CheckMAL Anti-Ransomware PRO - a Review

Discussion in 'Reviews and Tests' started by Der.Reisende, Nov 14, 2017 at 12:31 AM.

  1. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    Dear reader, welcome to my AppCheck Anti-Ransomware Pro review. I hope you brought some time, as this one will go into detail. Enjoy!

    ================================================================================
    Official website: (English)
    Status: Stable (reviewed version: v2.2.1.2)
    Name of Software/Product: AppCheck Anti-Ransomware Pro

    Support:
    https://checkmal.zendesk.com/hc/en-us/requests/new/ (plain web form, with captcha against spamming)

    You will also find the developer of the product (Ikko Yi) on the main Security forums like as MT and Wilders. Feel free to PM her (?), to my experience, she answers quite fast.
    ==================================================================================

    Act I: Technical overview

    Advantages (features being Pro only highlighted in RED):
    + also Free version available for personal use (with some features being Pro only however, see below)
    + System impact is low
    + constantly improving additional features
    + fast reaction on new ransomware techniques
    + MBR Protection (in Free version since v2.2.0.1)
    + Auto-Backup and Auto-Restore of damaged files, Auto-Cleanup damaged files (customize folders in Pro Version only)
    + Network drive protection

    + low priced, currently high discounts available from CheckMAL shop (PayPal-Support)
    + fully compatible to most Standalone-AV-products
    + offline protection

    Disadvantages:
    - no protection against screenlockers (blocks only file encryption ransomware)
    - some of the samples were able to bypass AppCheck AR Pro
    - sometimes leftovers after intercepted ransomware
    - sometimes not all files were restored (danger of data loss)
    - predefined protected file extensions (list can only be altered in Pro Version)
    7z,ai,bmp,cer,crt,csv,der,doc,docx,dwg,eps,gif,hwp,jbw,jpeg,jpg,jtd,key,lic,lnk,mp3,nc,ods,odt,ogg,one,p12,p7b,p7c,pdf,pef,pem,pfx,png,ppt,pptx,psd,ptx,rdp,rtf,srw,tap,tif,tiff,txt,uti,x3f,xls,xlsx,xps,zip

    Bottom Line:

    In the following review, I will try to provide an unbiased review of above mentioned, Anti-Ransomware solution, whose free version I’ve been using for some months now, as an additional layer alongside my primary AV. Please take my review with a grain of salt, other users might not come across the issues I had or weight Pro’s and Con’s other than I do. My review will focus on the ease of use of the product and the test against a limited amount of recent ransomware samples pulled from Hybrid Analysis.

    This review is not meant to cover every possible setting in the product, but shall give a recommended, most of the time proven setup oriented on everyday use (of course, Malware testing was done and should only be done in an contained environment!).

    Feel free to add your opinion / to make me aware of possible errors in the review.

    I will also not recommend an Anti-Malware (Anti-Virus) solution to run alongside this firewall, as this is a most personal decision. Users need to weight up level of protection (the more aggressive, the more false positives (FP) can occur), system impact, ease of use and the price. Every solution has it’s drawbacks.

    As always: Be sure to always have some external backup, not connected to your machine permanently!

    Protection: 4,5 / 5
    Usability: 5 / 5
    User Interface: 5 / 5
    CPU/RAM/Storage: Low Usage
    Performance: Low Impact
    Overall Rating: Very Good 4,8 / 5

    ==================================================================================

    Act II: Technical overview - Let's get in detail

    Homepage
    Technically well done, not cluttered homepage. I love it!
    As most of it is self explaining, let me just show you some screenshots, of the important sections.
    FAQ.PNG Changelog.PNG Purchase.PNG Support.PNG Video Demonstration.PNG

    Resource Usage
    Totally lightweight! While writing these lines and with Cent Browser running ~ 10 MB of RAM.
    TaskManager.PNG

    GUI / Components
    The GUI is very well done, with just a handful, but all useful settings.

    As it’s kinda self-explaining, let me just show you screenshots of the software.
    GUI1.PNG GUI2.PNG GUI3.PNG GUI4.PNG

    ==================================================================================

    Act III: The real life experience report

    Disclaimer I:
    My experiences are solely based on the stock settings of AppCheck Anti-Ransomware Pro. All other security softwares (like Windows Defender), have been shut down. There are no tweaks like Controlled folder access set to Windows 10 v1709 b16299.19 (Home).

    DO NOT EXPECT AppCheck Anti-Ransomware Pro TO NOT FAIL ON SPECIFIC SAMPLES, IT’S A CAT-AND-MOUSE GAME WITH THE BLACKHATS! See certain examples in the review!

    Therefore, I appeal to every user to have a external backup, not only in case your main security product and or AppCheck Anti-Ransomware Pro and it's components fail to protect your data, but also due to a physical error which might lead to data loss!

    Disclaimer II:
    Due to the small number of samples used in this tests, you should take results with a grain of salt. I encourage you to compare these results with others and take informed decisions on what security products to use.

