The two first run successfully, however, the last is being blocked by CryptoPrevent v.9 and its Software Restriction Policies, since it copies an instance of itself called inspect64.exe to the AppData\Local folder.
Error message: CryptoPrevent Notification Module, SRP Block Detected, Blocked Program: 'C:\Users\User Name\AppData\Local\inspect64.exe', Protection Rule: 'C:\Users\User Name\AppData\Local\*.exe'
InSpectre is indeed a legitimate program, and should as such be able to run without restrictions of any kind, even if running from the said folder.
I have of course already whitelisted InSpectre.exe, but not inspect64.exe, since the latter is being generated at runtime.
And hence, my question is as follows;
How do I report this bug to Foolish IT, the creator of CryptoPrevent?
Thank you very much in advance!
Edited by hamluis, 26 February 2018 - 10:59 AM.
Moved from MRL to Ransomware - Hamluis.