CryptoPrevent Client Apply Protections Tab

Apply Protection tab:

• Protection plans are an easy way to apply sets of CryptoPrevent protections.
  • Minimal plan
    • includes all protections available in the original release of CryptoPrevent for blocking CryptoLocker and similar ransomware.
    • These are a bare minimum level of protections and may not protect against more modern threats.
  • Default plan
    • includes additional protections to prevent a wider range of threats.
    • More restrictive plans could impact software installations and this is the highest plan that should not interfere with that.
    • For this reason, we refer to it as the “set it and forget it” plan.
  • Maximum plan
    • includes additional protections that will block even more threats.
    • Please use this plan with caution as it has the potential to interfere with:
    • software installations
    • certain backup application that rely upon the bcdedit.exe utility
  • Extreme plan
    • enables every available protection feature, including those considered “beta”.
    • This plan has the potential to block legitimate software from running.
    • Please test in your environment with these settings to determine if they will negatively impact the use of your PC.
  • Custom settings
    • when settings do not specifically follow a predefined protection plan.
    • A general guideline would be to start with the Default plan and check any additional protections that you are able to tolerate in your environment.
    • Testing should be performed whenever changing protection settings.
    • Testing involves applying the settings you wish to test, rebooting when prompted, and then trying out all your existing software for expected operation.
• Enable Active Protections
  • includes master check boxes for active protections beyond software restriction policies.
  • Use Protection Plan Settings
    • checked means the two sub-items will follow selected plan recommendations
    • this box will automatically uncheck and the plan setting will be changed to custom if either of the two sub-items are changed
  • FolderWatch (real-time)
    • FolderWatch  is a new protection feature in CryptoPrevent v8
      • allows for specified folders to be monitored for items that match the loaded hash definitions list (including custom added ones available in the premium version)
      • allows for HoneyPot Detection (Premium Version feature) to protect the selected locations as well
      • see more details about these items under the Protection Settings tab individual descriptions in this documentation
    • checked means the protections and folders under Protection Settings tab->FolderWatch tab and  Protection Settings tab->FolderWatch HoneyPot tab will be protected and enabled by the FolderWatch service
    • unchecked means this protection will be disabled and the selected locations/enabling HoneyPot Detection will be irrelevant
• Kill Apps Now button
  • CryptoPrevent includes certain features from Foolish IT’s next generation PC technician productivity tool, called d7x, which is currently in development.
  • will close all running non-essential applications.
  • Please be aware that using this option will not prompt you to save any work and will forcibly close running windows.
• CryptoPrevent QuickAccess (Premium only feature)
  • a notification icon that will appear in the system tray when enabled
  • exposes CryptoPrevent functionality to the user without the need to open the entire user interface.
  • will also pop up with notifications regarding CryptoPrevent activity.
  • Note: this tray should be enabled when using FolderWatch HoneyPot Detection to alert the end-user when detection has occurred (otherwise the system will shutdown without warning)
• Apply Protection Plan button
  • Available on all tabs
  • this button applies the currently selected plan and protections enabled under the Protection Settings tab
  • Be sure to use this button when changing plans or after all individual settings have been customized as you want to have applied
• Test Protection button
  • currently tests only the protection location of %appdata% (which is enabled on all plans except None)
  • indicates mainly if the Software Restrictions Policies have been enabled and have taken effect
  • this will not test other locations, the filter module protections or FolderWatch protections