This document will discuss the installation and operation of CryptoPrevent White-Label Creator, detailing all options, settings, and best practices associated with its use.
Installation of CryptoPrevent White-Label Creator is carried out with very few steps:
Extract the ZIP archive downloaded from our site to a location of your choosing and make note of the location. This file contains the installer/setup routine for CryptoPrevent.
Launch the installer executable file from the above location.
Click next.
It is not possible to proceed without accepting the license agreement and clicking next.
Choose whether or not to create a desktop shortcut and click next.
Click install to initiate the installation.
Click finish to close the installation and launch the tool. Uncheck the box shown if you do not want to proceed at this time.
CryptoPrevent Creator-Configurator Tool Main Interface
- Please enter in your company name for purchase identification purposes and the product key that was delivered as part of your White-Label purchase.
- The vast majority of white label edition licenses that exist are not subscription based.
- Please only use the Whitelabel Subscription checkbox if were provided with a username or password as part of a prior purchase.
- In the case of subscriptions, it is necessary to check the box for that and enter your provided username and password.
- The Test Login button must then be pressed to validate your information.
- Copy and paste your product key exactly as you received it.
- The key should automatically validate after a delay that may last for a minute or more.
- If the information was entered correctly and was validated successfully, the bottom portion of the tool will be exposed.
- You always want to make sure the Creator tool is up to date
- The Latest version of CP will be shown in the top right
- click the “Get Latest Update” button to upgrade the Creator
- This will ensure any installers you create are up to date when you build the installer
- The Latest version of CP will be shown in the top right
- Inno Setup is required to build your custom installer and it is necessary to either use the provided button or install it manually to complete a build.
Load/Save Config tab
- The top portion of the tool’s interface shows the total number of remaining licenses associated with the product key previously entered.
- In the above example, 99 installations/licenses are available to assign to a particular configuration.
- Once installations/licenses are assigned to a particular configuration, they are reduced from your overall remaining installations.
- Installations/licenses may be retrieved from a configuration as long as they have not been deployed.
- Placing a smaller number of installs than originally specified or a zero in the Define Number of Installs for Configuration field will increase your overall remaining installations.
- The loss of a configuration with installations/licenses attached will result in the loss of those installations/licenses.
- For this reason, we provide backup and restore buttons to safeguard your configurations. Please do not hesitate to frequently utilize those buttons.
- The standard steps you would want to follow to create a configuration are the following:
- Assuming you have more than 0 “Overall Remaining Installations:” available.
- Enter a name for the configuration
- this name is for your reference only
- the client in most all circumstances will not see this configuration name
- however it is stored in an ini file on their system so keep that in mind when naming configurations
- Enter a positive number in the “Define Number of Installs for Configuration” box
- this is the number of installs the created installer will be able to be used on
- this number can be increased/decreased in the future as long as
- additional “Overall Remaining Installations” are available to increase the configuration’s remaining installs
- there are “Installs Remaining on Configuration” to decrease, which will be added back to the “Overall Remaining Installs”
- once the number of remaining installs on the configuration are at 0
- the created installer will not longer install the premium version with your defined settings on new systems
- This installer can still be used to reinstall on systems currently consuming a license under this White-Label key
- a 0 (“zero”) can be entered here to disable the created installer from installing additional installs
- This installer can still be used to reinstall on systems currently consuming a license under this White-Label key
- if you enter the same number as the “Installs Remaining on Configuration”, no licenses changes will be made
- this is useful if you want to change the configuration and resubmit for a new installer that has different settings
- Save/Update Current Configuration
- Backup Configurations to Zip
- save this backup in a secure location
- it is password protected, you will be prompted to enter a password at time of backup creation
- Foolish IT has no access to this password
- if it is lost/forgotten, it is unlikely that it will be recoverable
- you should only need to restore this backup if:
- you uninstall the CryptoPrevent Creator-Configuration tool from the system
- the system with your configurations suffers a failure and needs to be reloaded
- Adjusting the “Installs Remaining on Configuration” can be done by ensuring the appropriate configuration is loaded and then following steps 3-5 above
- You can load a saved configuration using the “Load a Previously Saved Configuration” button
- this will allow you to adjust the remaining installs
- this will automatically apply to the currently created installer
- or change the settings on the configuration
- this would require submitting the configuration again and having a new installer created
- note this may incur a charge for additional installer creation
- additional information on the Submit tab documentation
- this will allow you to adjust the remaining installs
Protections tab
- The Minimum plan includes:
- Software restriction policy path rules for the appdata folder, all folders beneath appdata, the “local” (as opposed to “roaming”) appdata folder, and the Recycle Bin.
- It also includes protections related to program naming, including blocking of double file extensions and exploits related to the direction of text interpretation.
- Please follow the provided link for more information regarding the right-to-left override character:
- View the client documentation for more information on the specific locations these locations include
- The Default plan includes:
- Software restriction policy path rules for the programdata folder, the user profiles folders, and the start menu startup folders.
- Three additional Windows utilities are also potentially blocked under this plan, vssadmin.exe, syskey.exe, and cipher.exe.
