Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Which Anti-Ransomware tool would you recommend?


  • Please log in to reply
34 replies to this topic

#1 midimusicman79

midimusicman79

  • Members
  • 575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:01:55 AM

Posted 10 June 2015 - 09:27 AM

Hi all!

 

For computer security I already have AV/FW: ESS, AM: EAM, WinPatrol PLUS and Unchecky, and my browser is Mozilla Firefox with WebOfTrust, AdBlockPlus and Ghostery.

 

Now I would like to add Anti-Ransomware protection too; I have read about this here and here and necessarily being a bit uncertain of the protection alternatives; hence my question is: Which Anti-Ransomware tool would you recommend?

 

Thank you very much in advance!

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 10 June 2015 - 09:31 AM

Ransomware Prevention Tools:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:55 AM

Posted 10 June 2015 - 09:35 AM

Just a side note... Don't use HitmanPro.Alert and Malwarebytes Anti-Exploit at the same time, since both are anti-exploit applications and will conflict, thus lowering your protection. Same goes with EMET (Enhanced Mitigation Experience Toolkit).

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 10 June 2015 - 09:42 AM

Personally, I would use Malwarebytes Anti-Exploit and CryptoMonitor. Malwarebytes Anti-Exploit stops exploits, but if one manages to come throught, then CryptoMonitor would jump in. I would use CryptoPrevent as well if you can, but depending on what you do on your computer (if you're a developper, tweaker, etc.) it might prevent some of your programs and features from running (thought you can disable it whenever you want). That's just my opinion however :)

I use Malwarebytes Anti-Exploit and I like it. It's discret and it doensn't slow down your system, nor does it affects your browsing experience at all.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 10 June 2015 - 09:44 AM

The conflict between HitmanPro.Alert and Malwarebytes Anti-Exploit was fixed some time ago (unless it returned).

Since then I have been using both.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:55 AM

Posted 10 June 2015 - 09:54 AM

It's not a conflict between MBAE and HMP.A, but more of a conflict between anti-exploit applications in general.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 10 June 2015 - 09:58 AM

Malwarebytes Anti-Exploit Known Issues & Conflicts
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 10 June 2015 - 10:06 AM

For EMET and Malwarebytes Anti-Exploit, there's no "official" configuration. Users will share their configs and there's a chance it might work on your system completely, but there's a chance that it might not and you'll have to tweak more settings. So it's really "system-dependent". If someone chooses to use Malwarebytes Anti-Exploit and EMET together, they can refer to the thread on Malwarebytes, but there might be a chance that it doesn't work at 100% and that they'll have to find their own tweaks. In other words, inexperienced users shouldn't attempt to run Malwarebytes Anti-Exploit and EMET together, no?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 10 June 2015 - 10:26 AM

For those familair with configuring...Running EMET and MBAE together
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 10 June 2015 - 10:28 AM

So this will give them a "base configuration" they can follow, but there's still chances that they'll have to find their own tweaks. I should give it a try someday.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:55 AM

Posted 10 June 2015 - 10:29 AM

From what I read in there, basically it is a configuration to let EMET covers what MBAE doesn't.

HMP.A users can just enable all mitigation methods in Settings and be done with it.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,119 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 10 June 2015 - 01:31 PM

[quote name="Alexstrasza" post="3731076" timestamp="1433950198"
HMP.A users can just enable all mitigation methods in Settings and be done with it.They should be enabled by default.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:01:55 AM

Posted 11 June 2015 - 09:24 AM

Hi again, quietman7, Alexstrasza & Aura!

 

Thank you all for the prompt and technical replies! :)

 

After having read thoroughly about the different alternatives' features, I think CryptoMonitor Anti-Ransomware and HitmanPro.Alert with CryptoGuard are worth considering, as all the others imply too much tweaking IMO.

 

However, HitmanPro.Alert with Cryptoguard refuses to give me a trial license, because I already tried HitmanPro in the past (i.e. during the last year), and to make this even worse, neither does HitmanPro install nor uninstall, so unfortunately there seems to be now way around it...that is except for buying a license, of course. :(

 

What should I do - buy a license for HitmanPro.Alert with CryptoGuard, or should I rather try or preferably buy a license for CryptoMonitor Anti-Ransomware? HitmanPro.Alert with CryptoGuard is after all (somewhat) cheaper than CryptoMonitor Anti-Ransomware, and has several similar features. :unsure:

 

Thank you very much for the help!

 

Regards,

midimusicman79


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:55 AM

Posted 11 June 2015 - 09:30 AM

Hello midimusicman79,

HitmanPro.Alert and CryptoMonitor may have the same purpose (stopping crypto ransomware) but how they do it is very different.

HitmanPro.Alert installs a driver called CryptoGuard that monitors applications and blocks them if crypto ransomware-like activity is detected. In that case you can choose to scan with HitmanPro to kill off the offending ransomware. HMP.A also includes exploit mitigation for multiple applications and warn you if it detects that your browser is compromised by banking trojans.

CryptoMonitor uses special technology to monitor the system and neutralizes the crypto ransomware process if it detects one, however it will not get rid of the file itself - you will need to use another scanner such as Emsisoft or Malwarebytes to do this.

I hope that understanding what both applications do will help you in making your choice :)

#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:55 PM

Posted 11 June 2015 - 09:46 AM

If you need support with HitmanPro.Alert, there's a product thread for it on BleepingComputer, where erikloman, a SurfRight Rep. can answer your questions and offer support.

http://www.bleepingcomputer.com/forums/t/513182/cryptoguard-prevents-your-files-from-being-taken-hostage/

The same thread also exists on WildersSecurity Forums :) Same for CryptoMonitor, by Nathan:

http://www.bleepingcomputer.com/forums/t/572146/cryptomonitor-stop-all-known-crypto-ransomware-before-it-encrypts-your-data/

Edited by Aura., 11 June 2015 - 09:47 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users