Introducing the Malwarebytes Anti-Ransomware Beta

[UsernameIssues]

Brds7t7,
I only checked one test image file. I was able to open it after the ransomware was quarantined. Sometimes, a "non ransom note" file would be created in the same folder as the test image. I could not open or copy that file. It was in use by another program. I don't know if this was the start of the encryption process or not.

I repeated the test 5 or 6 times (deleting the ransom notes between tests). Twice, MBARW did not ask for a reboot to clear the malware. Perhaps MBARW caught the ransomware early on during those two tests.

The number of ransom notes to cleanup varied from a low of about 800 to a high of about 1200. I guess that this means the malware did something worthy of being quarantined at different times.

 

[Painter]

Since the MWARW code is building on CryptoMonitor, I would expect a bit more product maturity. Even in the BETA release.


I don't suggest CryptoPrevent for the average user. You have to know when/how to turn it off. If the Filter Module is turned on and the Windows On-Screen keyboard is started - the computer goes into an UAC loop. The user will have to hold the power button in to shut down the computer.

What? Tell us more.

 

[UsernameIssues]

Painter,
It is unclear to me which topic you want more info on: My expectations for MBARW or CryptoPrevent's filter module and the On-Screen keyboard? See this post.

Or were you wanting more info on when/how to turn off certain CryptoPrevent features?

 

[Brds7t7]

I think once they've ironed out the early bugs and incorporated this into the main program, MBAM will offer some fantastic protection against these Cryptoviruses. Malwarebytes seems to have a much larger user base than Cryptoprevent. I'd happily use them both together. I already run the paid MBAM along with Cryptoprevent, MBAE and Avast free (with the extra bloat removed). Might be overkill but I like to have as many layers of protection as I can.

 

[UsernameIssues]

Layers are a good thing, but each security app brings with it the risk of infection. We hope that the servers providing the updates for these apps have not been compromised. The more apps we use, the more apps we update, the more risks we take...

There is some benefit to having security layers come from different companies. It would be hard for normal* bad guys to compromise multiple companies at once. Hopefully, these security companies can withstand pressure from governments to provide them a backdoor. The more security companies that we use, the more we risk installing a backdoor.

*state actors are not normal.

 

[Painter]

Painter,
It is unclear to me which topic you want more info on: My expectations for MBARW or CryptoPrevent's filter module and the On-Screen keyboard? See this post.

Or were you wanting more info on when/how to turn off certain CryptoPrevent features?

CryptoPrevent. There are really no settings for the average user to contemplate or change - the default settings are recommended. I have used some of the other settings myself, but there are warnings associated with them. The only issue I have had while going with more protection was when doing backups - had to turn the protection off, then turn it back on after the backups finished.

 

[Rain08]

Just downloaded it earlier and felt a bit disappointed. It detected Logitech's Gaming Software and Chrome as ransomware. I'll just probably hold off until it's out of Beta.

Edit: For some reason, it cannot remove Chrome in the Quarantine. It says "Can't restore an item marked for deletion on reboot".

Edit 2: Yep. It deleted Chrome.exe after I rebooted it. Though I just copied the executable to another folder before rebooting and placed it back to the original location.

 

[ThrashZone]

Weird.

 

[Brds7t7]

I definitely wouldn't install on my main system yet. I only ever install beta software in VM's.
The list of false positives it's picking up is ridiculously high, but they're working quickly on the FP reports.
At the moment it seems to be working a little too aggressively.
https://forums.malwarebytes.org/index.php?/forum/172-malwarebytes-anti-ransomware-beta/