Softpedia >Windows >Security >Security Related >CryptoPrevent >  Changelog

CryptoPrevent Changelog

What's new in CryptoPrevent 9.1.0.9

Feb 2, 2019
  • Added rules for SRP Double Extensions to include (.7 & .ARJ)
  • Corrected possible issues with Updating from System Tray or problems with System Tray after an update (note: issues may still occur with this update since the issue will still exist in current EXE)
  • Subscription page now shows product key for the registered system or the 1st 5 of Bulk/White-Label Key being used for easier management and identification
  • Updated Digital Certificate for EXE files:
  • CryptoPrevent.exe
  • CryptoPreventFilterMod.CryptoPreventEXEC
  • CryptoPreventMonSvc.exe
  • CryptoPreventNotification.exe
  • d7x.exe
  • KillEmAll.exe
  • Other minor bug fixes
  • We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.

New in CryptoPrevent 9.1.0.0 (Apr 26, 2018)

  • Corrected an issue where offline installation of CryptoPrevent may cause major exception to occur
  • Corrected possible issue of an unexpected reboot when updates are applied
  • Added a command line parameter for Bulk/White-Label editions to be able to apply update schedule back to what was set at time of install (/applyINIUpdate)
  • Expired subscriptions will retain all premium product functionality except updating to future versions & definitions
  • Free versions have update functionality disabled for future product versions and definitions
  • Bulk versions can now create their own installer without having to submit and receive their installers, this allows for creating a custom installer for a particular client with a set number of installations defined
  • A couple other minor bug fixes for CryptoPrevent, Monitor service, and the Tray application
  • We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.

New in CryptoPrevent 9.0.0.1 (Apr 12, 2018)

  • Added a large number of additional ransomware patterns for the HoneyPot Detections
  • Added notification if definitions or the application is updated during the important version update check at each start of the application
  • Added a date updated beside definitions on main interface
  • Added additional verification for the Visual C++ 2010 x86 being installed
  • Premium versions now use a faster server for downloading updates than the Free version
  • Several other minor bug fixes for CryptoPrevent, Monitor service, and the Tray application

New in CryptoPrevent 9.0.0.0 (Jan 19, 2018)

  • User Interface Updated-adds additional explanation on features and functionality as well as streamlines options
  • Maintenance options have been added which are powered by d7x technology (manually running maintenance is available under the Free and Premium versions, scheduling automated maintenance is a premium feature only)
  • FolderWatch HoneyPot and the Quick Access tray are now available for usage under the free license; this makes all the protections CryptoPrevent provides free for personal usages
  • Program Filter has been updated to work with additional file execution situations
  • Corrected an issue where subscriptions keys may show as expired or invalid prior to subscription running out
  • Updates have been completely re-written for performance and lower bandwidth usage
  • Update feature has been added where CryptoPrevent will automatically apply any critical updates when opened (applies to the Free and Premium versions)
  • Several performance improvements for CryptoPrevent and the Monitor service
  • Several bug fixes for CryptoPrevent and the Monitor service

New in CryptoPrevent 8.0.4.3 (Oct 5, 2017)

  • Performance increases for save/load of Bulk/White-Label configurations
  • Performance increases in the application of Bulk/White-Label settings at time of install
  • Performance increases on application startup
  • Several other minor performance improvements
  • Corrected issue where blacklist command line option may have whitelisted in some cases
  • Bulk registration data is now handled entirely via HTTPS (Note registration data was always encrypted prior to being sent, this mainly eliminated a fallback v7 Bulk communication method)
  • Several other minor bug fixes
  • New FolderWatch/HoneyPot options (see more here)
  • HoneyPot Detection Message shows details about detected event and file detected
  • HoneyPot Detection Message gives the option to go back into windows explorer (instead of just shutdown or reboot)
  • Subscription Information shown in a tab in the interface
  • Debug submission available under subscription tab (so this is a premium only option to email support with debug info attached)
  • Additional HoneyPot Detections for new ransomware variants
  • Management Console ready (A management console is in the works and being up to date with this version should prepare the clients for this ability on its release)

New in CryptoPrevent 8.0.4.2 (Jun 5, 2017)

  • Major improvements in Memory usage across all executables (CryptoPrevent.exe, CryptoPreventMonSvc.exe, CryptoPreventNotification.exe), memory usage will decrease over time for the real-time as well as less usage on initial launches.
  • Corrected an issue where White-Label Creator was not updating the CryptoPrevent.exe launcher file in the includes folder which is used to create installers

New in CryptoPrevent 8.0.4.1 (Jun 1, 2017)

