DVB-Cube BETA <<< Das deutsche PC und DVB-Forum >>>

PC-Ecke => # Security Center => Software (PC-Sicherheit) => Thema gestartet von: SiLæncer am 25 Mai, 2014, 07:00

Titel: CryptoPrevent
Beitrag von: SiLæncer am 25 Mai, 2014, 07:00

CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or ‘ransomware’, which encrypts personal files and then offers decryption for a paid ransom.

(https://www.foolishit.com/wp-content/uploads/2013/10/cryptoprevent41.png)

CryptoPrevent artificially implants group policy objects into the registry in order to block certain executables in certain locations from running. Note that because the group policy objects are artificially created, they will not display in the Group Policy Editor on a Professional version of Windows — but rest assured they are still there!

Freeware

Whats new: >>

added ability to block syskey.exe from execution, which is being exploited by some new malware.

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 4.7
Beitrag von: SiLæncer am 28 Mai, 2014, 23:00

Whats new: >>

Added blocking of fake file extensions with spaces in them to hide the extension. Added blocking of cipher.exe along with syskey.exe, for the potential abuse. Added ability to create custom block and allow policies with scripting support.

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 5.2
Beitrag von: SiLæncer am 02 Juni, 2014, 18:00

Whats new: >>

v5.2 - Added automated protection test after reboot if you select to reboot after applying protection. Some UI and usability tweaks. Added a link to the help forums in the Premium Edition's Information menu.
v5.1 - Tons of UI and usability tweaks. Added more hash values to internal block lists.
v5.0 - Added hash based blocking system.

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 6.0
Beitrag von: SiLæncer am 15 Juni, 2014, 16:00

Whats new: >>

v6.0 - CryptoPrevent is no longer based solely on Windows software restriction policies, and now includes a real-time filter and definitions files/updates!

New 'Filter Module' that can filter certain executables against hash based definitions, can also filter based on other criteria using a more complex rule set, and allow user the option to run the file anyway. Enabled for CPL, SCR, and PIF files by default - advanced options allow to enable for EXE/COM files also (experimental!)
New Policy Editor for software restriction policies, create your own custom path rules (premium feature.) You can also view, search, and selectively delete blacklist policies in effect.
User defined hash rules for MD5/SHA256 (meaning, you can create your own hash based definitions for the Filter Module.)
Separated all main protection policies so they may be individually applied or removed.
Added policy to disable Windows Sidebar/Gadgets due to security vulnerabilities.
Daily updates are now for the new definitions, and a new weekly schedule will be created for application updates.
New email options for bulk premium custom installers.
Easier to install and apply protection with the free version.

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 6.1.0
Beitrag von: SiLæncer am 19 Juli, 2014, 14:07

Whats new: >>

Improved Recycle Bin executable protection.
Added feature to remove ALL software restriction policies (created by CryptoPrevent or not) from the Advanced > Software Restriction Policies menu.
Added feature to block %localappdata%\* in Advanced menu > Software Restriction Policies (max protection, but this includes a block on %temp% so it may cause issues with legitimate apps; generally not recommended.)
Added ability to install (or force install) from CryptoPrevent portable and uninstall/force uninstall from the installed version. Force option is only offered if standard methods fail. Not 100% perfect so only use the force option if absolutely necessary (e.g. the installer won’t run due to access denied errors.)
Bulk Installers now have the option of creating custom whitelist rules during installation.
Misc tweaks.

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 7.0.0
Beitrag von: SiLæncer am 12 August, 2014, 18:00

Whats new: >>

NEW simplified and easy to understand interface, replacing the many obscurely labeled protection option check boxes with a few simple protection "levels" to select from (the old interface still exists in the Advanced menu, and it has been updated as well.)
Updated to not trigger Malwarebytes Anti-Malware detections with the installed version (thanks to the MBAM research team.)
Improved Filter Module function.
Changed recommended defaults slightly.
Enabled optional "Experimental Protection" level (the Experimental EXE/COM settings in the Filter Module.) NOTE: This setting is not largely tested and is NOT recommended for most people, as there may be side effects which could potentially cause system instability. Please understand I cannot accept responsibility for your usage of this setting. If you do wish to use this setting, I would love to hear your feedback on any issues you suspect may be related to having it enabled.