- Please note that these are legitimate tools that have been known to be co-opted by malicious software.
- If you have no use of these tools and you do not use applications that rely upon them, you may safely enable those protections.
- The miscellaneous protections included in the Default plan will block some additional vectors for existing malware as well as the option to disable the use of legacy “Sidebar and Gadget” applications.
- The Sidebar and Gadget” option is recommended by Microsoft due to known security implications of their usage:
- View the client documentation for more information on the specific locations these locations include
- The Maximum plan includes:
- Software restriction policy path rules for the subfolders beneath localappdata and folders where files are temporarily extracted from archives, such as ZIP files
- The Block Windows Programs section will optionally prevent the use of the following Windows utilities: bcdedit.exe, wscript.exe, and cscript.exe.
- Disable Windows Script Host option
- You may not want to enable this option because long login delays were reported when enabling this option in environments that utilize login scripts.
- It should be safe to enable this option in a non-domain environment and when you do not rely upon the use of Windows scripts.
- For more information, please review these sites:
- View the client documentation for more information on the specific locations these locations include
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Filter Module tab:
- Filter Module
- can either selectively block certain executable file types or indiscriminately block them.
- The top three check boxes for the the .cpl, .scr, and .pif file types will check each files against our malware definitions and block them if a match is found.
- The lower three check boxes may be selected to always prevent the execution of the respective file types.
- Program filtering for .exe and .com executables is always based upon definitions because preventing them always would prevent most, if not all, software from operating.
- The notification prompt settings on the right side only pertain to the .cpl, .scr, and .pif file types.
- We recommend the default value of Message Box Alert for the notification prompt.
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
FolderWatch tab:
- FolderWatch provides additional monitoring of a selection of common folders and, optionally, custom folders.
- Files flagged as potentially malicious will be quarantined in the folder specified here.
- It is important to note that subfolders are monitored in the case of the predefined user folders but not in the case of custom folders.
- It would be necessary to individually add subfolders to the custom list in order for them to be monitored.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- The HoneyPot feature related to FolderWatch places numerous files around your PC to act as bait.
- When activity is detected against these files, the HoneyPot feature will do everything in its power to prevent any further system activity, including slowing the system and only allowing it to be rebooted or shutdown.
- When this feature is activated, the idea is that the system has been grievously compromised and your data is at risk from malicious activity.
- As such, it is a “last ditch” effort to preserve your data with the hopes that only our bait files will be compromised and not any legitimate data.
- Please use this feature with caution as there is the possibility of false positives due to the fact that any manipulation of the HoneyPot files will trigger our HoneyPot protections.
- If this feature is enabled it is highly recommended you enable the QuickAccess Tray Icon under the Installer tab as well
- otherwise the end user will not be notified and the system will shutdown without warning when HoneyPot feature is activated
- an event will still be written to the event log and and email alert (if enabled) will be sent out regardless of the QuickAccess Tray Icon being enabled
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Policies tab:
- Software Restriction Policy (SRP) Whitelist:
- The whitelist is a list of programs explicitly allowed via software restriction path rules.
- We provide a Whitelist EXEs already located in blocked locations upon install checkbox to simplify adding all existing items in blocked locations to the whitelist during client installation.
- You may predefine whitelist policies using the Define button.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- Whitelist policies should be as specific as possible to avoid being overridden by a more specific blacklist entry.
- This concern comes into play when using wildcards, so the use of wildcards should be avoided in whitelist rules if possible.
- SRP Blacklist:
- The blacklist is a list of programs explicitly blocked via software restriction path rules.
- It is possible to use wildcards in blacklist policies.
- Feel free to add additional rules using the Define button to enhance protections for your specific environment.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- User Hash Definitions:
- Similar to the whitelist and blacklist software restriction policies, our hash definitions also utilize lists to either allow or block a specific hash definitions, respectively.
- Use the various Define buttons to allow or disallow a hash, for the whitelist or blacklist, respectively to either remove a false positive or enhance protections over the base definitions.
- note it should be defined one line per folder
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Updates tab:
- The updates tab allows you to enable a daily update schedule that runs at the hour of your choosing or at a randomly picked time.
- You may disable the reboot prompt for installation under Windows XP using the provided check box.
- Additional hash definitions will be downloaded from our servers if the Enable Extended Definitions Files *beta* option is checked.
- As of this writing, over 50000 base definitions are applied and that number increases to over 70000 with that option enabled.
- Check for Updates after Install allows you to ensure when an installer is used the latest CryptoPrevent is installed
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
Email Settings tab:
- This tab is used to enable email notifications of alerts.
- Alerts will be emailed using the provided credentials and options.
- Settings must be specified for every option except for email subject line text.
- Please note that Google will block external SMTP access unless you enable the “use less secure apps” option in your Gmail account settings.
- This restriction applies to any software that uses Google’s SMTP access and is not specific to CryptoPrevent.
- For example, Microsoft Outlook is affected by this as well.
- Please ensure your settings are correct by using the Send Test Email button.