  • Fixed graphical issue where verifying settings might not disappear on first run of application
  • Added additional HoneyPot Detection Rules
  • Added changes to HoneyPot Detection rules that may cause false positives
  • Added fix for possible issue with HoneyPot Detection not being able to verify current HoneyPot files
  • Possible fix for issues with CLI options possibly not starting services as expected
  • Fixed QuickAccess Notification Tray to update on the fly with protection changes
  • Added Restore Previous Protections option to Main GUI, QuickAccess Tray, and CLI option of /revertsettings
  • Possible fix for Monitor Service consuming large amounts of RAM
  • Minor performance improvements when handling SRP protections from GUI and CLI options

New in CryptoPrevent 8.0.4.0 (May 26, 2017)

  • Fixed graphical issue with policy numbers applied being shown in the policy editor:
  • Added additional email settings CLI:
  • /emailusername=”[email protected]
  • /emailsamesendtofromaddy
  • or use the following together:
  • /emailfromaddy=”[email protected]
  • /emailsendtoaddy=”[email protected]
  • /emailpassword=”password”
  • /emailserver=”serverAddress”
  • /emailport=”portNumber”
  • /emailauthenable
  • (Add =0 to disable)
  • /emailstarttlsenable
  • (Add =0 to disable)
  • /emailsslenable
  • (Add =0 to disable)
  • /clientemailid=”Client ID to be added to Email Subject”
  • /emaillocksettings
  • (Add =0 to disable)
  • Only applies to Bulk or White-Label Editions
  • d7x Rule Variables now add environment variable as well as expanded paths: https://www.foolishit.com/d7x/killemall/rule-variables/
  • Improved Multi-User support for QuickAccess Notification Tray
  • Fixed possible issue with HoneyPot Detection triggering on changing of protections
  • Revised how SRP protection locations are handled:
  • Corrects issue where counts may have been off
  • Corrects issue where same policy may have been added more than once from CLI options
  • Added Debugging ability to the QuickAccess Notification Tray:
  • Currently debugging information is fairly limited but this will improve over new revisions if additional debugging information is required
  • /debug when run from a command prompt with or without admin rights depending on the testing needed
  • Bulk & White-Label Edition Installers Updated:
  • Waits for installation to complete prior to showing finished button on non-silent installations
  • Silent installations wait on installers completion if being scripted now as well
  • Fixed possible issues with systems not restarting after install when selected to do so from the Bulk-Creator
  • Debug mode will be enabled by default on all Bulk Edition installs for the installation portion only:
  • This can be used to check for problems if something doesn’t work correctly in the Bulk Edition installation on a particular system

New in CryptoPrevent 8.0.3.9 (May 26, 2017)

  • Major performance increase when apply protections:
  • from the command line and from the GUI
  • Corrected issues with Windows 8-10 Scaling:
  • DPI changes could still cause problems if defined manually and not with the scaling in Windows
  • Windows XP-7 will still get warning
  • Corrected minor interface issue:
  • Applied to the Protection Settings sub tabs
  • Applied to the Policy Editor sub tabs
  • Issue resulted in some changes in 8.0.3.8:
  • Unable to read tabs, but still clickable
  • GUI subtabs looked step sided/pushed to the right some

New in CryptoPrevent 8.0.3.8 (May 26, 2017)

  • Added an alert for Windows XP-7 to inform of high DPI setting and recommend lowering it while applying protections:
  • Windows 8 & 10 do not get the alert but the interface is usable with only slight visual issues on increased scaling settings
  • Youtube video going over how to change DPI settings can be found here: https://youtu.be/biuNjFnoqPI
  • Removed a couple rules for HoneyPot Detection that could cause false positives with some file types:
  • If you receive any false positive alerts with HoneyPot Detection please continue send us the event information from the History tab so we can get exceptions added when needed

New in CryptoPrevent 8.0.3.7 (May 26, 2017)

  • Rolled back HoneyPot Definition update feature:
  • received a number of strange false positives
  • Will refine more and bring back at a later date

New in CryptoPrevent 8.0.3.6 (May 26, 2017)

  • Fixed Links not working in Get Premium Tab of the Free Edition
  • Updated HoneyPot Detection protections to correct for possible false positive:
  • Updated list was pushed out using the previous version’s definition update feature
  • Published new version along with the correction because there was another reason to publish the updated version

New in CryptoPrevent 8.0.3.5 (May 26, 2017)

  • Performance increase for HoneyPot Detection and alert notification from QuickAccess Tray icon
  • Added command line option to add unique identifier for individual client
  • /clientemailid=[UniqueClientID]
  • Run this CLI option to create a unique identifier for that specific client’s email subject line
  • Additional debug information when running /debug
  • Added additional Honey Pot detection for more ransomware detection
  • Added ability for HoneyPot definitions to be updated during definition updates
  • HoneyPot definitions will update during manual or auto-update processes
  • If HoneyPot definition file is not available on the system, hard-coded definitions of the current CryptoPrevent version will be used

