I downloaded the CryptoPrevent zip file (into XP) from majorgeeks and with some guesswork it seems to be doing what it says on the tin. It would probably have worked first time if the presentation on the original website had been a bit clearer (which file to download). The “test” is very quick, probably designed to be so. I have asked what the significance is of the unticked option “Block Temp Extracted Executables in Archive Files”, and whether I should tick it “for good measure” whatever it does. Can I now stop wondering about upgrading to MWB Pro?
Quoting Corrine Chorney (Microsoft MVP in Computer Security): “Temp Extracted Executables in Archive Files refers to executables (e.g., .exe, .pdf) that are opened directly from a downloaded .zip, .rar, etc. rather than extracting first. An executable that is opened directly from the “archive” is opened in a temp file”.
So that says WHAT they are. As for whether to check that box, CryptoPrevent’s author, in the changelog to version 2.5, stated that he left “Temp Extracted Executable protection unchecked by default and [furthermore,] implemented a warning when checking this item, as [checking it] can cause issues with some apps/installations.”
Personally, I have heeded that advice and left it UNchecked, accepting all the defaults. But others — perhaps not noticing the author’s disclaimer — HAVE checked it.
Keep in mind that CryptoPrevent only protects against CryptoLocker — it makes no attempt to protect against other forms of malware. [It might “accidentally” catch other malware, if, like CryptoLocker, they choose to run from one of the “locked”/protected directories.] In contrast, MBAM PRO offers protection against MANY forms of malware. Its creative team focus on the prevalent, more-stubborn, toughest malware, that often can make its way (undetected) passed many/most anti-virus programs. That’s its niche. MBAM is not an anti-virus program — it does not look for typical viruses. Rather, it is specifically written to COMPLEMENT whatever anti-virus program the user prefers.
Just so we understand, the FREE version of MBAM is a complete SCANNER and REMOVER. It is not a trial, its scanner/removal features are not limited. It’s a great program for everyone to have, to attempt to repair a bad situation after the infection has set in.
The “limitation” in the free version is that it does not offer up-front protection. THAT’S the critical function of the PRO/paid version: It will prevent infection from setting-in in the first place, both my monitoring files as they’re executed, as well as monitoring URLs, blocking those it believes to be bad. It’s a one-time investment per machine (with the right to transfer that license from one machine to another, provided you “retire” usage of MBAM PRO on the former).
If you check various malware-removal forums, you’ll see that MBAM [Free] is often the first tool they use to try to remove an infection. Any infection that MBAM Free can remove, after the fact, could have been prevented, had the person been using MBAM PRO! In my opinion, it’s worth every penny. Indeed, it’s the only paid program that I strongly advocate — in general, I think free programs (including of course, Avast), do a very good job.
EDIT / P.S. If you’re considering MBAM PRO, now is the time to buy — they’re running a “Black Friday” 40% off sale this weekend (through Dec. 2nd): http://www.malwarebytes.org/blackfriday/
I understood from reading the CryptoPrevent text that it could well prevent other malware though it doesn’t make a point of this as a general AV program does. The fact remains that we are advised not to run more than one AV program but MWB Pro appears to be the exception. As does Lavasoft Ad-Aware I seem to recall (I’ve installed it on this basis). I used to use Spybot and Spywareblaster but I believe (?) that this is no longer active … The point comes where you have to ask where to draw the line!
Each person has to decide how much security he/she is comfortable running. As you can see from my signature, I choose to run a lot. Yet, as best as I can tell, there are no conflicts nor any noticeable slow down.
Yes, the advice NOT to run more than one REAL-TIME anti-VIRUS program still holds. But CryptoPrevent does NOT run in real-time. It sets-up “policy restrictions” in the registry, and then lets Windows handle these. SpywareBlaster, which you mentioned, behaves similarly: it sets various restrictions (cookies, ActiveX, restricted sites), and then let your browser (e.g., IE) take care of implementing them. SpywareBlaster is still around, and can be used in conjunction with most other programs.
