Yesterday we released a new build of HitmanPro.Alert (free tool) which includes a universal solution against crypto ransomware like CryptoLocker, Dorifel (aka XDocCrypt) and others.
This new feature, called CryptoGuard, monitors the file system for suspicious file operations (CryptoGuard is a driver, installed by HitmanPro.Alert). When suspicious behavior is detected, the malicious code is blocked (write, delete, rename is revoked) and an Alert is presented to the user. So even while ransomware is active, it can't harm your files.
CryptoGuard works silently in the background at the file system level, keeping track of processes modifying your personal files. CryptoGuard works autonomously, so no user interaction is required.
Compared to CryptoPrevent
We've received several questions regarding how CryptoGuard compares to CryptoPrevent. In short, they are totally different. In fact, they can be used to complement each other.
CryptoPrevent is a tool that writes 200+ group policy object rules into the registry in order to prevent executables in specific locations from running. Typical locations set by CryptoPrevent are %appdata% and %localappdata%.
But malware is not restricted to the above locations. Malware runs as an exploit in your web browser, it can inject itself into running processes (e.g. explorer.exe, svchost.exe, etc.). Malware can copy itself to the desktop or startup folder on your start menu. And so on ...
This is where CryptoGuard differs from CryptoPrevent.
CryptoGuard doesn't look at where the ransomware is running, it looks at what it is doing to the file system.
We've put up a page with more information on our new CryptoGuard feature in HitmanPro.Alert.
Note that HitmanPro.Alert is a separate tool. It is different from the HitmanPro anti-malware application.
Lastly, a video says more than a thousand words:
via Bleeping Computer Last 20 Posts http://www.bleepingcomputer.com/forums/t/513182/cryptoguard-prevents-your-files-from-being-taken-hostage/
Aucun commentaire:
Enregistrer un commentaire