New in CryptoPrevent 8.0.1.14 (Jan 18, 2017)

  • New:
  • Folder Watch – Monitors and protects common folders from items that match malware definitions.
  • Submit Malicious Files – This will allow you to submit malicious files (which are not in our malware definitions) to review for inclusion in the default definitions.
  • Improved:
  • Program Filtering Protection – The original ‘BETA’ program filtering protections were very effective, but caused issues with running certain programs; now it offers vastly improved reliability as it is based on the new code platform of the coming 3rd generation ‘d7x’ PC technician utilities, it is thoroughly tested, and recommended for mass usage!
  • SRP Protection – The original protection method since CryptoPrevent version 1 was automatically created “SRP” rules (aka “Software Restriction Policies” which are normally only available in “Professional” editions of the Windows operating system and only scriptable across Active Directory/domain environments.) CryptoPrevent v1 created 8 SRP rules for protection and v7.4.21 (the final v7) created just under 400 SRP rules, while version 8.0 currently creates just under 4000! That’s 10x as many as v7 and 500x as many as v1!
  • New/Improved:
  • Expanded Malware Definitions (Optional) – Expanded malware and ransomware detection definitions add cutting edge detection power to CryptoPrevent, and are updated at least weekly, although they may increase the risk of ‘false positive’ malware detections. (These are entirely optional; you may elect to keep the standard definition set with less risk of ‘false positive’ detections.)

New in CryptoPrevent 7.4.20 (Apr 16, 2015)

  • Some reports indicated that there were issues with existing security software and the BETA protection, however with the 7.4.2 release those issues appear to be resolved.

New in CryptoPrevent 7.3.5 (Oct 13, 2014)

  • CryptoPrevent v7.3.x brings some new features, more clarity on protection levels, and improved protection
  • First, CryptoPrevent now supports SSL/TLS encryption and StartTLS for your SMTP server settings! This enables support for a wider variety of SMTP servers, allowing users requiring this level of encryption to configure their email alert functionality. Previously only SSL was supported
  • Second, CryptoPrevent’s experimental “Program Filtering” has reached BETA status. Program Filtering compares executable files to a hash based definitions system consisting of a database of current ransomware threats. It has been tested well on every supported Windows OS, and unsupported OSes were excluded. Supported Windows versions are XP, Win 7 with SP1, Win 8.x, and Win 10. Sorry, Windows Vista is not supported for Program Filtering

New in CryptoPrevent 7.0 (Aug 13, 2014)

  • Simplified and easy to understand interface, replacing the many obscurely labeled protection option check boxes with a few simple protection “levels” to select from (the old interface still exists in the Advanced menu, and it has been updated as well.)
  • Updated to not trigger Malwarebytes Anti-Malware detections with the installed version (thanks to the MBAM research team.)
  • Improved Filter Module function.
  • Changed recommended defaults slightly.
  • Enabled optional “Experimental Protection” level (the Experimental EXE/COM settings in the Filter Module.) NOTE: This setting is not largely tested and is NOT recommended for most people, as there may be side effects which could potentially cause system instability. Please understand I cannot accept responsibility for your usage of this setting. If you do wish to use this setting, I would love to hear your feedback on any issues you suspect may be related to having it enabled.

New in CryptoPrevent 4.7 (May 30, 2014)

  • Added blocking of fake file extensions with spaces in them to hide the extension.
  • Added blocking of cipher.exe along with syskey.exe, for the potential abuse.
  • Added ability to create custom block and allow policies with scripting support. (Premium version only)

New in CryptoPrevent 4.4.1 (May 26, 2014)

  • added ability to block syskey.exe from execution, which is being exploited by some new malware.

New in CryptoPrevent 4.3.2 (Apr 11, 2014)

  • added support for redirected %appdata% directories (Windows folder redirection typically only used on larger networks.)

New in CryptoPrevent 4.3 (Nov 25, 2013)

  • separated protection option for %userprofile% / %programdata% / Startup Folder and added whitelisting capabilities for those locations – also removed unnecessary reboot prompt after automatic update on Vista+ OSes.

New in CryptoPrevent 4.2.6 (Nov 22, 2013)

  • removed the *.com file rule for %userprofile% as this was causing some issues with user accounts with .com in the path name under certain circumstances.

New in CryptoPrevent 4.2.5 (Nov 18, 2013)

  • Fixed a minor bug in that using the /w= command line parameter was also forcing /whitelist whether it was specified or not.

