- Apr 13, 2013
- 3,147
RansomOff Beta Revisited
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- May 26, 2014
- 1,339
Thanks for the video, nice test.
RansomOFF seems to be the best anti-ransomware, it has a very good behavior monitoring and a efficient rollback feature (artifact cleanup) while having a low false positive and system impact.
About Xdata, it seems to be a bug while running in Windows 7, in Windows 10 RansomOFF worked well.
See the developer response:
RansomOff 4
HeiDef is a amazing developer, kudos to him too.
RansomOFF seems to be the best anti-ransomware, it has a very good behavior monitoring and a efficient rollback feature (artifact cleanup) while having a low false positive and system impact.
About Xdata, it seems to be a bug while running in Windows 7, in Windows 10 RansomOFF worked well.
See the developer response:
RansomOff 4
HeiDef is a amazing developer, kudos to him too.
Last edited:
- Jan 27, 2017
- 139
@Nightwalker I received some feedback from a friend who was testing RansomOFF that he found it very heavy on his machine. Have you had that experience?
- May 26, 2014
- 1,339
My experience was positive, seems to be light with nice usability.
I tested in Windows 10 x64 Creators Update running along Windows Defender (Core i5 2500k + 8 gb ram).
- Apr 2, 2016
- 109
Don't know why i was hypnotised in the middle of the video!!!! 
- Mar 27, 2017
- 94
Hey @reboot. Is your friend a MT member? If so, maybe he can PM us with his findings. We'd like to hear. Thanks.
- Mar 27, 2017
- 94
Thanks @cruelsister for the video.
And thanks @Nightwalker for the complement.
As you mentioned, there is an issue with Windows 7 (maybe 8 too but haven't tested), that XData just happened to highlight. It has to do with an uninitialized value that RansomOff should of set but we missed and apparently doesn't matter within Windows 10. And for it to manifest on Windows 7 requires specific parameters to a Windows API function call. To sum it up nicely, if you ever saw the movie 'Office Space'
We'll post an update tomorrow that fixes this problem.
And thanks @Nightwalker for the complement.
As you mentioned, there is an issue with Windows 7 (maybe 8 too but haven't tested), that XData just happened to highlight. It has to do with an uninitialized value that RansomOff should of set but we missed and apparently doesn't matter within Windows 10. And for it to manifest on Windows 7 requires specific parameters to a Windows API function call. To sum it up nicely, if you ever saw the movie 'Office Space'
We'll post an update tomorrow that fixes this problem.
Hi CS
Thanks for the video
So RansomOff did not remove the Jaff C and the Xdata ransomware from the system.
How does this ransomware removal capability as compared to AppCheck Pro and Temasoft Ranstop? Any ranking for the three?
Thanks again
Thanks for the video
So RansomOff did not remove the Jaff C and the Xdata ransomware from the system.
How does this ransomware removal capability as compared to AppCheck Pro and Temasoft Ranstop? Any ranking for the three?
Thanks again
- Aug 2, 2015
- 4,286
- Apr 13, 2013
- 3,147
Harbor- For me there is no contest- RansomOff is the winner for the following reasons:
1). Although slight, RansomOff has a better base mechanistic protection routine against ransomware than the others.
2). The Startup Alerts actually work for things other than ransomware. I didn't expand on this in the video, but will in the near future.
3). Although I personally don't like anti-exe functionality, many do. The way Helig has implemented it (on-demand only, and with options for signed and unsigned) is very nice.
4). When fully implemented the Folder exclusion thingy will be of value.
5). And most important- the quality of the Developer. Even though I was a total bitch by putting out this video (and on a weekend!), you may have noticed that Helig not only gave the video a Like, but without any Double-Talk or excuses acknowledged it and I'm sure will fix it very, very shortly. This attitude is very rare and should be very valued. As a sidenote, I actually had a previous video done in which RO passed totally, but when I received the Xdata sample I felt disingenuous by putting it out- so I did this one in its place, What a pain!
Anyway, minus the above LoveFest I prefer RansomOff to the others.
1). Although slight, RansomOff has a better base mechanistic protection routine against ransomware than the others.
