App Review RansomOff - First Look at New User Interface

[HeiDef]

5.2017.306.5218 RC1 is now available for download. The updated UI and the HIPS are the major updates but we also did get the Windows 10 drivers co-signed by Microsoft which will take care of that pesky little secure boot issue. For all those that appreciate RansomOff, enjoy!

 

[shmu26]

5.2017.306.5218 RC1 is now available for download. The updated UI and the HIPS are the major updates but we also did get the Windows 10 drivers co-signed by Microsoft which will take care of that pesky little secure boot issue. For all those that appreciate RansomOff, enjoy!

Very cool. Thanks, dev!

 

[cimmay]

Good Grief ! Release candidate Nov 2 needs work. Took 3 attempts to install and 6 attempts to uninstall. The installler does not work right on 4k display at 150%. After a clean installation of Ransomoff the program GUI is nowhere to be found, but the exe and driver is loaded on Windows 7-64. I will look for something else.

 

[Captain Awesome]

Is it compatible with windows fall creators update?(Windows 10 Version 1709)@HeiDef

 

[GonzitoVir]

I don't care about GUI,I only care about stability and protection from new and advance Ransomwares.

Yeah I agree with you. At first I thought it was a joke that some guys were complaining about the GUI??? but then I realized they were serious about it...

 

[shmu26]

Is it compatible with windows fall creators update?(Windows 10 Version 1709)@HeiDef

I successfully installed it on win10 x64 fall creators.
I enabled pretty much all of the protections. It blocked Chrome from loading web pages, I don't know which module was the culprit.

 

[Captain Awesome]

I enabled pretty much all of the protections. It blocked Chrome from loading web pages, I don't know which module was the culprit.

You can disable all module and re enable one by one to see which was the culprit?

 

[shmu26]

You can disable all module and re enable one by one to see which was the culprit?

Right. That is what a good beta tester should do. But I was just casually trying it out.

 

[HeiDef]

Good Grief ! Release candidate Nov 2 needs work. Took 3 attempts to install and 6 attempts to uninstall. The installler does not work right on 4k display at 150%. After a clean installation of Ransomoff the program GUI is nowhere to be found, but the exe and driver is loaded on Windows 7-64. I will look for something else.

Did the install/uninstall display any errors? What was the issue that made you need to retry again and again. Other than the look, unusual display setting shouldn't have any impact on the actual process of installing and uninstalling software. So if you could please define "does not work right" a little better it will help us fix the issue.

Are you also saying that no icon loaded into the system tray after reboot? The UI doesn't just display itself. You have to click icon but if no icon loaded then that's a problem. Did you check to make sure your other security software didn't block the loading?

 

[cimmay]

Did the install/uninstall display any errors? What was the issue that made you need to retry again and again. Other than the look, unusual display setting shouldn't have any impact on the actual process of installing and uninstalling software. So if you could please define "does not work right" a little better it will help us fix the issue.

Are you also saying that no icon loaded into the system tray after reboot? The UI doesn't just display itself. You have to click icon but if no icon loaded then that's a problem. Did you check to make sure your other security software didn't block the loading?

The 4k screen is enlarged 150% to make everything bigger. The installer window did not show full list of actions at bottom, so when it was done I did not know what to do next, there were no message popups. I reduced monitor to 100% and installed again and could see all messages. But before that I had to uninstall it in safemode and seen the driver sys was loaded. Anyway when installed correctly and rebooted there was no icon, no folder in start menu, nothing in tray, but task manager said the exe was running. I set AppGuard to "allow installs" and had eset nod32 in protected mode when installing. In previous attempts it was unprotected. I could look in program files for an exe gui to launch but did not do that. I would only suggest making the installer window large and at least a popup when finished. At 150% all main text of the installer was big and crunched together, no space left. I used "simple mode" option.

 

[shmu26]

I installed it again, in simple mode.
Seems to be working pretty well.
I wish the blocked list was easier to find, it is hidden pretty deep in the settings. If you need to unblock something, it can be a bit frustrating to discover where it is.

 

[shmu26]

@HeiDef, I see that process hollowing protection is turned off by default.
What are the potential issues with enabling it?

 

[cimmay]

Are you also saying that no icon loaded into the system tray after reboot? The UI doesn't just display itself. You have to click icon but if no icon loaded then that's a problem. Did you check to make sure your other security software didn't block the loading?

