RansomFree

RejZoR suggested RansomFree (https://www.cybereason.com/) side-by-side with Avast.
I’m a bit affraid about a program without any setting or interface… What is it really doing?
What is the “fileless ransomware”?

“RansomFree is a behavioral anti-ransomware tool for detecting and stopping never-before-seen ransomware. RansomFree protects against local encryption, the encryption of files on network or shared drives, and catches stand-alone ransomware programs as well as fileless ransomware.”

Is the “behavioral … detection of encryption” the feature that Avast team was trying to add to Avast 2017 later this year?
Remember when they talked about it in Prague?

In a nutshell, yes, that’s what avast! team has been working on for a while. Honeypot and behavior based ransomware detection, as well as generic whitelist based protection of user data folders.

RansomFree is not bad. I mean, it’s free so you can’t really go wrong. And even though it has virtually no interface, it doesn’t really need one to be honest. It’s just there and it works. It’ll be a bit redundant when avast! gets all the anti-ransomware goodies, but until then, why not. Though, release of Behavior Shield will be a huge asset for avast! already.

I’ve been following some of the cybereason topics and not sure if I’m comfortable with the “Honeypot” files placed everywhere throughout the system :-\ are they cleanly removed after removing the cybereason program :-\

I also use WinAntiRansom which works extremely well though can be a little annoying at times because it acts more like an anti exe so best off disabling before updating your known programs, it’s very lite and it uninstalls cleanly.

https://www.wilderssecurity.com/threads/ransomfree-by-cybereason.390786/

avast should get a similar intigrated ransomware protection as TrendMicro

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1099580.aspx?vwd=MalwareTopics-_-prd=gen-_-src=HHOLanding-_-loc=Default

https://esupport.trendmicro.com/en-us/home/pages/technical-support/maximum-security-2017/1114795.aspx?vwd=KB-_-prd=gen-_-src=KB1099580-_-loc=Default

The major drawback:

The downside is that RansomFree needs a short amount of time to detect the start of the encryption operations. This means that a few of your files will be encrypted before RansomFree detects anything wrong.
https://www.bleepingcomputer.com/news/security/ransomfree-is-the-latest-app-that-tries-to-stop-ransomware-infections-on-windows/

Seems scaring :frowning:

Does RejZoR tested it?

You can watch my test of Cybereason RansomFree 2.1 here:
https://www.youtube.com/watch?v=8irjdt0okg8

Back when I was testing it, it was still vulnerable to some strains as shown in video. Those have been fixed since.