2). The Startup Alerts actually work for things other than ransomware. I didn't expand on this in the video, but will in the near future.
3). Although I personally don't like anti-exe functionality, many do. The way Helig has implemented it (on-demand only, and with options for signed and unsigned) is very nice.
4). When fully implemented the Folder exclusion thingy will be of value.
5). And most important- the quality of the Developer. Even though I was a total bitch by putting out this video (and on a weekend!), you may have noticed that Helig not only gave the video a Like, but without any Double-Talk or excuses acknowledged it and I'm sure will fix it very, very shortly. This attitude is very rare and should be very valued. As a sidenote, I actually had a previous video done in which RO passed totally, but when I received the Xdata sample I felt disingenuous by putting it out- so I did this one in its place, What a pain!
Anyway, minus the above LoveFest I prefer RansomOff to the others.
Thank you for the reply.
However, my concern is the capability of an anti-ransomware (like RansomOff, AppCheck Pro and Ranstop) in removing the ransomeware itself besides the block, recovery features etc.
I supposed a combo of great software like AppGuard + ReHIPS will block ransomware(and other malware) but they provide no removal capability. If a dedicated anti-ransomware(as mentioned) is use to complement them then it must have good removal capability just like an AV program, right?
Thanks
- Apr 13, 2013
- 3,147
H- I'm glad you responded as I didn't point out something you mentioned above about the Jaff C variant- Yes, the original pdf was left on the system, but this file wasn't intrinsically bad as it had to bring up Word in order to run a macro which had to download the payload which then had to run. RO totally blocked the payload, so by leaving the original pdf is really trivial.
Now to your question- AppGuard is great (just ask Umbra), and I'm not familiar with reHIPS (also ask Umbra). But with RansomOff there is really nothing left to clean up (look how it dealt with the RAA sample). Anyway I feel that if ANYTHING is leaf over and has has to be cleaned up it is kind of a fail. That's why I love CF as all the crap can be flushed without further user input, and with RansomOff it will do this stuff automatically.
Now to your question- AppGuard is great (just ask Umbra), and I'm not familiar with reHIPS (also ask Umbra). But with RansomOff there is really nothing left to clean up (look how it dealt with the RAA sample). Anyway I feel that if ANYTHING is leaf over and has has to be cleaned up it is kind of a fail. That's why I love CF as all the crap can be flushed without further user input, and with RansomOff it will do this stuff automatically.
Thank you
One question. How about your testing experience with AppCheck Pro and TemaSoft Ranstop in its ransomware removal capability as compared to RansomOff? Just comparing this feature will do.
I suppose if an anti-ransomware can block the ransomware then, rightly speaking, it should be able to remove the ransomware, right?
Thanks again
- Mar 27, 2017
- 94
We just posted version 5.2017.142.4703.
It contains a number of fixes and improvements with the main fix being the bug that caused Xdata to be successful on Win7 systems.
It contains a number of fixes and improvements with the main fix being the bug that caused Xdata to be successful on Win7 systems.
- Mar 1, 2014
- 1,708
@HeiDef Not really crucial, but I would like the word "recommended" be included beside the word "Deny", or anything that signifies the recommended default action. Allow may also have the "not recommended".
- Mar 27, 2017
- 94
@HeiDef Not really crucial, but I would like the word "recommended" be included beside the word "Deny", or anything that signifies the recommended default action. Allow may also have the "not recommended".
That makes sense. It would help those less familiar with ransomware, or security in general, do the right thing.
thumbs up
xdata was successfully blocked in 0 second on windows 7x86
xdata was successfully blocked in 0 second on windows 7x86
Was Xdata removed/deleted as well?
Thanks
- Apr 13, 2013
- 3,147
Yeah- It was blocked, then removed from the system on cleanup. I really felt like a bitch presenting Xdata in the first place as it wasn't a fail across the board. But it is fixed so all is good.
Also, there is a curious new ransomware going around Asia today (I'll be doing a WSA vs the bugger tomorrow). But just as an in-advance FYI RansomOff protects against it.
Also, there is a curious new ransomware going around Asia today (I'll be doing a WSA vs the bugger tomorrow). But just as an in-advance FYI RansomOff protects against it.