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 7.3.5
Beitrag von: SiLæncer am 19 Oktober, 2014, 21:00

Whats new: >>

CryptoPrevent v7.3.x brings some new features, more clarity on protection levels, and improved protection
First, CryptoPrevent now supports SSL/TLS encryption and StartTLS for your SMTP server settings! This enables support for a wider variety of SMTP servers, allowing users requiring this level of encryption to configure their email alert functionality. Previously only SSL was supported
Second, CryptoPrevent’s experimental “Program Filtering” has reached BETA status. Program Filtering compares executable files to a hash based definitions system consisting of a database of current ransomware threats. It has been tested well on every supported Windows OS, and unsupported OSes were excluded. Supported Windows versions are XP, Win 7 with SP1, Win 8.x, and Win 10. Sorry, Windows Vista is not supported for Program Filtering

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 7.4.20
Beitrag von: SiLæncer am 22 April, 2015, 05:00

Whats new: >>

Some reports indicated that there were issues with existing security software and the BETA protection, however with the 7.4.2 release those issues appear to be resolved.

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.3.4
Beitrag von: SiLæncer am 29 April, 2017, 10:00

Changelog

    Added Proxy support for updates and email
        added command line parameters to configure proxy support
        added automatic file trigger to configure proxy using “CryptoPreventProxy.ini” in application directory
    Performance increase for removing whitelisted software restriction policies
    Additional debug information when running /debug
        for sending email
        for updates
    Added additional Honey Pot detection for more ransomware detection

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.3.5
Beitrag von: SiLæncer am 15 Mai, 2017, 17:00

Changelog

    Performance increase for HoneyPot Detection and alert notification from QuickAccess Tray icon
    Added command line option to add unique identifier for individual client
        /clientemailid=[UniqueClientID]
        Run this CLI option to create a unique identifier for that specific client’s email subject line
    Additional debug information when running /debug
    Added additional Honey Pot detection for more ransomware detection
    Added ability for HoneyPot definitions to be updated during definition updates
        HoneyPot definitions will update during manual or auto-update processes
        If HoneyPot definition file is not available on the system, hard-coded definitions of the current CryptoPrevent version will be used

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.3.7
Beitrag von: SiLæncer am 16 Mai, 2017, 12:30

Changelog

    Rolled back HoneyPot Definition update feature
        received a number of strange false positives
        Will refine more and bring back at a later date

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.3.9
Beitrag von: SiLæncer am 20 Mai, 2017, 19:00

Changelog

    Major performance increase when apply protections
        from the command line and from the GUI
    Corrected issues with Windows 8-10 Scaling
        DPI changes could still cause problems if defined manually and not with the scaling in Windows
        Windows XP-7 will still get warning
    Corrected minor interface issue
        Issue resulted in some changes in 8.0.3.8
            Unable to read tabs, but still clickable
            GUI subtabs looked step sided/pushed to the right some
        Applied to the Protection Settings sub tabs
        Applied to the Policy Editor sub tabs

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.4.0
Beitrag von: SiLæncer am 26 Mai, 2017, 22:00

Changelog

    Fixed graphical issue with policy numbers applied being shown in the policy editor
    Added additional email settings CLI
        /emailusername=”user@addy.com”
        /emailsamesendtofromaddy
            or use the following together:
                /emailfromaddy=”user@addy.com”
                /emailsendtoaddy=”user@addy.com”
        /emailpassword=”password”
        /emailserver=”serverAddress”
        /emailport=”portNumber”
        /emailauthenable
            (Add =0 to disable)
        /emailstarttlsenable
            (Add =0 to disable)
        /emailsslenable
            (Add =0 to disable)
        /clientemailid=”Client ID to be added to Email Subject”
        /emaillocksettings
            (Add =0 to disable)
            Only applies to Bulk or White-Label Editions
    d7x Rule Variables now add environment variable as well as expanded paths
        https://www.foolishit.com/d7x/killemall/rule-variables/
    Revised how SRP protection locations are handled
        Corrects issue where counts may have been off
        Corrects issue where same policy may have been added more than once from CLI options
    Added Debugging ability to the QuickAccess Notification Tray
        Currently debugging information is fairly limited but this will improve over new revisions if additional debugging information is required
        /debug when run from a command prompt with or without admin rights depending on the testing needed
    Improved Multi-User support for QuickAccess Notification Tray
    Bulk & White-Label Edition Installers Updated
        Waits for installation to complete prior to showing finished  button on non-silent installations
        Silent installations wait on installers completion if being scripted now as well
        Fixed possible issues with systems not restarting after install when selected to do so from the Bulk-Creator
        Debug mode will be enabled by default on all Bulk Edition installs for the installation portion only
            This can be used to check for problems if something doesn’t work correctly in the Bulk Edition installation on a particular system
    Fixed possible issue with HoneyPot Detection triggering on changing of protections

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.4.1
Beitrag von: SiLæncer am 02 Juni, 2017, 05:30

