CryptoPrevent v7.3.x brings some new features, more clarity on protection levels, and improved protection!
First, CryptoPrevent now supports SSL/TLS encryption and StartTLS for your SMTP server settings! This enables support for a wider variety of SMTP servers, allowing users requiring this level of encryption to configure their email alert functionality. Previously only SSL was supported.
Second, CryptoPrevent’s experimental “Program Filtering” has reached BETA status. Program Filtering compares executable files to a hash based definitions system consisting of a database of current ransomware threats. It has been tested well on every supported Windows OS, and unsupported OSes were excluded. Supported Windows versions are XP, Win 7 with SP1, Win 8.x, and Win 10. Sorry, Windows Vista is not supported for Program Filtering.
Does CryptoPrevent protect against ______ threat??
Good question, and I can’t answer it straight. Here is the deal, as mostly described in the interface of CryptoPrevent pictured above.
- Basic protection still protects against the original CryptoLocker. This level applies only the original 6 CryptoLocker prevention software restriction policies.
- Default protections are far more comprehensive bringing the total of software restriction policies to almost 200! Unfortunately it isn’t really cutting it with newer ransomware threats, but still protects very well against some older threats and variants, and even a wider variety of other malware, which are still floating around out there on the internet and still very much a threat. Default protections are designed to “set it and forget it” meaning you shouldn’t have to worry about altering your configuration or temporarily disabling it under normal circumstances.
- Maximum protection is the next best bet, protecting against a wide variety of malware and older ransomware threats, but not protecting against all of the cutting edge newer stuff out there. This level of protection should be temporarily disabled when making system changes such as installing or uninstalling certain software. Rule of thumb: if it doesn’t work, then try temporarily disabling this protection and make another attempt…
- Maximum Protection + Program Filtering (BETA) uses the Maximum protection level, but adds Program Filtering, a hash based definitions system which scans executable programs and compares them to the definitions in order to filter out current (and known) malware threats. Currently the definitions contain signatures for thousands of known ransomware threats and will stop quite a lot of newer threats, not just CryptoLocker and clones.
Q: So does CryptoPrevent protect against CryptoDefense, CryptoWall, Crypto-this-and-that?
A: It does try to! The Maximum Protection + Program Filtering (BETA) is obviously your best bet. It isn’t a guarantee, nothing is!!! Regardless, the definitions are updated weekly or sooner to stay on top of the latest known threats, and it is the perfect complement to your existing anti-virus / anti-malware / security solutions.
While I cannot quite recommend Maximum Protection + Program Filtering (BETA) to production systems and business environments, as it is still considered “BETA” just due to a lack of large scale testing, I do recommend it for those who understand they may need to disable it temporarily from time to time, and want the true MAX protection against the very latest threats.
So if you are trying to get the most out of CryptoPrevent, try the new Program Filtering (BETA) but remember, it is still considered BETA functionality, and you should remember to disable it if issues should arise (mostly with software installation.) You can report any issues you may have with this level of protection at the support forums.
Leave a Reply