Tag Archives: ransomware

Windows Defender Anti-Ransomware Fall Creators Update feature issues

With release of Windows 10 Fall Creators Update, Windows Defender gained new Anti-Ransomware feature named “Controlled folder access”.

What it does is block access to folders for all the apps that aren’t allowed, preventing unauthorized apps from modifying or encrypting your files (it even prevents them from reading files too!). The problem is, it doesn’t seem to work correctly and has annoying limitations that make it rather useless.

Folder control issues

It automatically protects all the usual data folders like Pictures, Music, Documents etc. The problem here is, it also includes Desktop. This by itself is alright since we tend to keep stuff on desktop and we don’t want it encrypted by ransomware. However, at least I prefer to use Desktop as transitional storage for downloads and stuff I save from web. And Windows Defender’s Controlled Folder Access doesn’t like that, throwing warnings at me all the time for each thing I try to do and it interacts with Desktop. To make things worse, you cannot remove or edit default locations. They are hardcoded and cannot be changed, forcing you to either have ALL enabled or be forced to disable the feature entirely because it just doesn’t work because it becomes so damn annoying you can’t even use it.

Whitelisting doesn’t seem to work

Supposedly, this Controlled Folder Access feature is suppose to access some sort of whitelist to automatically allow known safe apps from accessing protected folders. The problem is, it just doesn’t work. It didn’t recognize Paint.NET, it didn’t recognize Opera browser, it even complained over its own Explorer.exe! Which brings us to  third issue…

Allowing apps is rather useless sometimes

For example, Opera is not recognized by the whitelist. However, you can add apps and programs to the allowed list yourself. Only problem there is that paths are absolute and in Opera’s case, that means your allowed path to opera.exe includes a version number, like so: “C:\Program Files\Opera\48.0.2685.39\opera.exe” which means the allowed rule will only work till Opera gets updated. And then it’ll complain again because the allowed path won’t connect anymore to the actual new version after update…

Verdict

I like the idea. This is what I’ve recommended to avast! team like half a year ago and they did it properly. It’s fully configurable and uses their powerful whitelist which makes the use of their Anti-Ransomware protection really convenient as you hardly ever even get a popup for clean apps. Microsoft on the other hand, it’s not configurable enough, it lacks important settings, it’s too locked down and it has a non-functional whitelist system. It has a potential, but in a current form, it’s just not useful. In fact it’s just outright annoying. I kept on manually adding programs to the allowed list and Windows Defender kept on finding new ways to annoy me till I just disabled it again. And seeing how Microsoft only changes such big things between these milestone updates, it’ll take another 4 months to maybe see this fixed. Not cool… So much potential wasted because of stupid design decisions…

Advertisements

Cybereason RansomFree Anti-Ransomware

We all know ransomware is on the rise and it’s one of the most annoying types of attack in recent years. I mean, in the past systems got infested with various junk that was hard to clean, but essentially, you could always just start over by reinstalling Windows. Ransomware changed that, because it attacks stuff that’s irreplaceable. User files like documents and photos. You can’t just stat over by reinstalling Windows.

Now, the only 100% protection is backup of your data, but reality is, it’s really annoying to constantly make backups by hand and if you have it automated, we’ve already seen malware and ransomware which ruins your backups as well. So, I personally prefer prevention, rather than remedy or backups to the whole thing.

There are various tools and protection systems of which some can be found here. One tool however stands out a bit, for two reasons mostly and that’s because it’s free and provides very high generic protection against known and unknown ransomware and they are continuously improving it. It is called…

Cybereason RansomFree

Like anything, nothing is ever 100%. But if you can dramatically decrease the chances of getting hit by ransomware, I’m sure anyone would take it. It’s like with real vaccines. There is always small chance it still won’t be effective against one specific strain of flu, but if it can protect you from 95% of it, wouldn’t you take the “chance”?

I’ve made a test of it recently and you can see for yourself how effective it is.

When out of several strains only 3 types got past RansomFree defenses, I’d say that’s pretty damn good or something that’s free and consumes nearly no resources.

And today I’ve even received news about new version 2.1.1 which also addresses the mentioned issues of not protecting non-system partitions as well as potential other improvements thanks to our tests that showed the flaws. If they can figure out Petya strain, that would be also awesome. But they are already doing a good job as it is and I can only recommend this software to everyone who value their personal files.

DOWNLOAD

https://ransomfree.cybereason.com

Secure Folders Free files and folders protection

I’ve come across program called Secure Folders on Wilders Security forums. But this one is a bit different from the usual bunch of programs that lock folders with password. This one doesn’t. This one protects files and folders in a different way. It makes files or folders invisible to unauthorized apps, it makes files non-executable, it makes them read-only, or it can lock them entirely. They will be visible, but you won’t be able to read or modify them unless you’re using a trusted specified application. The number of options to protect files is quite extensive and will give you ability to protect nearly any kind of files/folders without making it difficult for every day use.

Ok, what can I use this program for you may ask?

Well, it’s quite simple actually. Program has few limitations that I’ll discuss with the developers (like missing strict per rule trusted applications for even tougher, more detailed protection), but in a nutshell, I see it as an amazing tool to protect your important files and documents from getting stolen or encrypted (ransomware malware) by unauthorized applications. I see it as a great way to protect your browser user data folders so malware can’t simply read your locally stored bookmarks and passwords and send the data to a remote server. And just these two abilities give this tool an incredible value (yeah, even though it’s free!).

A simple example on how you can protect your music and photos from ransomware…

SF_Main

SF_TrustedApps

What does this mean? This means ONLY explorer.exe, musicbee.exe and paintdotnet.exe can modify the specified file types. All 3 apps are essential to use those protected files without any problems, but no other app will be able to modify protected files. It’ll still be able to read them, but not modify, which is crucial to defend from ransomware. You can even make it fully global using * so it doesn’t really matter where it is located. Just be careful so you don’t lock yourself out of the system by hiding system files or anything similar, making system unbootable!

Too bad I haven’t found this app sooner, but I’m glad I know it now. Kudos to the developer, it’s a really well made app with superb interface, something you rarely see with such “indie” programs.

DOWNLOAD:
http://securefoldersfree.com/index.html

DOWNLOAD MIRROR:
Download Link

Btw, if you want to protect something and you don’t know how exactly, just ask me down below and I’ll try to explain what goes into what list 🙂