    ================================================================================

    Samples:
    https://www.hybrid-analysis.com/sam...ad796f4eb15962b74fb2e55fe47?environmentId=100 - Shade.exe
    Shade.PNG

    https://www.hybrid-analysis.com/sam...1f8a9583258982878d3b7377c6e?environmentId=100 - GlobeImposter.exe
    Globe.PNG

    https://www.hybrid-analysis.com/sam...08ae1c348b25970b94c650b33d4?environmentId=100 - locky.exe
    Locky.PNG

    https://www.hybrid-analysis.com/sam...d7355d3a419feb7d7c671312347?environmentId=100 - xRatLocker.exe
    xRatLocker.PNG

    https://www.hybrid-analysis.com/sam...6859938061ad388ae97c172830d?environmentId=100 - Sigma.exe
    Sigma.PNG

    https://www.hybrid-analysis.com/sam...e874bd3f06247a957588fa00498?environmentId=100 - BTCWare.exe
    BTCWare1.PNG BTCWare2.PNG

    https://www.hybrid-analysis.com/sam...7601949196f1d03bacc3f655bc0?environmentId=100 - Wannacry.exe
    wannacry.PNG wannacry2.PNG wannacry3.PNG

    https://www.hybrid-analysis.com/sam...6410d9307d0d0ce73534d63bee8?environmentId=100 - Purge.exe
    Purge.PNG

    https://www.hybrid-analysis.com/sam...ddc2ce0d935fa8545651ce5ab09?environmentId=100 - Ordinypt.exe
    Ordinypt.PNG Ordinypt2.PNG Ordinypt3.PNG Ordinypt4.PNG

    https://www.hybrid-analysis.com/sam...525d6d5c9028c873c4421bf6f98?environmentId=100 - Gibon.exe
    gibon1.PNG gibon2.PNG

    https://www.hybrid-analysis.com/sam...9f4c30d97e5e4b1552565d596e9?environmentId=100 - BTCArena.exe
    BTCArena.PNG

    https://www.hybrid-analysis.com/sam...daa0875ed8496fcbb97a558d0da?environmentId=100 - badrabbit.exe
    badrabbit.PNG

    https://www.hybrid-analysis.com/sam...5a31853b259379708a9e892ec75?environmentId=100 - Magniber.exe
    Magniber.PNG

    https://www.hybrid-analysis.com/sam...dc1198a8184310da419de62916d?environmentId=100 - Waffle.exe
    waffle.PNG

    https://www.reverse.it/sample/b264f...6b5b75bdcc87104f9f410683363?environmentId=100 - Matrix.exe
    Matrix.PNG

    https://www.hybrid-analysis.com/sam...0b3a10132f408d30f7903e8e02d?environmentId=100 - Hermes21.exe
    Hermes1.PNG Hermes2.PNG

    https://www.hybrid-analysis.com/sam...3bee61b01a7d880123ec0a78557?environmentId=100 - Vortex.exe
    vortex.PNG

    https://www.hybrid-analysis.com/sam...bf284e6af244c653db3487fea65?environmentId=100 - Crbr.exe
    cerber.PNG

    https://www.hybrid-analysis.com/sam...ca2492a6455fe4d69f557b448ce?environmentId=100 - Sage20.exe
    Sage.PNG sage2.PNG sage3.PNG

    If you are interested in video demonstrations of way more ransomware, be sure to check out:
    https://www.checkmal.com/page/resource/video/

    ==================================================================================

    Act IV: Contacting Support
    Report.PNG

    ==================================================================================

    For me, AppCheck Anti-Ransomware is a must have, even in the free version, which is available for personal use, paying not even a penny. It will dramatically improve your level of security, against the ever-evolving amount of ransomware being brought up every day. If you like the product, you might think about purchasing the Pro upgrade in order to support the developer. I’ll continue using the product in combination with an AntiVirus / AntiMalware solution and xVirus Firewall Pro, using AppCheck AntiRansomware Free as an additional, third layer against ransomware threats.

    However, this is not a sales review but a diary of a use in hands-on malware testing, give it a try and decide whether it fits your needs :)

    If you find errors, or just want to give feedback on this review, I warmly invite you to do so!

    *****
    Thank you for reading!
    *****
     
    grr, kram7750, revC0de and 5 others like this.
  2. Google Adsense

  3. RGiskardR

    RGiskardR Malware Tester Silver Member

    Amazing review! :great: very well exposed! :clap:
     
    grr, kram7750, revC0de and 3 others like this.
  4. jasonX

    jasonX Giveaways Moderator Staff Member

    GREAT!!!!

    Thank you very much Der.Reisende!!!

    The developer has been notified! YOU DID GREAT MAN! I LIKE IT!

    :thanx::great::win:


    MTAC TEAM YOU ROCK!

    [​IMG]
     
    grr, kram7750, revC0de and 5 others like this.
  5. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    Glad you like it, thank you for reading :)

    Thank you so much for your support and for forwarding it!
    They seem to be impressed, now that they gave 5 more licenses to win!
    Great job @jasonX!
     
    grr, kram7750, revC0de and 4 others like this.
  6. daljeet

    daljeet Member

    Well written review Der.Reisende
    Awesome MBR protection for free version also :thanx:
    :wide:
     
    grr, kram7750, silversurfer and 3 others like this.
  7. jat_forcee

    jat_forcee Initiat3

    It would be great if AppCheck CheckMal publish or share this review through their media channels.
     
    grr, kram7750, Der.Reisende and 3 others like this.
  8. jasonX

    jasonX Giveaways Moderator Staff Member

    Developer has been informed and I also stated that they can link this review to their site. We had the same idea there ;)
     
    grr, kram7750, Trim and 5 others like this.
  9. Trim

    Trim MTAC Moderator Staff Member

    Awesome review, this is a very good and efficient product in my opinion, keep up the great work @Der.Reisende ! :great: it's important that also the free version has the MBR protection!
     
    grr, kram7750, RGiskardR and 4 others like this.
  10. revC0de

    revC0de MTAC Moderator Staff Member

    grr, jat_forcee, kram7750 and 4 others like this.
  11. grr

    grr Board Enthusiast Member Of Month - Tweakbytes Defender Known Member

    Nice review @Der.Reisende

    I never thought of getting any ransomware protection, so might give it a thought.
     

Share This Page