Der.Reisende

Level 42
Verified
Trusted
Content Creator
Malware Hunter
At least K7‘s „Data Locker“ feature should have protected user folders (like Pictures, Documents).
v16.x does have specific ransomware protection, it‘s highlighted as new feature over v15.

Anyway, i try grabbing some recent Nemty samples tomorrow, i have K7 TS v16.0.0123 installed, to see how K7 fares.
Their ransomware protection is indeed a big let down, 50% of the samples i tested against it were not recognized by BB / Anti-RW Standalone protection, files outside Data Locker protected locations are doomed.
 

Der.Reisende

Level 42
Verified
Trusted
Content Creator
Malware Hunter
VT: VirusTotal
AnyRun: cd8129dd-d898-40c7-8b3f-b9acd7964e12 (MD5: 9F39C185C3CB3EA935D829D5280633EB) - Interactive analysis - ANY.RUN

K7 TS custom settings:
Containment: Shadow Defender v1.4.0.680
Guest/OS: Win10 Home v1909 (Build 18363.535)
Product: K7 Total Security v16.0.0123
VPN: OkayFreedom v1.8.7.12547
eMail:
Enable Worm Blocking, Scan outgoing eMails
Scanner:
also Scan Memory, Tracking Cookies, Unwanted Registry Entries, Unwanted Files
System Monitor:
High Level of Protection
Always Prompt if a new Software is installed when changes are found
Do not automatically allow signed files / recognized by the System Monitor
Firewall:
Display critical alerts
Ask for outbound connections of non-whitelisted apps
Intrusion Rules: Activate also SMB Exploit Detection 1, HTTP Server Exploit Detection 1 and FTP Server Exploit Detection 1
#Nemty v2.3 results: Firewall alert (blocked), intercepted almost instantly by BB, no files encrypted.
(Tested with RealTime Scanning disabled, to prevent signature detection.)
update.PNGupdate2.PNGRT_off.PNGrun1.PNGrun1_1.PNGPE.PNGTCP_PE.PNGautorun.PNGfiles.PNGfiles2.PNG