SBGuard Anti-Ransomware hardens Windows

Martin Brinkmann
Aug 30, 2016
Updated • May 22, 2018
Software
|
46

SBGuard Anti-Ransomware is a free program for Microsoft Windows devices that hardens the operating system to block ransomware attacks dead in their track.

While there are plenty of anti-ransomware tools out there for the Windows operating system, there is little information about hardening the system to block ransomware from installing itself on it.

SBGuard Anti-Ransomware tries to change that by offering an on/off solution that applies around 700 Registry entries to the Windows Registry that limit software execution.

It injects around 700 registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations and prevent certain file types from executing.

Additionally, it blocks Windows Gadgets, and "several other system actions Ransomware will attempt to perform to encrypt the data".

If that sounds awfully vague, it is. One of the main issues with solutions like this is false positives. While the program may very well block most -- the company claims all known and many future -- ransomware attacks, you may experience issues running or installing legitimate software relying on functionality that is blocked.

sbguard anti-ransomware

The only solution provided by the company that creates SBGuard Anti-Ransomware is to turn it off during installation of software to avoid issues related to it.

Turning it off on the other hand means no protection while software is installed, so users better make sure the software is legitimate before performing the operation.

The installation of SBGuard Anti-Ransomware should not pose any issues even  inexperienced users. Please note that it requires the Microsoft .NET Framework 3.5 to run. Also, you are required to enter an email address on the developer site to download the program. The download link is sent to the email address you enter.

The program itself is dead easy to use. Start it with elevated rights after installation, and click on the enable or disable buttons to toggle the protection status of the operating system.

There is also a handy restart button. You need to restart the computer before the changes take effect.

As mentioned earlier, the program adds a number of restriction mechanisms and modifications to Windows using the Windows Registry. It is highly recommended to back up the Windows Registry, or even better, the whole system disk, before enabling the application's protective features.

The company behind the product released a demo video that showcases how ransomware is blocked after enabling the program's protection on a Windows computer.

SBGuard Anti-Ransomware protects against ransomware threats such as Cryptolocker, CryptoWAll, Teslacrypt, CTB-Locker, Zepto and others according to the company.

It also mentions on the product page that it monitors ransomware development and will implement protective measures against new attack forms as soon as they become known.

The program does not display notifications right now if the execution is blocked. A future update will introduce the feature and others, such as an option to run the program as a service for advanced security options.

Closing Words

SBGuard Anti-Ransomware hardens Windows machines against ransomware attacks. In fact, it protects at least partially against other forms of malicious software as well, but is no replacement for anti-virus programs.

The application could use a whitelist feature that enables you to allow programs to run while the protection is enabled.

Also, the devs should consider publishing a list of changes that the program makes as many users and most admins won't install it otherwise.

Summary
software image
Author Rating
1star1star1stargraygray
3.5 based on 6 votes
Software Name
SBGuard Anti-Ransomware
Operating System
Windows
Software Category
Security
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. unyk said on February 25, 2017 at 9:46 am
    Reply

    I haven’t been using AV software for ages now as i am a pretty sophisticated user. What a tool this is. Even more peace of mind.

  2. Traveltravel said on December 29, 2016 at 2:17 am
    Reply

    Hi

    Is SBGuard v1.4.5.1 now able to display messages/pop-ups upon detecting any attacks?

    How does it fair against the 10 tests by RanSim Anti-Ransomware Simulator? CryptoPrevent failed it!

