This document will discuss the installation and operation of CryptoPrevent, detailing all options, settings, and best practices associated with its use.
Installation of CryptoPrevent Bulk Creator is carried out with very few steps:
Extract the ZIP archive downloaded from our site to a location of your choosing and make note of the location. This file contains the installer/setup routine for CryptoPrevent.
Launch the installer executable file from the above location.
Click next.
It is not possible to proceed without accepting the license agreement and clicking next.
Choose whether or not to create a desktop shortcut and click next.
Click install to initiate the installation.
Click finish to close the installation and launch the tool. Uncheck the box shown if you do not want to proceed at this time.
CryptoPrevent Creator-Configurator Tool Main Interface
- Please enter in your company name for purchase identification purposes and the product key that was delivered as part of your bulk purchase.
- Copy and paste your product key exactly as you received it.
- The key should automatically validate after a delay that may last for a minute or more.
- If the information was entered correctly and was validated successfully, the bottom portion of the tool will be exposed.
Load/Save Config tab
- The top portion of the tool’s interface shows the total number of remaining licenses associated with the product key previously entered.
- In the above example, 99 installations/licenses are available to assign to a particular configuration.
- Once installations/licenses are assigned to a particular configuration, they are reduced from your overall remaining installations.
- Installations/licenses may be retrieved from a configuration as long as they have not been deployed.
- Placing a smaller number of installs than originally specified or a zero in the Define Number of Installs for Configuration field will increase your overall remaining installations.
- The loss of a configuration with installations/licenses attached will result in the loss of those installations/licenses.
- For this reason, we provide backup and restore buttons to safeguard your configurations. Please do not hesitate to frequently utilize those buttons.
- The standard steps you would want to follow to create a configuration are the following:
- Assuming you have more than 0 “Overall Remaining Installations:” available.
- Enter a name for the configuration
- this name is for your reference only
- the client in most all circumstances will not see this configuration name
- however it is stored in an ini file on their system so keep that in mind when naming configurations
- Enter a positive number in the “Define Number of Installs for Configuration” box
- this is the number of installs the created installer will be able to be used on
- this number can be increased/decreased in the future as long as
- additional “Overall Remaining Installations” are available to increase the configuration’s remaining installs
- there are “Installs Remaining on Configuration” to decrease, which will be added back to the “Overall Remaining Installs”
- once the number of remaining installs on the configuration are at 0
- the created installer will not longer install the premium version with your defined settings on new systems
- This installer can still be used to reinstall on systems currently consuming a license under this bulk key
- a 0 (“zero”) can be entered here to disable the created installer from installing additional installs
- This installer can still be used to reinstall on systems currently consuming a license under this bulk key
- if you enter the same number as the “Installs Remaining on Configuration”, no licenses changes will be made
- this is useful if you want to change the configuration and resubmit for a new installer that has different settings
- Save/Update Current Configuration
- Backup Configurations to Zip
- save this backup in a secure location
- it is password protected, you will be prompted to enter a password at time of backup creation
- Foolish IT has no access to this password
- if it is lost/forgotten, it is unlikely that it will be recoverable
- you should only need to restore this backup if:
- you uninstall the CryptoPrevent Creator-Configuration tool from the system
- the system with your configurations suffers a failure and needs to be reloaded
- Adjusting the “Installs Remaining on Configuration” can be done by ensuring the appropriate configuration is loaded and then following steps 3-5 above
- You can load a saved configuration using the “Load a Previously Saved Configuration” button
- this will allow you to adjust the remaining installs
- this will automatically apply to the currently created installer
- or change the settings on the configuration
- this would require submitting the configuration again and having a new installer created
- note this may incur a charge for additional installer creation
- additional information on the Submit tab documentation
- this will allow you to adjust the remaining installs
Protections tab
- The Minimum plan includes:
- Software restriction policy path rules for the appdata folder, all folders beneath appdata, the “local” (as opposed to “roaming”) appdata folder, and the Recycle Bin.
- It also includes protections related to program naming, including blocking of double file extensions and exploits related to the direction of text interpretation.
- Please follow the provided link for more information regarding the right-to-left override character:
- View the client documentation for more information on the specific locations these locations include
- The Default plan includes:
- Software restriction policy path rules for the programdata folder, the user profiles folders, and the start menu startup folders.
