Does Avast protect me from Wannacry?

They blocked the exploit attempt, not detecting the actual malicious file, this was added later when they got samples

so several layerers of protection

  1. Your AV vendor have added detection for the exploit
  2. You have installed the patch from MS and closed the security hole
  3. Your AV vendor add detection for the malicious file(s) as they are found
What is more important, Bitdefender Hypervisor Introspection was able to [b]prevent the exploit of the vulnerability[/b] long before it was disclosed and patched by Microsoft.

Symantec also (and others)

Symantec customers have been protected from WannaCry prior to its emergence. Symantec Secure Endpoint Protection (SEP) and Norton have[b] blocked any attempt to exploit the vulnerability[/b] used by WannaCry since April 24, before WannaCry first appeared.
https://www.symantec.com/outbreak/?id=wannacry https://www.symantec.com/security_response/writeup.jsp?docid=2017-051310-3522-99

What protection all those infected machines had, i dont think that info is posted anywhere … or?

I think people with Windows XP are the most vulnerable, because they don’t have the latest patch from MS update.
Now MS wil patch xp to protect more xp users.

MS have already release a patch of OSes which are no longer supported, this includes XP, Vista and Win 8.0.

http://weblog.av-comparatives.org/proactive-protection-wannacry-ransomware/

Where XP users can see if the MS patch instaled … since - I think - their browser (IE8) is out-of-date (Path history down)? ? KB number ?

Was a patch already been released before for Posready xp users?

Also , I read that a new large-scale cyber attack was under way : “Adylkuzz”
I did not find it in avast VPS history until now. Any news ?

John,
Your question is based on an assumption that the PC’s were infected inspite of having AV software installed & also that without having seen the ‘attack vector’ before that AV software could catch it.
All AV software works on the basis of ‘Known Attack vectors’ which can be coded for or known methods that can be caught via any Heuristic based methods.
All the AV vendors will by now be able to detect and catch ‘Wannacry’ because samples have been caught and examined.
NO AV software will protect you 100% from all possible attacks.
The point of using AV & Anti-malware is to cover as many as you can (get as close to 100% as you can) but you still need to use common sense (that is not so common !!!).
This means you ensure you have good backups of your data that you verify work on a regular basis. (This is the final fallback if your AV & Anti-malware should fail.)
You do not open e-mails or documents or run software from sources that you cannot have confidence in.
If you know that you are going to open/run unknown docs/software, you do it on a machine that is isolated from the network/internet, so that it cannot ‘run amok’ via your network connection.

Ideally, if you are knowingly running suspect software or accessing suspect files you would do this in a VM (Virtual machine) that is isolated from everything and running on a controlled ‘virtual / internal’ network that is NOT connected to anything you cannot ‘wipe and rebuild’ if need be. [remember that VM’s are not 100% safe as there are exploits that can ‘break out’ of VM’s.]

Everyone should learn from the ‘Wannacry’ events that regular backups and regular testing of those backups is essential.
Do not assume that your backups are working … check the backups that you create, are accessible, complete and you can get ALL your files back when you try to restore.
Follow a proper backup schedule with multiple copies of your backups kept and make sure that they are kept in multiple safe locations.
(Remember that Viruses etc are not the only risk, if there is a fire or flood would you lose your backups as well. !!!)

Thank you Ruby-Tuesday,

It should also be pointed out that significant number of systems affected were non-Microsoft systems, or otherwise known as cracked or illegal Windows systems. Not talking about obsolete or out-of-support systems here.

So there was never the possibility of getting and applying the Windows security patch which is key to preventing the SMB exploit used by the worm module in WannaCry. Hence the number of infected systems was higher than it otherwise might have been had all systems attacked been legal; the onus then would’ve been on the operators for not applying the Microsoft patch deployed March 2017… As it was, some legal systems never were patched in March as they should have been.

Thought that should be pointed out.

As always patch patch patch. If you can’t get a patch in time, find a workaround.

Some years ago an Avast Überevangelist :slight_smile: Malware Removal Expert advised me to install CryptoPrevent as well.

This I did and I’ve had it ever since on my computer.

It was good to see: “The best thing about (the new Avast Behavior Shield) is that it has proven to be especially powerful against ransomware. Although ransomware samples evolve and morph rapidly, they still exhibit specific behaviors that can be identified. Behavior Shield is capable of detecting and stopping new ransomware variants that haven’t been seen before – something that’s been inherently difficult using other protection mechanisms.”

https://blog.avast.com/behavior-shield-our-newest-behavioral-analysis-technology

Do I still need to use CryptoPrevent as well?