    Apparently, RanSim Anti-Ransomware Simulator test against the defenses of anti-ransomware is now a hot discussion topic at Wilders Security Forums and SpiceWork Community

    https://www.wilderssecurity.com/threads/ransim-ransomware-simulator-test-and-discussion-thread.390947/

    https://community.spiceworks.com/topic/1880114-ransim-a-ransomware-simulator

    1. SBGuard said on December 29, 2016 at 10:47 pm
      Reply

      Hi.
      Thanks for the links. We’ll check it out and get back to you.
      SBGuard 1.4.5.1 does not show live alerts. We were planning to release it a lot sooner, but in the testing phase it gave to many false positive alerts so we decided not to go ahead with it at the moment.
      Idea is to have a signature based protection together with SBGuard (Anti-virus software + SBGuard). Once SBGuard prevents execution, Anti-virus softwares usually detect that behaviour and alert/clean/delete etc.
      We have tested this combination with most reputable signature based softwares (Bitdefender, Sophos, Kaspersky, TrendMicro, ESET, Norton etc.) and it works great.
      SBGuard 1.4.5.1 provides access to logs, which will give you an idea of what’s happening in the background and what’s blocked.
      I’ll get back to you once we review the links you sent.

      Cheers

      1. AR said on May 12, 2017 at 10:58 pm
        Reply

        Any news @SBGuard?

  3. Jonnyredhead said on October 8, 2016 at 4:13 am
    Reply

    Any updates on this article and development @SBGuard

  4. SBGuard said on September 6, 2016 at 12:06 am
    Reply

    You don’t need to Disable protection when installing new software. We advise to do so in case something in that install gets blocked, however we do installs ourselves all the time without disabling it. Enable and forget, that’s how we use it.
    If you are using the latest version 1.4.5.1 from our website you can monitor logs if something gets blocked.
    CryptoPrevent operates on a very similar way and would require same procedures when installing if it gets blocked, they just don’t tell you that :)
    We are working on a more sophisticated method of whitelisting if necessary at times. It’s very difficult to implement full ease of use and maintain full leve of protection, but we are working to make that better. Hey blame it on the Ransowmare makers :)
    Also, version from 1.4.5 include a readme button with useful information.
    Let us know if any questions.

  5. Travletravel said on September 5, 2016 at 5:04 pm
    Reply

    Hi

    In the event if I need to install a new software do I need to disable SBGuard first then re-enable it after the new software installation? CryyptoPrevent don’t require this.

    This morning I tried SBGuard and I can say the enabling/disabling is a bit lethargic.

    BTW, is there a user guide too?

    Thanks

  6. Traveltravel said on September 3, 2016 at 3:32 pm
    Reply

    Hi

    Would be great if there’s a changelog.

    1. SBGuard said on September 4, 2016 at 12:33 am
      Reply

      We are working on a changelog :)

  7. SBGuard said on September 3, 2016 at 9:59 am
    Reply

    Version 1.4 beta available for download
    http://www.sydneybackups.com.au/downloads/sbguard-1-4-beta/sbguard_1_4_beta.jpg

    If anyone is interested to have a look at and play with version 1.4 beta you can download it here:
    http://www.sydneybackups.com.au/downloads/sbguard-1-4-beta/SBGuardsetup1_4_beta.exe

    We have added bunch of new restrictions and changes to existing ones. Also added some requested features.
    Application is still not operating as a service, that is coming in next version, 1.5

    Feedback and ideas are welcome for which you will be included in contributors list.
    sbguard@sydneybackups.com.au

    Cheers

    p.s this is a beta release – test it in a safe environment first

  8. Torro said on September 2, 2016 at 11:56 pm
    Reply

    The fact that it is free is great, but vs other tools, it still time and work.

    If i were to get something like this it would be winpatrols anti ransom. yeah it is a service you need to pay for every year but so far looking at a lot of these types of tools, it would be the one id go with at the present.

    https://www.winpatrol.com/winantiransom/

    Still, keep up the great work.

  9. bjm said on September 1, 2016 at 9:59 am
    Reply

    email with download link goes to Hotmail Spam folder and Norton quarantines download setup file with WS.Reputation.1 flag. No biggy. Just feedback. Virus Total File name: SBGuardsetup.exe = Detection ratio: 3 / 57

    1. SBGuard said on September 1, 2016 at 12:55 pm
      Reply

      Thank you for letting us know. It’s most likely due to the fact that we don’t have the valid publisher certificate applied on compiled SBGuard file. This means the product publisher shows as “Unknown” which some applications and some webmail see as suspicious.
      We are working on the certificate and should have it applied some time soon.

