Thema: CryptoPrevent

[SiLæncer]

CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or ‘ransomware’, which encrypts personal files and then offers decryption for a paid ransom.

CryptoPrevent artificially implants group policy objects into the registry in order to block certain executables in certain locations from running. Note that because the group policy objects are artificially created, they will not display in the Group Policy Editor on a Professional version of Windows — but rest assured they are still there!

Freeware

Whats new: >>

added ability to block syskey.exe from execution, which is being exploited by some new malware.

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Whats new: >>

Added blocking of fake file extensions with spaces in them to hide the extension. Added blocking of cipher.exe along with syskey.exe, for the potential abuse. Added ability to create custom block and allow policies with scripting support.

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Whats new: >>

v5.2 - Added automated protection test after reboot if you select to reboot after applying protection. Some UI and usability tweaks. Added a link to the help forums in the Premium Edition's Information menu.
v5.1 - Tons of UI and usability tweaks. Added more hash values to internal block lists.
v5.0 - Added hash based blocking system.

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Whats new: >>

v6.0 - CryptoPrevent is no longer based solely on Windows software restriction policies, and now includes a real-time filter and definitions files/updates!

New 'Filter Module' that can filter certain executables against hash based definitions, can also filter based on other criteria using a more complex rule set, and allow user the option to run the file anyway. Enabled for CPL, SCR, and PIF files by default - advanced options allow to enable for EXE/COM files also (experimental!)
New Policy Editor for software restriction policies, create your own custom path rules (premium feature.) You can also view, search, and selectively delete blacklist policies in effect.
User defined hash rules for MD5/SHA256 (meaning, you can create your own hash based definitions for the Filter Module.)
Separated all main protection policies so they may be individually applied or removed.
Added policy to disable Windows Sidebar/Gadgets due to security vulnerabilities.
Daily updates are now for the new definitions, and a new weekly schedule will be created for application updates.
New email options for bulk premium custom installers.
Easier to install and apply protection with the free version.

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Whats new: >>

Improved Recycle Bin executable protection.
Added feature to remove ALL software restriction policies (created by CryptoPrevent or not) from the Advanced > Software Restriction Policies menu.
Added feature to block %localappdata%\* in Advanced menu > Software Restriction Policies (max protection, but this includes a block on %temp% so it may cause issues with legitimate apps; generally not recommended.)
Added ability to install (or force install) from CryptoPrevent portable and uninstall/force uninstall from the installed version. Force option is only offered if standard methods fail. Not 100% perfect so only use the force option if absolutely necessary (e.g. the installer won’t run due to access denied errors.)
Bulk Installers now have the option of creating custom whitelist rules during installation.
Misc tweaks.

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Whats new: >>

NEW simplified and easy to understand interface, replacing the many obscurely labeled protection option check boxes with a few simple protection "levels" to select from (the old interface still exists in the Advanced menu, and it has been updated as well.)
Updated to not trigger Malwarebytes Anti-Malware detections with the installed version (thanks to the MBAM research team.)
Improved Filter Module function.
Changed recommended defaults slightly.
Enabled optional "Experimental Protection" level (the Experimental EXE/COM settings in the Filter Module.) NOTE: This setting is not largely tested and is NOT recommended for most people, as there may be side effects which could potentially cause system instability. Please understand I cannot accept responsibility for your usage of this setting. If you do wish to use this setting, I would love to hear your feedback on any issues you suspect may be related to having it enabled.

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Whats new: >>

CryptoPrevent v7.3.x brings some new features, more clarity on protection levels, and improved protection
First, CryptoPrevent now supports SSL/TLS encryption and StartTLS for your SMTP server settings! This enables support for a wider variety of SMTP servers, allowing users requiring this level of encryption to configure their email alert functionality. Previously only SSL was supported
Second, CryptoPrevent’s experimental “Program Filtering” has reached BETA status. Program Filtering compares executable files to a hash based definitions system consisting of a database of current ransomware threats. It has been tested well on every supported Windows OS, and unsupported OSes were excluded. Supported Windows versions are XP, Win 7 with SP1, Win 8.x, and Win 10. Sorry, Windows Vista is not supported for Program Filtering

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Whats new: >>

Some reports indicated that there were issues with existing security software and the BETA protection, however with the 7.4.2 release those issues appear to be resolved.