New in CryptoPrevent 4.2.4 (Nov 11, 2013)

  • Fixed a recent bug causing email alerts to not be sent properly

New in CryptoPrevent 4.2.3 (Nov 11, 2013)

  • Misc. changes to the White-Label edition. Added IP address / Computer Name to the optional alert email when an application is blocked (Premium edition.)

New in CryptoPrevent 4.2 (Nov 11, 2013)

  • Added Start Menu > All Programs > Startup folder protection. Added reboot prompt after automatic update / re-application of protection.

New in CryptoPrevent 4.1.5 (Nov 11, 2013)

  • Misc changes to whitelisting functionality and added a link to the Email Setup FAQ inside the program.

New in CryptoPrevent 4.1 (Nov 11, 2013)

  • Added RLO (Right to Left Override) exploit protection to Fake File Extension protection function.

New in CryptoPrevent 4.0 (Nov 6, 2013)

  • Added Event Log to check event history of blocked applications. In the Premium Edition (formerly Automatic Update Edition), added email alert capability when an application is blocked.

New in CryptoPrevent 3.1 (Nov 4, 2013)

  • Added some new areas of protection, fixed an issue with not protecting the Recycle Bin properly and expanded that to protect the bin on all drives, fixed some instances of the test failing although protection was in fact successful, and a few other misc. changes.

New in CryptoPrevent 3.0 (Nov 1, 2013)

  • Added protection from executables located inside the Recycle Bin. Introduced a new optional CryptoPrevent Automatic Updates service for home users!

New in CryptoPrevent 2.6 (Oct 30, 2013)

  • implemented protection (and whitelisting) for *.com *.scr and *.pif files in addition to *.exe for %appdata% directories in order to block a lot more malware than just Cryptolocker. Added new file extensions to the fake file extension protection. Implemented a 12 second timer to stop waiting on group policy to refresh when applying actions, as it was noted on some systems that gpupdate seems to freeze up.

New in CryptoPrevent 2.5.3 (Oct 30, 2013)

  • removed blanket rules for fake file extensions (the ? wildcards) in favor of specific rules, do to potential application incompatibilities

New in CryptoPrevent 2.5.2 (Oct 30, 2013)

  • added the /nogpupdate command line parameter to skip the group policy update in scripted environments

New in CryptoPrevent 2.5.1 (Oct 30, 2013)

  • fixed an issue with the /whitelist parameter not working when CryptoPrevent.exe was scripted to run under the local system account.

New in CryptoPrevent 2.5 (Oct 30, 2013)

  • implemented protection against fake file extension executables (e.g. *.docx.exe or *.pdf.exe) on suggestion from Steve B at sanesecurity.com; also made Temp Extracted Executable protection unchecked by default and implemented a warning when checking this item, as this can cause issues with some apps/installations.

New in CryptoPrevent 2.4 (Oct 28, 2013)

  • implemented the option to check for updates direct from this website within the application itself.

New in CryptoPrevent 2.3 (Oct 28, 2013)

  • relaxed protection methods on Vista+ OSes as rules of prior versions were blocking some executables running from %temp% directories which could cause certain application installations to fail unless you temporarily removed protection during the installation. This should no longer be necessary. Tested relaxed protection against Cryptolocker to ensure it still cannot infect the OS, and it cannot. Also made the whitelist dialog resizable.

New in CryptoPrevent 2.2.3 (Oct 28, 2013)

  • minor changes to the browse button functionality for the manual whitelisting dialog (it wasn’t stripping the %userprofile% path properly on XP systems.)

New in CryptoPrevent 2.2.1 (Oct 28, 2013)

  • made changes to prevent duplicate rules from being created when protection is applied multiple times without undoing the protection first. No harm would come from the duplicate rules, but my OCD was bothering me.

New in CryptoPrevent 2.2 (Oct 28, 2013)

  • added additional restriction policies to better protect Windows XP against the latest strains – prior versions were not protecting %username%\local settings\application data and their first level subdirectories, but rather only %username%\application data and their first level subdirectories. Along with this comes additional whitelist scanning functionality. Other syntax changes in the rules for better compatibility with all OSes.

New in CryptoPrevent 2.1.2 (Oct 28, 2013)

  • added gpupdate /force to force a refresh of group policy after removing prevention via the Undo features. This may negate the need for a reboot after Undo, and resolve issues where a reboot doesn’t quite do the trick… Also added a re-test for active protection to determine if a reboot prompt should be displayed after Undo, on the chance that it is still required.

New in CryptoPrevent 2.1 (Oct 28, 2013)

  • fixed Temp Extracted EXEs blocks on some systems that refused to work with %temp% in the rules.

New in CryptoPrevent 2.0.1 (Oct 28, 2013)

  • fixed whitelisting capabilities not working on some systems since v2.0