Leaderboard


Popular Content

Showing content with the highest reputation on 12/19/17 in Posts

  1. 1 point
    Hi, @Umbra I think number 13 of your guide is definitely the most important aspect to keep in mind. Interesting guide. Well done!
  2. 1 point
    Please download the following fixlist.txt file and save it to the Desktop: https://www.gt500.org/emsisoft/frst/12-18-2017/fixlist.txt NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop. Run the FRST download from earlier, and press the Fix button just once and wait. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.
  3. 1 point
    Ours blocks it with zero files encrypted. Also, the last time I checked MBAM didn't have a behavior blocker like we do. They simply bought up Nathan Scott's company that made CryptoMonitor and had him integrate the technology into their products. I guess what it does could be considered a type of behavioral detection technology, however ours is more generic, and focuses on all potential threats rather than just ransomware (which means it will stop more threats). Ours also jumps into action faster from what I've seen, and ensures less damage is done to the system and the user's data. Not anymore. That testing was done before the "Auto resolve" mode was added to automate Behavior Blocker decisions. Note that "Auto resolve" is the default option in EAM since it was added, and a user has to specifically change the option to "Alert" if they want to see the traditional alerts rather than allowing the Behavior Blocker to automatically make decisions. Also note that the notifications displayed while "Auto resolve" is enabled do have options to allow/quarantine detected files so that users can still select what to do, and they have 10 seconds by default to make a selection before the Behavior Blocker takes automatic action. "Layered protection" isn't necessarily bad, you just have to be sure not to use a bunch of software that does the same thing (real-time monitoring that hooks all running programs and injects code into all running programs). Why not mix it up a bit, and use a sandbox/hardware firewall/DNS protection service/etc. in addition to EAM, as opposed to just stacking a bunch of software with real-time protection? Or if you'd prefer to go the paranoid route, why not just do everything in virtual machines with snapshots that you can restore to after using them, and leave EAM to protect the host Operating System? I know that traditionally the idea of "layered protection" is to install a bunch of software with real-time protection, and just live with the downsides. These days there are so many options when it comes to "layered protection" that we don't need to think along those lines anymore.
  4. 1 point
    That was too easy. Thanks Umbra.
  • Who's Online   0 Members, 0 Anonymous, 35 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up