      Cheers

  10. SBGuard said on August 31, 2016 at 11:47 pm
    Reply

    Hi,

    Before uninstalling, you have to click Disable Protection button first, otherwise all injected entries will remain.
    Disable Protection button literally goes back through the process and reverts everything that Enable button does.
    You will have problems running both CryptoPrevent and SBGuard, don’t use them together.
    Any questions, please don’t hesitate to ask.

  11. Traveltravel said on August 31, 2016 at 4:41 pm
    Reply

    Hi

    Since your software injects 700 entries into Windows’s registry what happens if I uninstall the program? Will the registry entries revert to originals? Is there any reset button to do so before uninstalling like CryptoPrevent?

    I have CryptoPrevent in my system now. If I install SBGuard will there be overlapping protection and conflicts?

    Thanks

  12. t1 said on August 31, 2016 at 2:05 am
    Reply

    anti ransomware
    appcheck
    https://www.checkmal.com/

    3 layer defense
    cloud scan
    behavior detect
    auto backup

    support language
    korean
    maybe support English

    free/pro version

    Martin Brinkmann, try this anti ransomware
    (my English terrible)

    1. c0m said on September 1, 2016 at 5:41 pm
      Reply

      LEAVE.

      Just leave.

  13. SBGuard said on August 31, 2016 at 1:35 am
    Reply

    Until the notification system has been implemented, all blocks can be seen in Windows Event Logs > Application under ID 866

  14. C0M said on August 30, 2016 at 8:10 pm
    Reply

    @CHEF-KOCH This hardens the system. I just checked a git page with your name… If it’s you: great work!!

    @USBGuard thx for the explanations… Does your hardening tool have some internet activity? does it call your home so to speak?

    1. SBGuard said on August 31, 2016 at 12:51 am
      Reply

      The tool currently does not call home nor it perform any other activity that is already not stated. This can easily be checked using Wireshark.
      We are considering an auto update function to make it easier for people to stay up to date, however when and if that happens, we will clearly state it.

      1. C0M said on September 1, 2016 at 5:41 pm
        Reply

        Thumbs up. Going to try your efforts. Thank you.

  15. dan said on August 30, 2016 at 8:09 pm
    Reply

    Looks very promising, Martin! Thanks for the pointer!

  16. CHEF-KOCH said on August 30, 2016 at 7:58 pm
    Reply

    Didn’t we learned once and for all that AV or any other tools which claiming to improve your security setup are useless? I guess so, but still they now making money with the new threats . And if another stuff comes out other tools coming out. This cat and mouse game seems to never end maybe AV industries fake some stuff to sell products.

    http://www.reuters.com/article/us-kaspersky-rivals-idUSKCN0QJ1CR20150814

  17. Anonymous said on August 30, 2016 at 7:05 pm
    Reply

    Get Download Link :

    /!\ Attention! Please correct the errors below and try again.
    – Your name is required.
    – You have entered an invalid e-mail address.

    Sorry for that.

  18. chad said on August 30, 2016 at 5:52 pm
    Reply

    Looks like while it’s still in early development, it has the potential to be a great software app to protect against all the nasty randsomware maleware out there in cyberspace. It’s greatest appeal is being able to guard against MANY forms of randsomware, and not just a few, which would undoubedly appeal to many PC users, who don’t want to guess which software app to install to protect against the seemingly endless versions of randsomwhare. Good luck! I will install soon, after a bit more development (especially to promised feature to include an on/off button), and after having read a few more reviews.

    1. SBGuard said on August 31, 2016 at 12:46 am
      Reply

      Thank you chad. There will be more features coming soon. Best way to stay tuned is to subscribe on our Download link at http://www.sydneybackups.com.au/sbguard-anti-ransomware/ and we will be posting updates as we go.
      We are also very open to feedback and suggestions.

