To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Block new unknown ransomware?

Everson W/ Member Posts: 23 Cyber Knight

DeepGuard included in the Client Security is able to block new unknown ransomware?


  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master



    The official F-Secure Virus Lab opinion is that F-Secure DeepGuard will stop any possible "cryptor" malware from infecting the system automatically, without very stupid human user error, provided the F-Secure DeepGuard module is running in its default "Advanced mode".


    However, DeepGuard Advanced mode uses the mini-DLL injection method, which could cause incompatibility in rare cases (DRM, games, CAD or other expensive software with agressive protection against unauthorized duplication, etc.) Because of that, corporate users who encounter an incompatibility or merely afraid of any incompatibility problems arising, may be tempted to reduce Deepguard to "base mode" or even turning it off entirely and consequently, reducing anti-cryptor protection to near zero. Please don't do that, but contact F-Secure support services to have your problem sorted out!


    Anyhow, there is a200kB F-Secure PDF file which describes the recommended protection settings for maximum anti-cryptor strenghts ( MD5: 9d448bcc28bcc7899a2965338afe1c38 ). You may ask for that one at support.


    Furthermore, the second best protection against ransomware is to eradicate any remaining Windows XP computers. Those are always the first to get infected and will even encrypt a server share, if connected. (In Eastern Europe many WinXP computers remain in daily use and there are a lot of cryptor incidents.)


    Of course, the absolutely best protection against ransomware is to make frequent and reliable backups and store them off-line!


    Best Regards: Tamas Feher, Hungary.

  • Everson
    Everson W/ Member Posts: 23 Cyber Knight

    Where can I download the PDF ?

This discussion has been closed.