I did run utility from tweakings.com and the Windows 7 desktop has these options in System Properties: "performance", "visual effects", "Custom:" 1. Smooth edges of screen fonts. 2. Use drop shadows for icon labels on the desktop. 3. Use visual styles on windows and buttons. Everything else is disabled.

 

[HeiDef]

I did run utility from tweakings.com and the Windows 7 desktop has these options in System Properties: "performance", "visual effects", "Custom:" 1. Smooth edges of screen fonts. 2. Use drop shadows for icon labels on the desktop. 3. Use visual styles on windows and buttons. Everything else is disabled.

Thanks for the info. We'll take a look to see how to fix your problems. Might just give us a reason to go buy a 4k display

 

[HeiDef]

@HeiDef, I see that process hollowing protection is turned off by default.
What are the potential issues with enabling it?

The process hollowing detection, like the top most detection, can be sensitive. So while it may cause a few FPs, there is no issue with having it on.

As for your Chrome problem you mentioned above, do you have "Office/PDF Security Bubble" enabled? Chrome registers itself as a PDF reader so RO may be silently killing any apps or plugins started by Chrome which would probably cause the behavior you saw. Just disable Chrome from the list of apps and everything should work fine.

 

[shmu26]

The process hollowing detection, like the top most detection, can be sensitive. So while it may cause a few FPs, there is no issue with having it on.

As for your Chrome problem you mentioned above, do you have "Office/PDF Security Bubble" enabled? Chrome registers itself as a PDF reader so RO may be silently killing any apps or plugins started by Chrome which would probably cause the behavior you saw. Just disable Chrome from the list of apps and everything should work fine.

Thanks. No, the Chrome issue was not because of Office/PDF Security Bubble, apparently, because I enabled that protection, without problem.

Generally speaking, RO sometimes blocks the launching of apps such as dropbox desktop and chrome. Can also interfere with system shutdown and with installation of new programs. This behavior is intermittent.

 

[cimmay]

Regarding the installation of RansomOff (Nov 2) on win7-64. It was installed clean several times but no icon in tray. HDROAgent.exe was launched manually, the icon appeared in the main tray list and when it was clicked or right clicked for menu the popup said "THERE WAS AN ERROR OPENING THE DATABASE." I also got that popup just waiting a few seconds and not clicking. Then depending on how many windows were open the system became so unresponsive it needed a reset.

I also tried this routine with security apps disabled. On a side note I seen the demo video at site and would like to see the "ALLOW" button removed, or a password required to use it when malware is launched.

 

[Node]

This is really interesting! It appears to offer more protection vectors over other products (and for free!) - I'm looking forward to trying this out. I do agree with other that the UI (user interface) could be updated just a bit.

 

[HeiDef]

Regarding the installation of RansomOff (Nov 2) on win7-64. It was installed clean several times but no icon in tray. HDROAgent.exe was launched manually, the icon appeared in the main tray list and when it was clicked or right clicked for menu the popup said "THERE WAS AN ERROR OPENING THE DATABASE." I also got that popup just waiting a few seconds and not clicking. Then depending on how many windows were open the system became so unresponsive it needed a reset.

I also tried this routine with security apps disabled. On a side note I seen the demo video at site and would like to see the "ALLOW" button removed, or a password required to use it when malware is launched.

The agent is not designed to be run manually. That's why you'll notice there is no icon on the desktop or start menu and why you get the database error when trying to run it. However, you should not be getting that error when it loads at start up unless there is a permissions error where RO is being blocked from accessing its databases. What security apps do you have installed?

'Allow' is not going to be removed because FPs happen but you are already able to set a password. This is all explained in the docs (RansomOff Documentation)

 

[HeiDef]

Thanks. No, the Chrome issue was not because of Office/PDF Security Bubble, apparently, because I enabled that protection, without problem.

Generally speaking, RO sometimes blocks the launching of apps such as dropbox desktop and chrome. Can also interfere with system shutdown and with installation of new programs. This behavior is intermittent.

What do the alerts say about the blocking of dropbox or chrome? There are a few different reasons why RO will block an app and the alert will list the reason.

Installations are tricky to deal with but we'll see if there's something we can improve. Do you have a particular installation that you had trouble with?

And what kind of interference with shutdown?