MarkD

Supplementary anti-ransomware software.

Recommended Posts

Hello

I was considering supplementing EAM with Checkpoint's paid-for Zonealarm anti-ransomware software.  Looking at reviews it performs extremely well and it states that it runs fine with other security software.

Trawling the forums I could only find this which related to compatibility issues between EAM and Checkpoint's anti-ransomware but it is from 2017.

In the past I have always stuck with a single security product. However, ransomware is now the predominant threat and it seems that even companies with gazillions to spend on security are falling victim (via social engineering). I reckon the extra layer of protection will be well worth it.

I know that EAM is a great product (I have been using it for over 10 years) but would like to get people's thoughts/experience with this, please.

Thank you.

Mark

Share this post


Link to post
Share on other sites

Ransonware is just another from of malware, EAM protects against malware, very well I might add.  So not needed. I also have a feeling that these 2 programs would conflict in some way.

Share this post


Link to post
Share on other sites
3 hours ago, digmor crusher said:

Ransonware is just another from of malware, EAM protects against malware, very well I might add.  So not needed. I also have a feeling that these 2 programs would conflict in some way.

Thank you for responding to my query.

I agree that EAM protects against malware. I disagree that ransomware is in the same boat - encrypting files is done legitimately thousands of times every day - it is determining whether the encryption is malicious that is the issue. Coupled with the fact that ransomware variants are able to easily elude many corporate editions of security products (just look at the news items - there are many examples), I feel having more than one layer of protection is important.  I agree that EAM has excellent (and intelligent) heuristics, however, additional protection can't be a bad thing.

I was just wondering if anyone else had any experience of using these products side-by-side. 

Thanks again.

Mark

Share this post


Link to post
Share on other sites

But why... If you ask people why they are using EAM or how did they find their way to Emsisoft, then a usual answer is because of their Anti-Ransomware efforts. 

If you google Emsisoft you will find predominantly stuff about their Anti-Ransomware fight and decrypters. They are famous just for that. If I would ever look for a specialized Anti-Ransomware, I would go for EAM just because of that. You already have something from the ransomware experts, why install an additional tool going into the same direction? 

Share this post


Link to post
Share on other sites
19 hours ago, MarkD said:

In the past I have always stuck with a single security product. However, ransomware is now the predominant threat and it seems that even companies with gazillions to spend on security are falling victim (via social engineering). I reckon the extra layer of protection will be well worth it.

Ransomware attacks that succeed against companies rely on means that security software usually can not protect against, such as Remote Desktop (RDP) compromise and (as you correctly stated) social engineering. We've added some RDP attack warnings to our "Cloud Console" accessible via MyEmsisoft and a function to disable RDP on effected workstations on-demand as well, which will help corporate clients using Emsisoft Business Security who connect it to a workspace in MyEmsisoft.

Social engineering is another matter entirely, since if you can convince a victim to disable their security software then your malware can do whatever it wants.

As for the effectiveness or compatibility of Checkpoint's Anti-Ransomware, I really don't know much about it.

Share this post


Link to post
Share on other sites

These are all good points and I am not questioning EAM / Emisisoft's ability to protect against ransomware. Social engineering is not just convincing someone to disable their security software. I do a varying amount of weekly research on ransomware and understand that the only product that seems to stand up to all ransomware (as of my last reading), and which also includes a very successful remediation rate is Intercept X. However, I suspect that despite the valiant efforts of the Sophos team, Intercept X may eventually become compromised and that would also require additional layers of security.

You are preaching to the converted - I would not have been using EAM since its A-squared days if I thought it was not up to the job. However, I consider it sensible to incorporate another layer of security through which any malware will need to traverse and I am simply trying to find out if anyone has used Checkpoint's offering alongside EAM before I commit and purchase it.

Share this post


Link to post
Share on other sites

I'm using Win 8.1, but - if I had Win 10 - would be quite tempted to experiment with its "Controlled Folder Access"... except that I think that needs Windows Defender's real-time protection enabled and I suppose it either definitely can't, or maybe can't coexist with EAM.