“Over 98% of All WannaCry Victims Were Using Windows 7”

https://www.bleepingcomputer.com/news/security/over-98-percent-of-all-wannacry-victims-were-using-windows-7/

?

chris05 - The recently released Microsoft custom patch for XP SP3 x86 is KB4012598

Can be seen after installation in Control Panel / Add or Remove Programs / Check ‘Show updates’.

That sounds like essexboy, though it gould also be Andrey,pro, but like all security software it has to be up to date to get the full benefit/protection. Whilst I don’t use CryptoPrevent, the latest version is 8.0.3.7 I believe dated 05/16/2017.

Depending on how long ago this advice was given, it could precede when the additional protection against ransomeware was included in avast.

Bleeping computer is wrong.
15% of the infected systems was/is using Windows 10.

Yes, it was EssexBoy DavidR back in 2014 :slight_smile: …on another site. Long time no see - where is he?

I got the all clear - no malware.

I have just installed the latest CryptoPrevent version…just wondered what thoughts on this are now that Avast has the Behaviour Shield in 2017.

Really Eddy…I thought Windows 10 was unaffected.

He has more commitments now that take up most of his time, he pops in to the forums from time to time.

Not knowing how CryptoPrevent goes about its work and up to a point Behaviour Shield. If they were using the same methods then there is a possibility they could clash. Personally I try to keep my system light and not spend more time servicing my system than it servicing my needs.

I do however have a robust backup and recovery strategy, taking exact image backups of my drives weekly.

Essexboy has quit this webboard.

Only Windows versions that where/are not vulnerable are Windows 98 and earlier.

And about your question (Do I still need to use CryptoPrevent as well?)
There is and never will be one tool that protects your system against all “badware”.
So yes, you will need to use multiple to have the best protection as possible.

Although those tools can help to protect a system, the largest risk is always the user.
Security starts with what a user knows/does.

I see that over 99,9% of the users are using a account with administration rights for daily use.
If someone is using such a account for daily use the user might as well not install any protection software at all.
To say it simple, malware has the same rights on a system as the user account that is used.

Thanks for your comments and help.

I am wondering about a clash too, but found this…

"There is NO Anti-Virus software on the market today that provides the same type of protection that CryptoPrevent provides, it works in an entirely different manner.

Since the two can co-exist on the same PC peacefully, and CryptoPrevent’s protections do not utilize any system resources, why not utilize both methods of protection?"

“I do however have a robust backup and recovery strategy, taking exact image backups of my drives weekly.”

How do you do that DavidR?

I’m afraid I’m one of those 99.9% of users Eddy! :o Learnt something today…

@Eddy,

“Bleeping computer is wrong.
15% of the infected systems was/is using Windows 10.”

Which versions of Windows 10?

Edit: typo

OFF TOPIC

Super image / quote you have -midnight! <3

From an astronomy lover

There are many image backup software options available, some free. They make an exact image of the Drive or Partition you want to copy to another hard drive preferably to an external hard drive. The one I use on my primary system (in my signature) is a paid option but very old and no longer sold. I do an image backup every week and keep the last six backup images. If I have a problem that is likely to take more than 30 minutes (longer than restoring a backup), then I use the image backup.

http://www.techradar.com/news/the-best-free-pc-backup-software and for later OSes you can use their own option https://www.howtogeek.com/howto/4241/how-to-create-a-system-image-in-windows-7/.

If wrong, BleepingComputer is not to blame as the report comes from Kaspersky

Numbers released by[b] Kaspersky Lab[/b] on Friday reveal that over 98% of all documented WannaCry infections were running versions of the Windows 7 operating system.

Thanks a lot for the useful info / link DavidR.

So I would need to get an external hard drive first…

You’re welcome.

If you have a 2nd internal hard drive most would allow you to use that drive as the destination drive. The flaw in that is if all of your system went down, there is a possibility it could be effected too.

An external hard drive is preferable as you can disconnect it and secure it when it isn’t in use. Get a USB3 external drive (if you have USB3 ports on your system) as USB3 has a higher data transfer rate and the USB3 connection provides power to the drive. So only one connection to be made.