Lavasoft — which used to be just “Ad Aware” — has grown into a full-fledged anti-virus suite. This fuller progam should NOT be used in conjunction with Avast. [Some people may “pick-and-choose” to run only certain components of each (e.g., a firewall), but that gets complicated, and can potentially be problematic.]
MBAM should not conflict with avast, nor any other anti-virus program. SAS (SuperAntiSpyware) is a popular alternative to MBAM that has its ardent fans. Those who prefer to run SAS PRO/realtime [instead of MBAM PRO], along with an anti-virus, may certainly do so.
I think I’ll take the Black Friday $14 Lifetime License per PC plunge…I read the FAQ and the exclusions for Avast are for Avast6…any change for Avast 8 ?..I have not upgraded to Avast 9…way the forum is reading it’ll be a LONG while before I do that.
Concerning the mutual [or even “one-sided”] exclusions between MBAM PRO and avast, I would suggest you try running both together “as is”… and only worry about exclusions in the event something doesn’t seem right [e.g., you have an actual conflict, or things seem to be “dragging”/slow. I have made no exclusions in either program, and all seems well here.
Yes, the exclusion list was written specifically for avast6, but I believe if you check them out, it should transfer-over straightforwardly to avast8.
Any side effects to using Cryptoprevent? I remember Chrome installed and ran in the applocal up to relatively recently. They now by default install it in program files, but I that leaves tens of millions of users. Anything else people should look out for?
Just bought dozen licenses at $14 each…great deal for lifetime…wow !
I’m sure dumb question(s)
- Uninstall MBAM Free Scanner before I install the Pro, correct ?
- I usually have Avast do scan daily 5am…I assume I can/will do a MBAM scan daily, do you ?
If so, I assume you can schedule in Pro ?
If so, I assume to run the Avast & MBAM scans at different times ? - MBAM scan in Free takes awhile…I have W7 64bit clean I5 machines…but think it runs longer than an Avast scan.
How long do you see the scans being in MBAM ? - MBAM Pro auto-updates its malware database like Avast for Virus DB ?..obviously MBAM Free you have to do this manually.
…going to use Avast8 + MBAM Pro + CryptoPrevent on all of my home and office W7 64bit PCs.
Thx !
Decided to try Cryptoprevent, after installation tried the test, Avast popped up and I set an exclusion, had to do this twice. When I checked the exclusions in hardened mode there was one for helloworld.exe, when I close Avast and opened 5 minutes later this exclusion was gone. Not surprised exclusion was gone as this version is so buggy, none of my exclusions stick, but has anyone heard of helloworld and could somebody check to see if this happened to them why trying Cryptoprevent?
Thanks.
Alievitan,
the first time you run CryptoPrevent, if you accept the default settings, it will “whitelist” any programs you already have located in the “protected” directories. So for example, if Chrome was present there, it would be whitelisted, and allowed to run in the future. CryptoPrevent seeks to limit NEW applications… presumably malware… that suddenly pop-up unexpectedly in these non-standard locations.
thekochs
-
you can enter your license code into the free version to upgrade it to the PRO version, without having to uninstall the Free one first: Hit the PROTECTION tab, and toward the bottom, hit ACTIVATE. Then fill-in the product ID and KEY as requested, and hit (the newer) ACTIVATE button.
-
yes, you can set MBAM PRO for daily [or other regularly-scheduled] scanning, by clicking on the SETTINGS tab, then Scheduler Settings, and ADDing a scan [or a check for updates] by specifying your choice of parameters.
Personally, I am NOT a fan of routine scanning on a system that I strive to keep squeaky clean. I trust myself more than I want to allow for the possibility of a false positive in over-scanning. As such, I neither scan daily with Avast, nor with MBAM. But that’s just me. If you feel more comfortable with daily scans, then it’s your decision to do so.
Yes, it would be best to separate a daily MBAM scan from a daily AVAST scan… no need having them hog your CPU, and fight over disk access!
I HAVE scheduled MBAM to check for updates every hour.
