- Jun 9, 2013
- 6,720
The one thing that i know of that protects against all these Ransomeware's and your MBR is a free product. Macrium Reflect, always stay safe with a good backup solution. 
New antiransomware product: RansomFree
- Thread starter shmu26
- Start date
- May 14, 2016
- 1,597
This tools can"t be installed on my current PC : two many protection lol ! => instalation fails
Last edited:
It's INSANE Windows let's you run run something like Petya Red with one UAC affirmation.
- Jul 3, 2015
- 8,153
looks like it only protects your C drive.
see post #7: RansomFree by Cybereason
see post #7: RansomFree by Cybereason
- Mar 15, 2011
- 13,070
If the behavior analysis of RansomFree remains stagnant thus MBAR has an edge for this.
However once the scenario change, for sure RansomFree is a good alternative due to Behavior Analysis.
Relying on Behavior Analysis will take a lot of time for perfection cause everything may based from scratch production.
How about using Ransomfree + MBRFilter
If anyone can perform a review for this combo, I will be highly appreciated
If anyone can perform a review for this combo, I will be highly appreciated
- Jul 3, 2015
- 8,153
MBRFilter, if it works, should solve the issue of petya protection.How about using Ransomfree + MBRFilter
If anyone can perform a review for this combo, I will be highly appreciated
But there are still 2 other major holes in ransomfree protection:
1 while it is protecting the C drive, other drives can get encrypted
2 it will only protect against malware that searches out and encrypts files in logical order. But if the malware is smart, and it can identify high-value data in order to target it first, then your data is toast.
- Sep 22, 2014
- 1,767
What is that?How about using Ransomfree + MBRFilter
If anyone can perform a review for this combo, I will be highly appreciated
MBR protection?
Yes. Therefore, Petya will be blocked as it targets the MBR.
- Jul 3, 2015
- 8,153
It installs a driver, but doesn't give you control over it.
If you try to perform any operation that affects MBR, it will probably get blocked, and if you are lucky enough to remember that you have this driver, you will have to go and uninstall it.
- May 14, 2016
- 1,597
CybereasonRansomFree
=> Tried to install it (under protected environment) => refused => stopped the "test"
=> Tried to install it (under protected environment) => refused => stopped the "test"
- Aug 4, 2016
- 1,465
Yikes ! - Came home tonight had a look in my C:\ & there are many, many folders around 2.5 GIG, uninstalled it for now by imaging back a day. Will try the program again at a later date.
It probably registers a callback to restrict write access to the MBR via FltRegisterFilter - maybe I will analyse and check next week.
- Sep 22, 2014
- 1,767
Just tested with Cerber.
Created 2nd partition and add same folder and files inside like the one on the desktop.
Files are:
UPDATE:
CTB-Locker same results:
Created 2nd partition and add same folder and files inside like the one on the desktop.
Files are:
- jpg
- png
- excel
- word
- txt
UPDATE:
CTB-Locker same results:
Last edited:
The service calls home occasionally - this since the install yesterday:
So other drives not protected. This software is good for me since I have only one C: in my MS SP4 and, best of all, it works on behavioral and proprietary techniques without malware signatures! Another tool for my sig-less arsenal.Just tested with Cerber.
Created 2nd partition and add same folder and files inside like the one on the desktop.
Files are:
Files on Z: drive are encrypted
- jpg
- png
- excel
- word
- txt
View attachment 127767
UPDATE:
CTB-Locker same results:
View attachment 127801
Thanks
Last edited:
- Sep 22, 2014
- 1,767
What if we copy this random files (Honeypot) to others drive we want to protect (D:, E:, Z:,...), should this program work fine then???
- Dec 19, 2016
- 42
I am not too mean here, but, any security software without matured proactive defense feature risks being breached by zero-day or even recent threats, I will watch the development of it for a year and see how it goes.
Similar threads
