CryptoPrevent 8: Windows malware prevention software

[Petrovic]

CryptoPrevent 8 is the latest version of the popular malware prevention software for devices running Microsoft's Windows operating system.

 

Windows users have quite the diverse selection of security tools at their disposal. Even if you ignore the options that Windows itself ships with, there is a variety of tools that users can install to improve their system's protection against malware threats.

 

CryptoPrevent falls into the supplemental category, meaning that it adds to the protection but should be used next to resident antivirus software or other protections.

We mentioned the first version of the program back in 2013 when first ransomware threats started to pick up pace.

CryptoPrevent 8

The program has come a long way since the release of its first version back in 2013.  The program relies heavily on Software Restriction Policies to block malware attacks. The most recent version of CryptoPrevent ships with about 4000 rules, which is ten times the number that version 7 of the program shipped with.

 

The program is relatively easy to use on first glance. The first screen that it displays prompts you to pick a protection plan. This plan determines the protection level, and goes from none at all to maximum in the free version. There is also an extreme setting that is only available for premium users, and an option to pick custom settings.

 

If you are unsure what to pick here, you may want to start with the default level as it is the recommended protection level.

 

The Protection Settings tab lists some of the protective measures that CryptoPrevent 8 will apply to the system when plans are selected.

 

It lists the protected areas --- the %appdata% folder for instance --, whether program naming exploits are blocked (using double file extensions for instance), and whether certain Windows programs or features are blocked as well.

 

The default plan makes the following security changes:

1. Protects %programdata%, %userprofile%, and startup folders in the Start menu.
2. Blocks vssadmin.exe, syskey.exe and cipher.exe.
3. Prevents known malware from starting.
4. Turns off Windows sidebar and gadgets.

 

Other options that the program may enable are to block file types that are often used by malware (.scr, .pif or cpl), and to watch certain folders and block programs that show malware traits.

 

The Policy Editor tab is quite useful, as it lists all whitelisted and blacklisted files and folders. You can check the Software Restriction Policies folders there for instance by opening the blacklist, or add folders or files to the whitelist to allow their execution.

 

Options are included to remove selected folders from the blacklist. This is useful in particular if you run into execution issues on the system after enabling one of CryptoPrevents plans.

One of the issues that I had personally with earlier program versions of CryptoPrevent was that it did not really reveal what it was doing, and that you had even less control over the functionality.

 

A CryptoPrevent monitoring service runs in the background after you apply a protection plan to the device. You can undo changes at any time by loading the program again. I suggest you set the protections to none before you uninstall the program on a device just to be on the safe side.

Closing Words

CryptoPrevent 8 improves the protection of a device running Windows through the use of software restriction policies, malware definitions, and other means. It is not designed to run as the only security program on a Windows machine, but may complement existing security programs without interfering with them.

Article source

[Richwood]

Wouldn't surprise me if Malwarebytes or another AV company make an attempt to buy out this developer.