks.

Really depends on your habits. RansomOff is very strong against ransomware with minimal configuration. It also has other features that can protect against a number of different attack vectors. I have not used OSA but from what I've read it seems to be a very strong policy-like enforcement tool that can really lock down areas of your system that can be abused. They should play nicely together and really complement each other because the mechanisms of detection and enforcement are different. So if you are using torrents, click random email link and love Flash, it's probably not overkill but if you are cautious and think about your cyber actions it might be. It's not a straight forward answer and even though I'd like you to use RansomOff it's really user dependent.
 

128BPM

Level 2
Verified
Feb 21, 2018
90
Really depends on your habits. RansomOff is very strong against ransomware with minimal configuration. It also has other features that can protect against a number of different attack vectors. I have not used OSA but from what I've read it seems to be a very strong policy-like enforcement tool that can really lock down areas of your system that can be abused. They should play nicely together and really complement each other because the mechanisms of detection and enforcement are different. So if you are using torrents, click random email link and love Flash, it's probably not overkill but if you are cautious and think about your cyber actions it might be. It's not a straight forward answer and even though I'd like you to use RansomOff it's really user dependent.

@HeiDef

Thank you for your answer. I think your software is very interesting, is there any plan to expand detection capabilities for other types of malware? I mean transform RansomOff in a more complete solution.

Or perhaps a Correlate version for home users?

Regards.
 
  • Like
Reactions: AtlBo

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
@HeiDef

Thank you for your answer. I think your software is very interesting, is there any plan to expand detection capabilities for other types of malware? I mean transform RansomOff in a more complete solution.

Or perhaps a Correlate version for home users?

Regards.

Thanks.

It's still in the early stages but we have begun to look at releasing a broader anti-malware solution not necessarily tied to RansomOff. As you mentioned Correlate, which is where RansomOff came from, has a wide range of capabilities some of which would be useful in a standalone home version. Most of Correlate is geared towards enterprise environments so a straight "Correlate Home" isn't in the cards but we should be able to adapt pieces of it into a home endpoint solution.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Thanks.

It's still in the early stages but we have begun to look at releasing a broader anti-malware solution not necessarily tied to RansomOff. As you mentioned Correlate, which is where RansomOff came from, has a wide range of capabilities some of which would be useful in a standalone home version. Most of Correlate is geared towards enterprise environments so a straight "Correlate Home" isn't in the cards but we should be able to adapt pieces of it into a home endpoint solution.
It would be great if you can have a signature-less anti-malware which can provide real-time protection when online and offline like Cylance PROTECT
 

HeiDef

From HeiDef
Verified
Developer
Mar 27, 2017
94
It would be great if you can have a signature-less anti-malware which can provide real-time protection when online and offline like Cylance PROTECT

That's the plan. There's little value in creating another signature based solution. RansomOff and Correlate are both signature-less and any future product we develop will be the same.
 

128BPM

Level 2
Verified
Feb 21, 2018
90
That is the reason why this software is interesting, for its technology. @cruelsister said that RansomOff was able to detect a RAT that others not.

I think that these capabilities covering more vectors, it would be very effective hunting other threats(y)
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
That's the plan. There's little value in creating another signature based solution. RansomOff and Correlate are both signature-less and any future product we develop will be the same.
If possible, for home users,

- a paid PRO version for 2/3 yr license and a FREE version
- big differences between PRO and FREE versions in terms of protection
- PRO to totally detect, block and disinfect

and I'll buy the PRO from you.

:)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top