- Three additional Windows utilities are also potentially blocked under this plan, vssadmin.exe, syskey.exe, and cipher.exe.
- Please note that these are legitimate tools that have been known to be co-opted by malicious software.
- If you have no use of these tools and you do not use applications that rely upon them, you may safely enable those protections.
- The miscellaneous protections included in the Default plan will block some additional vectors for existing malware as well as the option to disable the use of legacy “Sidebar and Gadget” applications.
- The Sidebar and Gadget” option is recommended by Microsoft due to known security implications of their usage:
- View the client documentation for more information on the specific locations these locations include
- The Maximum plan includes:
- Software restriction policy path rules for the subfolders beneath localappdata and folders where files are temporarily extracted from archives, such as ZIP files
- The Block Windows Programs section will optionally prevent the use of the following Windows utilities: bcdedit.exe, wscript.exe, and cscript.exe.
- Disable Windows Script Host option
- You may not want to enable this option because long login delays were reported when enabling this option in environments that utilize login scripts.
- It should be safe to enable this option in a non-domain environment and when you do not rely upon the use of Windows scripts.
- For more information, please review these sites:
- View the client documentation for more information on the specific locations these locations include
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Filter Module tab:
- Filter Module
- can either selectively block certain executable file types or indiscriminately block them.
- The top three check boxes for the the .cpl, .scr, and .pif file types will check each files against our malware definitions and block them if a match is found.
- The lower three check boxes may be selected to always prevent the execution of the respective file types.
- Program filtering for .exe and .com executables is always based upon definitions because preventing them always would prevent most, if not all, software from operating.
- The notification prompt settings on the right side only pertain to the .cpl, .scr, and .pif file types.
- We recommend the default value of Message Box Alert for the notification prompt.
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
FolderWatch tab:
- FolderWatch provides additional monitoring of a selection of common folders and, optionally, custom folders.
- Files flagged as potentially malicious will be quarantined in the folder specified here.
- It is important to note that subfolders are monitored in the case of the predefined user folders but not in the case of custom folders.
- It would be necessary to individually add subfolders to the custom list in order for them to be monitored.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- The HoneyPot feature related to FolderWatch places numerous files around your PC to act as bait.
- When activity is detected against these files, the HoneyPot feature will do everything in its power to prevent any further system activity, including slowing the system and only allowing it to be rebooted or shutdown.
- When this feature is activated, the idea is that the system has been grievously compromised and your data is at risk from malicious activity.
- As such, it is a “last ditch” effort to preserve your data with the hopes that only our bait files will be compromised and not any legitimate data.
- Please use this feature with caution as there is the possibility of false positives due to the fact that any manipulation of the HoneyPot files will trigger our HoneyPot protections.
- If this feature is enabled it is highly recommended you enable the QuickAccess Tray Icon under the Installer tab as well
- otherwise the end user will not be notified and the system will shutdown without warning when HoneyPot feature is activated
- an event will still be written to the event log and and email alert (if enabled) will be sent out regardless of the QuickAccess Tray Icon being enabled
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Policies tab:
- Software Restriction Policy (SRP) Whitelist:
- The whitelist is a list of programs explicitly allowed via software restriction path rules.
- We provide a Whitelist EXEs already located in blocked locations upon install checkbox to simplify adding all existing items in blocked locations to the whitelist during client installation.
- You may predefine whitelist policies using the Define button.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- Whitelist policies should be as specific as possible to avoid being overridden by a more specific blacklist entry.
- This concern comes into play when using wildcards, so the use of wildcards should be avoided in whitelist rules if possible.
- SRP Blacklist:
- The blacklist is a list of programs explicitly blocked via software restriction path rules.
- It is possible to use wildcards in blacklist policies.
- Feel free to add additional rules using the Define button to enhance protections for your specific environment.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- User Hash Definitions:
- Similar to the whitelist and blacklist software restriction policies, our hash definitions also utilize lists to either allow or block a specific hash definitions, respectively.
- Use the various Define buttons to allow or disallow a hash, for the whitelist or blacklist, respectively to either remove a false positive or enhance protections over the base definitions.
- note it should be defined one line per folder
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Updates tab:
- The updates tab allows you to enable a daily update schedule that runs at the hour of your choosing or at a randomly picked time.
