Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoPrevent v.9 blocks InSpectre: Meltdown/Spectre? vulnerabilities check tool


  • Please log in to reply
5 replies to this topic

#1 midimusicman79

midimusicman79

  • Members
  • 615 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:10:16 AM

Posted 26 February 2018 - 10:00 AM

Hi all!

 

I have MS Win 10 Pro 64-bit and have run several Meltdown/Spectre vulnerabilities check tools, namely SpecuCheck, SpectreMeltdownCheck and InSpectre, of which the last being the most informative. :thumbup2:

 

The two first run successfully, however, the last is being blocked by CryptoPrevent v.9 and its Software Restriction Policies, since it copies an instance of itself called inspect64.exe to the AppData\Local folder. :(

 

Error message: CryptoPrevent Notification Module, SRP Block Detected, Blocked Program: 'C:\Users\User Name\AppData\Local\inspect64.exe', Protection Rule: 'C:\Users\User Name\AppData\Local\*.exe' :exclame:

 

InSpectre is indeed a legitimate program, and should as such be able to run without restrictions of any kind, even if running from the said folder.

 

I have of course already whitelisted InSpectre.exe, but not inspect64.exe, since the latter is being generated at runtime.

 

And hence, my question is as follows;

 

How do I report this bug to Foolish IT, the creator of CryptoPrevent?

 

Thank you very much in advance!

 

Regards,

midimusicman79


Edited by hamluis, 26 February 2018 - 10:59 AM.
Moved from MRL to Ransomware - Hamluis.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 26 February 2018 - 01:34 PM

You can contact and ask the developer, Nick (Foolish Tech CEO) the following ways.


You can also contact... Proctor_Foolish_IT (Matt Proctor) who is Chief Financial Officer and an Authorized Company Representative for CryptoPrevent.  
  • Email: proctor@foolibleep.com


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 615 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:10:16 AM

Posted 27 February 2018 - 09:00 AM

Hi, quietman7!
 
Thank you for the prompt and insightful reply! :)
 
I have now signed up and submitted a ticket to Foolish IT Support.
 
I will let you know the outcome. :thumbup2:

Thank you very much for the help! :) The issue is pending! :busy:
 
Regards,
midimusicman79

Edited by midimusicman79, 27 February 2018 - 12:16 PM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 27 February 2018 - 11:11 AM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 615 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:10:16 AM

Posted 28 February 2018 - 10:27 AM

Hi again, quietman7!
 
Foolish IT's CFO Matt Proctor answered, and I quote:
 

Cry[p]toPrevent is behaving as intended.  Our recommendation would be to whitelist C:\Users\User Name\AppData\Local\inspect64.exe.

 
Which, upon tried, works great, although I discovered that the said file actually gets immediately deleted after being generated, but nevertheless, I was able to whitelist it without having it existing in the first place, as in specifying the file path instead of browsing to it.
 
Thank you very much for the help! :) The issue has been successfully resolved! :thumbup2:
 
Regards,
midimusicman79

Edited by midimusicman79, 28 February 2018 - 10:49 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 28 February 2018 - 02:46 PM

The AppData\Local folder is one of the known hiding places for malware so that's what I suspected was going on but wanted you to contact Nick for confirmation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users