Just released CryptoPrevent v4.0 Changes in this version include: Event Log option to quickly show any 'event' where an application was blocked and when. Email Alerts option to email you when an application is blocked (Premium edition only.) Note the White-Label edition is still at version 3.1, but v4 is coming soon...
First on the list is protection from executables running from inside the Recycle Bin - you know that pesky type of malware that likes to hide in nested subfolders in there... Protected. Next on the list is the new optional CryptoPrevent Automatic Updates service for home users! 'nuff said.
Changes in v2.6: Implemented protection (and whitelisting) for *.com *.scr and *.pif files in addition to *.exe for %appdata% directories in order to block a lot more malware than just Cryptolocker. Why not!? Added new file extensions to the fake file extension protection. Implemented a 12 second timer to stop waiting on group policy to refresh when applying actions, as it was noted on some systems that gpupdate seems to freeze up. Hopefully this will...
CryptoPrevent v2.5 has just been released with a few changes, including a new layer of protection against malicious software. How often have you seen executable trojan droppers for malware disguised as a document? If you have any experience in the field, the answer should be FREQUENTLY. This particular tactic of malware relies on the fact that file extensions are hidden in Windows by default, so most users will see the normal icon and a filename...
Recent changes: v2.4 - implemented the option to check for updates direct from this website within the application itself. v2.3 - relaxed protection methods on Vista+ OSes as rules of prior versions were blocking some executables running from %temp% directories which could cause certain application installations to fail unless you temporarily removed protection during the installation. This should no longer be necessary. Tested relaxed protection against Cryptolocker to ensure it still cannot infect the OS,...
After being tested on some systems, the protection wasn't working for temporarily extracted executables from archive files. What I discovered was in software protection policies, the %temp% environment variable simply wasn't expanding as expected. It is a complete MYSTERY to me why it works with %appdata% and not %temp%. Thanks for the unpredictable behavior, Microsoft! Note that CryptoPrevent's internal test function only tests for the protection in %appdata% so it would succeed once properly applied,...
v2.0 v2.0.1 of my Cryptolocker prevention utility has been released with new whitelisting capabilities and command line parameters for scripting! UDPATE: v2.0 had a bug in the whitelisting component which didn't work on some systems, it is fixed in v2.0.1 and is tested on all platforms. https://www.d7xtech.com/cryptoprevent-malware-prevention/ New functionality: Automatically whitelist all EXEs currently located in %appdata% / %localappdata% and their first level subdirectories. Whitelist editor where you can view existing whitelisted items, and whitelist individual EXEs...
With all this mess about Cryptolocker going around, a lot of folks are looking to immunize themselves from this nasty bit of malware which will encrypt user files and hold them for ransom. Removal of the malware is easy with d7, but there is no known method to decrypt the files except by paying the ransom, so prevention is crucial. There is a Cryptolocker Prevention Kit here: http://msmvps.com/blogs/bradley/archive/2013/10/15/cryptolocker-prevention-kit.aspx however the kit is for domains and professional...