- You may disable the reboot prompt for installation under Windows XP using the provided check box.
- Additional hash definitions will be downloaded from our servers if the Enable Extended Definitions Files *beta* option is checked.
- As of this writing, over 50000 base definitions are applied and that number increases to over 70000 with that option enabled.
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Email Settings tab:
- This tab is used to enable email notifications of alerts.
- Alerts will be emailed using the provided credentials and options.
- Settings must be specified for every option except for email subject line text.
- Please note that Google will block external SMTP access unless you enable the “use less secure apps” option in your Gmail account settings.
- This restriction applies to any software that uses Google’s SMTP access and is not specific to CryptoPrevent.
- For example, Microsoft Outlook is affected by this as well.
- Please ensure your settings are correct by using the Send Test Email button.
- Additional information: https://www.d7xtech.com/cryptoprevent-malware-prevention/email-setup-faq/
Client Proxy Tab
- These settings only apply to the client system the installer created is used on (does not apply to the Creator-Configuration Tool itself)
- Enable Proxy Settings
Enables proxy settings defined for update/download operations- Proxy Server Address (domain or IP only)
- Port
- Username
- Password
- Socks 5 Proxy enable/disable
- Use the same proxy settings for email
Enable or disable using the same proxy settings defined for updates for sending emails as well - Enable Proxy Settings
Enables proxy settings defined for email operations- Proxy Server Address (domain or IP only)
- Port
- Username
- Password
- Socks 5 Proxy enable/disable
Maintenance Tab:
- These are the options that can be predefined when the ‘Run Maintenance’ button is used in the client interface
- These options can also be configured to run on an automated monthly schedule so no client interaction is needed
- View the client documentation for more information on these options
Installer tab:
- This tab contains various options relating to how the installer we provide functions.
- Please note that it is not possible to uncheck the option to apply protection silently after Installation with the bulk edition of CryptoPrevent.
- All installations with the CryptoPrevent Bulk client software silently apply protections
- however, it is necessary to specify the /verysilent command line parameter to have a completely silent installation without the need of any user interaction.
- Additional checkboxes are provided for options relating to automatically launching the tray app for notifications, creating additional shortcut icons, and automatic restart preferences.
- Note: applying protections after install can take a long time depending on the system
- you can check the task manager to verify when CryptoPrevent.exe
- optionally you can check “Restart After Install” to ensure protections are set
- by waiting for the system to reboot on its own after applying protections
Submit Configuration tab:
- This tab is used to submit your configuration to us.
- We will build you an installer upon reception of your settings.
- One of our staff will review each submission before completing your build.
- Any information you may wish to communicate to us may be placed in the Notes for Installer field.
- example: “This installer is just for testing”
- The name, email, and password fields for the zip archive containing your .exe and .msi custom installer are all required fields.
- The submission process requires access to port 465 for an SSL email connection, please ensure this port is open for CryptoPrevent if there is an error submitting your configuration.
- Only one installer is included with your purchase
- however, we do allow testing of your settings and will rebuild an installer for you if you encounter problems during this testing period
- Note: test installers usually only include 1-2 licenses and we can add these back once you have completed your testing
- however, we do allow testing of your settings and will rebuild an installer for you if you encounter problems during this testing period
- Additional installers beyond the first one may be purchased for $25
- by making a payment at the below link
- using “Custom Installer” as the payment description
- https://www.d7xtech.com/store/custom-payments/
- Please allow up to 24 hours for your installer to be built and delivered.
- Normally this occurs much more quickly during our normal business hours, 0900-1800 EST Mon-Fri.
- Our offices may be closed and our staff unavailable on weekends and many federal holidays observed by the United States.
- Additional Notes on the Installer that is created:
- Your custom installer contains your licensing codes.
- You are not authorized to make your custom installer available to any third party or provide a public link to your custom installer.
- Installations and licenses consumed by your custom installer are considered authorized by you.
- You will be responsible for all usage of your custom installer.
- If we believe your custom installer to be in violation of our licensing terms, we reserve the right to terminate the licenses and ban the associated codes.
- For additional assistance, please send all communications to sales [at] foolishit.com or support [at] foolishit.com for the fastest response.