- Additional information: https://www.d7xtech.com/cryptoprevent-malware-prevention/email-setup-faq/
Client Proxy Tab
- These settings only apply to the client system the installer created is used on (does not apply to the Creator-Configuration Tool itself)
- Enable Proxy Settings
Enables proxy settings defined for update/download operations- Proxy Server Address (domain or IP only)
- Port
- Username
- Password
- Socks 5 Proxy enable/disable
- Use the same proxy settings for email
Enable or disable using the same proxy settings defined for updates for sending emails as well - Enable Proxy Settings
Enables proxy settings defined for email operations- Proxy Server Address (domain or IP only)
- Port
- Username
- Password
- Socks 5 Proxy enable/disable
Maintenance Tab:
- These are the options that can be predefined when the ‘Run Maintenance’ button is used in the client interface
- These options can also be configured to run on an automated monthly schedule so no client interaction is needed
- View the client documentation for more information on these options
Branding/Installer tab:
- This tab contains various options relating to how the installer we provide functions.
- You can force the protections to apply automatically and silently after install
- this will save a last step in the installation process where it would still be necessary to have the protections applied after installed
- There also option to force a reboot when protections have been silently applied
- however, it is necessary to specify the /verysilent command line parameter to have a completely silent installation without the need of any user interaction.
- Note: applying protections after install can take a long time depending on the system
- you can check the task manager to verify when CryptoPrevent.exe
- optionally you can check “Restart After Install” to ensure protections are set
- by waiting for the system to reboot on its own after applying protections
- Additional checkboxes are provided for options relating to automatically launching the tray app for notifications, creating additional shortcut icons, and automatic restart preferences.
- Optional Installer Texts, offers further customization of the actual installer itself for branding purposes
- EULA-offer supplemental terms and conditions for installation
- note the default CryptoPrevent EULA will always be included with the installer creation
- Info (Pre)
- offers ability to add information the end user reads prior to installation
- Info (Post)
- offers ability to add information the end user reads after the installation has completed
- You will want to have a txt document ready with the text you would like to add to any of these options
- EULA-offer supplemental terms and conditions for installation
- Branding Options
- provides the ability to add your own logo and icon to CryptoPrevent
- the logo is used when protections are being applied
- you can see an example of it’s usage with the “Test BMP Logo” after you have added a logo file
- it is suggested you use a 24-bit BMP with dimensions of 280×190
- the icon is used for shortcut icons, the upper left of the application and taskbar
- the logo is used when protections are being applied
- provides the ability to add your own logo and icon to CryptoPrevent
- Start Menu options
- Apply & Undo protection options are always added to the start menu unless you uncheck the “Start Menu Launch CP” option
- An additional option to open the main CryptoPrevent client interface to the start menu
- An additional web address can be added to the start menu location as well
Tray tab:
- This tab is used to configure all aspects of the tray icon.
- Each option available on the right-click menu is optional as are three custom options.
- ** indicate options that would require administrative rights for the end user to actually be able to use them
- it will prompt for elevation when needed
- Custom options include the ability to:
- Launch a program (ex a remote support tool)
- Take a screenshot (ex useful when a user needs to show examples of an error)
- Link to a web site (ex support ticket creation or link to your site)
Create Installer tab:
- This tab is used to create your installer to deploy this configuration
- It is highly recommended you make installers only on a system you control
- as well as limiting installer creation to a single system
- If the “Save/Create Custom Installer button is Greyed out/unavailable
- Ensure in the top right “Inno Setup is:” shows as installed
- It is required for Inno Setup to be installed in it’s default location under the Program Files directory
- When the Save/Create Custom Installer button is used this will also save you configuration
- Be sure to make a backup of your configurations regularly
- See the Load/Save tab documentation for more information about this process
- Additional Notes on the Installer that is created:
- Your custom installer contains your licensing codes.
- Installations and licenses consumed by your custom installer are considered authorized by you.
- You will be responsible for all usage of your custom installer.
- If we believe your custom installer to be in violation of our licensing terms, we reserve the right to terminate the licenses and ban the associated codes.
- For additional assistance, please send all communications to sales [at] foolishit.com or support [at] foolishit.com for the fastest response.
Differences in the Client Side for White-Label
- The CryptoPrevent banner at the top of the window is removed in White-Labeled edition
- Also the Title bar will display “Supported by [Your Registered Company Name]”
- The ‘Submit File Hash’ option is changed to ‘Examine File Hash’ and does not allow submission of samples to Foolish IT
- The ‘Subscription Status’ page removes the option to submit debug report information to Foolish IT
- When applying settings if the Import BMP Logo is used on the Installer/Branding tab when the installer is created is show like the above
- The applying settings show above has no logo imported to be used
- The 3 additional custom options in the QuickAccess Tray Icon (when run with Administrative rights)
- The 3 additional custom options in the QuickAccess Tray Icon (when run without Administrative rights)
- Without administrative rights only the ‘Kill Running Non-Essential Programs as User’ will operate without prompting for UAC elevation