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Changelog

    Added Proxy support for updates and email
        added command line parameters to configure proxy support
        added automatic file trigger to configure proxy using “CryptoPreventProxy.ini” in application directory
    Performance increase for removing whitelisted software restriction policies
    Additional debug information when running /debug
        for sending email
        for updates
    Added additional Honey Pot detection for more ransomware detection

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Changelog

    Performance increase for HoneyPot Detection and alert notification from QuickAccess Tray icon
    Added command line option to add unique identifier for individual client
        /clientemailid=[UniqueClientID]
        Run this CLI option to create a unique identifier for that specific client’s email subject line
    Additional debug information when running /debug
    Added additional Honey Pot detection for more ransomware detection
    Added ability for HoneyPot definitions to be updated during definition updates
        HoneyPot definitions will update during manual or auto-update processes
        If HoneyPot definition file is not available on the system, hard-coded definitions of the current CryptoPrevent version will be used

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Changelog

    Rolled back HoneyPot Definition update feature
        received a number of strange false positives
        Will refine more and bring back at a later date

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Changelog

    Major performance increase when apply protections
        from the command line and from the GUI
    Corrected issues with Windows 8-10 Scaling
        DPI changes could still cause problems if defined manually and not with the scaling in Windows
        Windows XP-7 will still get warning
    Corrected minor interface issue
        Issue resulted in some changes in 8.0.3.8
            Unable to read tabs, but still clickable
            GUI subtabs looked step sided/pushed to the right some
        Applied to the Protection Settings sub tabs
        Applied to the Policy Editor sub tabs

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Changelog

    Fixed graphical issue with policy numbers applied being shown in the policy editor
    Added additional email settings CLI
        /emailusername=”user@addy.com”
        /emailsamesendtofromaddy
            or use the following together:
                /emailfromaddy=”user@addy.com”
                /emailsendtoaddy=”user@addy.com”
        /emailpassword=”password”
        /emailserver=”serverAddress”
        /emailport=”portNumber”
        /emailauthenable
            (Add =0 to disable)
        /emailstarttlsenable
            (Add =0 to disable)
        /emailsslenable
            (Add =0 to disable)
        /clientemailid=”Client ID to be added to Email Subject”
        /emaillocksettings
            (Add =0 to disable)
            Only applies to Bulk or White-Label Editions
    d7x Rule Variables now add environment variable as well as expanded paths
        https://www.foolishit.com/d7x/killemall/rule-variables/
    Revised how SRP protection locations are handled
        Corrects issue where counts may have been off
        Corrects issue where same policy may have been added more than once from CLI options
    Added Debugging ability to the QuickAccess Notification Tray
        Currently debugging information is fairly limited but this will improve over new revisions if additional debugging information is required
        /debug when run from a command prompt with or without admin rights depending on the testing needed
    Improved Multi-User support for QuickAccess Notification Tray
    Bulk & White-Label Edition Installers Updated
        Waits for installation to complete prior to showing finished  button on non-silent installations
        Silent installations wait on installers completion if being scripted now as well
        Fixed possible issues with systems not restarting after install when selected to do so from the Bulk-Creator
        Debug mode will be enabled by default on all Bulk Edition installs for the installation portion only
            This can be used to check for problems if something doesn’t work correctly in the Bulk Edition installation on a particular system
    Fixed possible issue with HoneyPot Detection triggering on changing of protections

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Changelog

Fixed graphical issue where verifying settings might not disappear on first run of application
Added additional HoneyPot Detection Rules
Added changes to HoneyPot Detection rules that may cause false positives
Added fix for possible issue with HoneyPot Detection not being able to verify current HoneyPot files
Possible fix for issues with CLI options possibly not starting services as expected
Fixed QuickAccess Notification Tray to update on the fly with protection changes
Added Restore Previous Protections option to Main GUI, QuickAccess Tray, and CLI option of /revertsettings
Possible fix for Monitor Service consuming large amounts of RAM
Minor performance improvements when handling SRP protections from GUI and CLI options

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

[SiLæncer]

Changelog

    Major improvements in Memory usage across all executables (CryptoPrevent.exe, CryptoPreventMonSvc.exe, CryptoPreventNotification.exe), memory usage will decrease over time for the real-time as well as less usage on initial launches.
    Corrected an issue where White-Label Creator was not updating the CryptoPrevent.exe launcher file in the includes folder which is used to create installers (you can delete this file and then re-open the WL Creator to force an update now)
    SRP Whitelist is now sorted on initial loading and when updated
    FolderWatch Custom Folders list is now sorted on initial loading and when updated
    Fixed issue where services may not start via CLI options
    Fixed issue where HoneyPot files might not be removed when FolderWatch has been disabled
    Fixed issue where HoneyPot files might not be removed when Custom Folder is removed
    Add/Removing Custom Folders to FolderWatch will no apply instantly
    Fixed issue where services may be removed but not re-installed when changing various definition files or email settings

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/