Likewise "novirusthanks" have a product called "file-system-protector" which I'd like to play with... but for all I know it may have a similar limitation. 

Share this post


Link to post
Share on other sites

I prefer to use 2 solutions as no programs are 100% effective 100% of the time. I always recommend using one of these as secondary protection: 

Voodoo Shield ( free and paid versions)

Hard Configurator (free)

Osarmour ( free now, soon to be a pay program)

Syshardener ( free for now)

Configure Defender if your using W10.

 

  • Thanks 1

Share this post


Link to post
Share on other sites
1 hour ago, digmor crusher said:

I prefer to use 2 solutions as no programs are 100% effective 100% of the time. I always recommend using one of these as secondary protection: 

Voodoo Shield ( free and paid versions)

Hard Configurator (free)

Osarmour ( free now, soon to be a pay program)

Syshardener ( free for now)

Configure Defender if your using W10.

 

That seems a bit at odds with your earlier reply; is the difference that these latter programs take a different approach from whatever it is that Checkpoint's software does?

Share this post


Link to post
Share on other sites

Yes, HC, CD and Syshardener all use built in Windows settings to harden Windows, VS and OSA are light weight programs that run very well alongside almost every AV. Opposed to ZoneAlarm which I assume installs a driver and hooks into your system in every nook and cranny it can find.  Someone may correct me if I am wrong.

Share this post


Link to post
Share on other sites
18 hours ago, JeremyNicoll said:

I'm using Win 8.1, but - if I had Win 10 - would be quite tempted to experiment with its "Controlled Folder Access"... except that I think that needs Windows Defender's real-time protection enabled and I suppose it either definitely can't, or maybe can't coexist with EAM.

think it can run alongside EAM, however not many people attempt to use both. I usually tell people to add exclusions if there are compatibility issues.

Share this post


Link to post
Share on other sites

These are great responses - thank you. I like your suggestions @digmor crusher  especially Syshardener which seems to apply a lot of settings I configure at work.

However, I am after dedicated protection against ransomware. The suggestions above are great, but at the end of the day they mitigate against some of the methods via which the malware can be dropped onto the system, or via which it can communicate to a C2 server. I think my best bet is to run Zonealarm's offering as a trial and see how EAM plays along with it.

Thanks again to everyone for your suggestions, it is appreciated very much indeed.

Cheers!

Mark

Share this post


Link to post
Share on other sites

Well, I installed the trial and it runs perfectly side-by-side with EAM. The only time EAM noticed it was when I uninstalled it and I had to mark 5 files as being safe. I uninstalled the demo because while Zonealarm offers an extension for Chrome, an extension is not available for Edge. This was a deal-breaker for me because my work and purchases are via Edge, while social media/entertainment are via Chrome.

So, if anyone wonders how well they play together, they are fine. However, Zonealarm did not need to spring into action so I have no idea what would happen if it had identified a process as being 'ransomware-like'.

Share this post


Link to post
Share on other sites
15 hours ago, MarkD said:

I uninstalled the demo because while Zonealarm offers an extension for Chrome, an extension is not available for Edge. This was a deal-breaker for me because my work and purchases are via Edge, while social media/entertainment are via Chrome.

If you're using the newer Chromium based Edge then you can install the Google Chrome extension in Edge. Granted this won't work with the older version of Edge that was based on Microsoft's technology.

Share this post


Link to post
Share on other sites

I had wondered about that. I chatted with their support and it was they who stated there was no extension for Edge. I am using the new release. I guess that if they don't officially support it they can't recommend that course of action.

Share this post


Link to post
Share on other sites
20 hours ago, MarkD said:

I guess that if they don't officially support it they can't recommend that course of action.

If they haven't tested their Google Chrome extension with the new Edge, or found some issue with it, then they probably aren't ready to recommend it yet.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.