-
Which of the MBAM scans are you running? Believe it or not, the QUICK scan is highly efficient, and will probably catch just about all the malware on your system! If the QUICK scan comes up clean, I’d say you’re 97+% safe… perhaps even more so. As such, there’s little need to ever run a FULL [lengthy] scan with MBAM… unless you really insist… “once in a blue moon”.
By the way, MBAM PRO also offers a “Flash” scan, which tests just the most sensitive areas, really quickly. -
I mentioned auto-updates of database in my response to (2).
Digmor,
HelloWorld2 is the test program that CryptoPrevent creates to test itself. When you hit the test button, it (temporarily, as best as I can tell) creates HelloWorld2.exe in a monitored area [for example, C:\Users\your name\AppData\Roaming\ ] and tries to run it from there. If blocked, the test is successful. After you run a successful test, you can see this result displayed by clicking the Event Log button, then Blocked Events. Click on the date/time in the left-hand column, to display the details of the Test Event in the right-hand column.
Thats what I sort of thought ky, yup, test was successful too.
Thanks.
Any idea why the CryptoPrevent test hangs when I run it on my Win7 machine? I am using Online Armor… worked OK on my XP.
All I can say is that the test is running fine on my Win7x64 Pro SP1 system, with lots of additional security as per my signature. So you might consider the differences (e.g., the online armor you mentioned) to try to pin-down the conflict.
Can you temporarily disable online armor [going offline first, if you wish, for protection] to see what happens? If that turns out to be the culprit, I assume there’s a way you can instruct online armor to allow/whitelist things?
And while I assume you did this, after running/APPLYing CryptoPrevent’s security, did you reboot before trying to run the test? It shouldn’t be necessary, but I’m just grasping for ideas here.
Couple Questions before I install CryptoPrevent.
- After installed if there is new item “installed” how do you Whitelist ?
I assume if a “bad” items comes up you can Whitelist it ?..if so, how ? - If you ever want to undo the group policies this sets up…say it mucks something up valid in the futures, can you ?, how ?
Thx.
Thanks for reply… Online Armor is on both XP and Win764 systems. Followed instructions here, yes rebooted. OA gave permission to CryptoPreventer. Tried again, no luck. Seems to work OK until test, then just hangs. Reinstalled, undid policies, and finally deleted.
Thekochs:
Borrowing essexboy’s screenshot:
-
There’s a whitelist option on the top menu, to allow you to add (or remove) individual items to (or from) CryptoPrevent’s protection. Click on Whitelist, then Whitelist Editor. You can then browse through each of the protected directory areas, to locate/select, and whitelist any files you feel necessary. Likewise, it’s easy to remove [De-Whitelist] anything from the whitelist.
-
There’s an UNDO button (bottom left), to completely remove all of CryptoPrevent’s protection.
By the way, an alternative/simpler way to add new items to the whitelist is:
a) UNDO CryptoPrevent’s protection. Depending on your O/S [and “flukes”], you may have to close/reopen CryptoPrevent, or log off/on your account, or reboot… but these might not actually be required.
b) install the new items that CryptroPrevent was blocking.
c) APPLY CryptoPrevent’s protection again, which should now automatically whitelist the new items you’ve added.
Sniggler,
If you’re willing, try the following:
Run CryptoPrevent again on your win7, and APPLY its protection.
then make a COPY of the file C:\Windows\system32\cmd.exe
and PASTE the copy in C:\Users\your_user_name\AppData\Roaming
Then click on the file there to see if it runs, or if it’s “blocked by group policy”. If it’s blocked, then that proves CryptoPrevent has done it’s job, even if the test function isn’t working properly. If the command prompt appears, then there’s a functional problem with CryptoPrevent on your system.
Referring back to my original post No1: I have installed CryptoPrevent and put my trust in its protection. But just last week there was a feature in ComputerActive on CryptoLocker from which I quote:
“CryptoLocker isn’t difficult to remove - any up-to-date antivirus or malware scanner will recognise it, then quarantine or remove it”. This would almost imply that if you have your Avast definitions up to date (and are not previously CryptoLocked) you have nothing to worry about. I fear that life may not be so simple but would welcome feedback from those in the know.