Changelog

Fixed graphical issue where verifying settings might not disappear on first run of application
Added additional HoneyPot Detection Rules
Added changes to HoneyPot Detection rules that may cause false positives
Added fix for possible issue with HoneyPot Detection not being able to verify current HoneyPot files
Possible fix for issues with CLI options possibly not starting services as expected
Fixed QuickAccess Notification Tray to update on the fly with protection changes
Added Restore Previous Protections option to Main GUI, QuickAccess Tray, and CLI option of /revertsettings
Possible fix for Monitor Service consuming large amounts of RAM
Minor performance improvements when handling SRP protections from GUI and CLI options

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.4.2
Beitrag von: SiLæncer am 04 Juni, 2017, 19:00

Changelog

    Major improvements in Memory usage across all executables (CryptoPrevent.exe, CryptoPreventMonSvc.exe, CryptoPreventNotification.exe), memory usage will decrease over time for the real-time as well as less usage on initial launches.
    Corrected an issue where White-Label Creator was not updating the CryptoPrevent.exe launcher file in the includes folder which is used to create installers (you can delete this file and then re-open the WL Creator to force an update now)
    SRP Whitelist is now sorted on initial loading and when updated
    FolderWatch Custom Folders list is now sorted on initial loading and when updated
    Fixed issue where services may not start via CLI options
    Fixed issue where HoneyPot files might not be removed when FolderWatch has been disabled
    Fixed issue where HoneyPot files might not be removed when Custom Folder is removed
    Add/Removing Custom Folders to FolderWatch will no apply instantly
    Fixed issue where services may be removed but not re-installed when changing various definition files or email settings

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 8.0.4.3
Beitrag von: SiLæncer am 07 Oktober, 2017, 10:00

Changelog

Performance increases for save/load of Bulk/White-Label configurations
Performance increases in the application of Bulk/White-Label settings at time of install
Performance increases on application startup
Several other minor performance improvements
Corrected issue where blacklist command line option may have whitelisted in some cases
Bulk registration data is now handled entirely via HTTPS (Note registration data was always encrypted prior to being sent, this mainly eliminated a fallback v7 Bulk communication method)
Several other minor bug fixes
New FolderWatch/HoneyPot options (see more here)
HoneyPot Detection Message shows details about detected event and file detected
HoneyPot Detection Message gives the option to go back into windows explorer (instead of just shutdown or reboot)
Subscription Information shown in a tab in the interface
Debug submission available under subscription tab (so this is a premium only option to email support with debug info attached)
Additional HoneyPot Detections for new ransomware variants
Management Console ready (A management console is in the works and being up to date with this version should prepare the clients for this ability on its release)

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 9.0.0.0
Beitrag von: SiLæncer am 18 Januar, 2018, 21:00

Changelog

        User Interface Updated-adds additional explanation on features and functionality as well as streamlines options
        Maintenance options have been added which are powered by d7x technology (manually running maintenance is available under the Free and Premium versions, scheduling automated maintenance is a premium feature only)
        FolderWatch HoneyPot and the Quick Access tray are now available for usage under the free license; this makes all the protections CryptoPrevent provides free for personal usages
        Program Filter has been updated to work with additional file execution situations
        Corrected an issue where subscriptions keys may show as expired or invalid prior to subscription running out
        Updates have been completely re-written for performance and lower bandwidth usage
        Update feature has been added where CryptoPrevent will automatically apply any critical updates when opened (applies to the Free and Premium versions)
        Several performance improvements for CryptoPrevent and the Monitor service
        Several bug fixes for CryptoPrevent and the Monitor service

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

[close]

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 9.0.0.1
Beitrag von: SiLæncer am 12 April, 2018, 21:00

Whats new:>>

Added a large number of additional ransomware patterns for the HoneyPot Detections
Added notification if definitions or the application is updated during the important version update check at each start of the application
Added a date updated beside definitions on main interface
Added additional verification for the Visual C++ 2010 x86 being installed
Premium versions now use a faster server for downloading updates than the Free version
Several other minor bug fixes for CryptoPrevent, Monitor service, and the Tray application

http://www.foolishit.com/vb6-projects/cryptoprevent/

Titel: CryptoPrevent 9.1.0.0
Beitrag von: SiLæncer am 25 April, 2018, 20:00

Whats new:>>

Corrected an issue where offline installation of CryptoPrevent may cause major exception to occur
Corrected possible issue of an unexpected reboot when updates are applied
Added a command line parameter for Bulk/White-Label editions to be able to apply update schedule back to what was set at time of install (/applyINIUpdate)
Expired subscriptions will retain all premium product functionality except updating to future versions & definitions
Free versions have update functionality disabled for future product versions and definitions
Bulk versions can now create their own installer without having to submit and receive their installers, this allows for creating a custom installer for a particular client with a set number of installations defined
A couple other minor bug fixes for CryptoPrevent, Monitor service, and the Tray application

http://www.foolishit.com/vb6-projects/cryptoprevent/