What's the Best Antivirus against Ransomware?

[jamescv7]

@Malfhas: Deepguard of F-secure is also active in the sense where the accurate information retrieve through Cloud to sustain the verdict as suspicious.

But can also perform well even in offline, however when it comes to ransomware which Deepguard should block the execution immediately to avoid any payloads to drop it.

 

[bitbizket]

@mamamia

Best protection against the vast majority of infections - from adware to Zbot - is AppGuard in Lock-Down Mode.

I have tested it extensively - both against malwares and web exploits - and it has never failed.

Until proven otherwise, it is the only security soft that I feel confident will protect the system and user data.

Virtualization protects the system too, but it will allow the exfiltration of personal data whereas AppGuard will prevent this except for data stolen via the browser\webpages.

I'm thinking of getting AG, will there be any conflict with SsFW, Sandboxie, MBAE or RollbackRX.
Have not use AG for a long time as i remember back then i had some complication while using it together with OA, Sandboxie and RollbackRX but able to find away to make them work together.

 

[hjlbx]

I'm thinking of getting AG, will there be any conflict with SsFW, Sandboxie, MBAE or RollbackRX.
Have not use AG for a long time as i remember back then i had some complication while using it together with OA, Sandboxie and RollbackRX but able to find away to make them work together.

Should be no problem. Have to make SBIE read\write exception folder. Can add to User Space if you desire. If you want to run Explorer.exe in SBIE, then will have to exclude certain directories from User Space. You will figure it out...

I have used AG with SBIE, SpSFW, RRX, and others without any major complications.

AG is essentially the same as few years ago - not much change to it.

 

[bitbizket]

Should be no problem. Have to make SBIE read\write exception folder. Can add to User Space if you desire. If you want to run Explorer.exe in SBIE, then will have to exclude certain directories from User Space. You will figure it out...

I have used AG with SBIE, SpSFW, RRX, and others without any major complications.

AG is essentially the same as few years ago - not much change to it.

Yes you are right regarding Sandboxie..

RollbackRX modifies the MBR on install so AppGuard would prevent it if it was already installed.
As i've already got Rollback installed first it should be OK i guess.
AG still provde a 30 days trial like it use to right?

Thanks

 

[hjlbx]

Yes you are right regarding Sandboxie..

RollbackRX modifies the MBR on install so AppGuard would prevent it if it was already installed.
As i've already got Rollback installed first it should be OK i guess.
AG still provde a 30 days trial like it use to right?

Thanks

Yes. It is 30 day trial. Now AG is annual subscription only.

 

[harlan4096]

Well anyone that keep his important files on only one drive will lost them, its only a matter of time when.
not only ransom but hard drive failure as well.

What about redundant bakups in different external hard disks?

 

[generalwu]

Sorry to hijack the thread, but if you have a layered security software configuration do you still need specialise anti-crypto software to help you (CryptoPrevent/WinAntiRansom)? Or anti-crypto can form a layer itself?

Many thanks.

 

[Sandboxie Help]

If you just want to know what malware is in your "sandbox" any AV will really do. We've used just Windows Defender to see what's there.. If SBIE is your primary protection, then nothing is going to escape the sandbox and get into your host. Ransomware, spearfishing, zero day, etc. SBIE doesn't stop the virus from coming into the SB, but it stops it from going anywhere else. It's contained. Then, delete the contents of your sb, fire up your browser again. We maintain a list of ones that work/don't here forums.sandboxie.com • View topic - Compatible AV| SBIE v5+[working/not][Updated 3/25] ..... But it's mainly Win 10, but worth a look.

 

[cruelsister]

Wu- Please remember that CryptoPrevent is primarily for the stopping of encryption, and not a generalized anti-ransomware application. A really big difference. Group policy manipulation won't (and does not) protect form things like Winlocky and Petya.

 

[generalwu]

@cruelsister Ooh, Thank you for the information. So there's no generalized anti-ransomware application yet?

How about WinAntiRansom?

Pardon me for the silly question.

 

[hjlbx]

@cruelsister Ooh, Thank you for the information. So there's no generalized anti-ransomware application yet?

How about WinAntiRansom?

Pardon me for the silly question.

WinAntiRansom blocks PETYA, Fortress, and others that are not blocked by other anti-cryptors.

Right now, WinAntiRansom is probably the best anti-cryptor.

 

[Lord Ami]

Hello,

This subject interests me a lot.

I wanted your opinion on F-Secure and its proactive protection DeepGuard.

That he is against this type of threat?

Yes, F-Secure's DeepGuard has been superb against crypto malware in my tests @ Malware hub. It's doing great.

 

[generalwu]

@hjlbx I see thanks for the information. They actually have a comparison chart for all of the current Anti-Crypto Software.

Not sure if I should shelve out my dough for it as it doesn't have a free version.

 

[hjlbx]

@hjlbx I see thanks for the information. They actually have a comparison chart for all of the current Anti-Crypto Software.

Not sure if I should shelve out my dough for it as it doesn't have a free version.

WinAntiRansom is OK. It does a good job.

However, if you're gonna chuck gold ducats onto the counter, then I would recommend AppGuard. Much better system protection in Lock Down mode.

 

[Duotone]

• Software Restriction Policy (AppGuard)

• Virtualization (Shadow Defender, Sandboxie)

I prefer this than any anti-virus but that's me, I do have MBAM and ZAM only used them when installing software.

 

[Iapepe]

Best tools anti-ramsonware are BD anti ransomware and Malwarebytes Anti-Ransomware.

 

[Soulbound]

Not every solution is perfect against ransom ware.

Different approaches can e taken depending on the use choice.

After nearly two pages of discussion the options are:
Run a decent Av solution plus:
Light virtualization software or an anti ransome mainly solution or anti exec solution.

Some go with mbar others with war. I use cryptoprevent with war for example

In the end there is no best lets keep that in mind

 

[cruelsister]

If I may butt in here, remember stuff like MBAR, HMPA, BD anti-ransomware (the worst of the lot) and especially the very fine CryptoPrevent rely on Group Policy changes to protect Documents, Photos, etc in the Users directory. This will not protect against things like Fortress-like ransomware (which target things outside of Users) or Petya. There will be changes for CryptoPrevent as a major build is forthcoming. But for right now please, please note that anti encryption is not the same as anti-ransomware!

And those that are smart enough not to rely on the traditional (and antiquated) AV but instead go with things like AG, SBIE, or CF have no need for additional protection- as long as the user is Geek enough to use these things wisely.

 

[Soulbound]

If I may butt in here, remember stuff like MBAR, HMPA, BD anti-ransomware (the worst of the lot) and especially the very fine CryptoPrevent rely on Group Policy changes to protect Documents, Photos, etc in the Users directory. This will not protect against things like Fortress-like ransomware (which target things outside of Users) or Petya. There will be changes for CryptoPrevent as a major build is forthcoming. But for right now please, please note that anti encryption is not the same as anti-ransomware!

And those that are smart enough not to rely on the traditional (and antiquated) AV but instead go with things like AG, SBIE, or CF have no need for additional protection- as long as the user is Geek enough to use these things wisely.

Thank you for your comments and additional info.

I have not checked much on the variations of petya and other type of ransomware.
cryptoprevent build is the soon to be v8 correct?

 

[Av Gurus]

I have tested one free program to protect my important folders or even extensions of modifying.
Program name is Secure Folders and it has been abandon but it's still working OK.
Here is my short video test against some Ransomware:



Maybe if @cruelsister can do the test, just to have some second opinion.