  19. Tom Hawack said on August 30, 2016 at 5:45 pm
    Reply

    “There is also a handy restart button. You need to restart the computer before the changes take effect.” : does this mean the computer must be restarted on every enable / disable protection?

    All applications aiming at combating cryptoware are most welcomed, provided their efficiency of course. Hard to tell until you’re concerned. SBGuard notifications, planned, will be welcomed as well.

    Presently I’m relying on HitmanPro.Alert, not free in its full version. Same concerning its efficiency since I haven’t encountered any cryptoware attempt up to now.

    With cryptoware becoming madness as it spreads exponentially more and more antidote/prevention applications will rise and as always choosing the best will be a challenge.

    1. SBGuard said on August 31, 2016 at 12:42 am
      Reply

      HitmanPro.Alert is a great program. We have some plans to implement other useful anti-malware-virus-adware applications into SBGuard and perform direct download and launch from within with 1 button. This will help users who don’t have knowledge and ability to find exceptional programs like HitmanPro, ComboFix etc..

      In regards to the restart, it is required to reboot after enabling protection, however disabling will work without a reboot. Of course it is recommended to reboot, but even we don’t do it on our machines and it works.
      One of the application that gets blocked when attempting to run for the first time is Teamviewer for which we quickly disable and re-enable straight after and it takes effect.

  20. chad said on August 30, 2016 at 4:56 pm
    Reply

    Note that it does NOT support Windows Home edition, so that may eliminate many potential users from adopting this software.

    1. SBGuard said on August 30, 2016 at 5:42 pm
      Reply

      Website updated with correct wording.

      1. SBGuard said on August 31, 2016 at 12:37 am
        Reply

        As we said above, we are still performing further testing to see how SBGuard behaves on Home editions.
        We know that a lot of features work as intended, however we don’t want to make false claims until we are 100% sure they all work. It only takes 1 rule to malfunction for Ransomware to exploit it.
        We’ll get back to you once we complete the testing.

    2. SBGuard said on August 30, 2016 at 5:40 pm
      Reply

      We actually haven’t done enough testing on Home editions to be able to say it’s supported. Maybe we should correct the wording.
      Windows Home editions have a restriction when it comes to GPO implementation and many other things. We are hoping that most users have upgraded to Windows 7 pro or Windows 10 by now.
      We will however do more extensive testing and see how well it performs.

      Thanks

      1. Tom Hawack said on August 30, 2016 at 10:22 pm
        Reply

        Well, for those who run Windows 7 Home Edition it appears as I understand it that SBGuard is not a valid anti-cryptoware solution. The reasons are understandable, unfortunately Win7Home concerns more users than Win7pro+Win8pro+Win10pro all together. Quite a pity.

  21. Bigippener said on August 30, 2016 at 4:24 pm
    Reply

    “With 35+ years in IT, i call these programs bs for lazy people
    People need to stop being lazy and learn how a PC, and their operatign system works, rather than being dumb “theres an app for that” tablet people….”

    Not everybody works in IT and not everybody has the time and the knowledge or the interest you luckily possess. Think about it next time you bring your car in the shop, have your a/c maintained, or washer and dryer fixed. You could do all this yourself. But taking your words into consideration I could be tempted to assume you may be just too lazy or even too dumb to do so.

    But I don’t assume this. I believe you do not have the time, the interest and the knowledge to perform these tasks. Hm …., yes. I think I have made my point.

  22. Adrian Miller said on August 30, 2016 at 3:52 pm
    Reply

    Troubling nonsense claims on this page:

    More details about what SBGuard actually does at this stage:
    It injects around 700 registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations and prevent certain file types from executing. On top of that it will disable Windows Gadgets (known vulnerability) and disallow several other system actions Ransomware will attempt to perform to encrypt your data.

    “700 registry entries”…what for?

    “to force Windows Group Policy to use inbuilt software execution restriction capabilities”

    Utter nonsense, Software Restriction policies exist and are available to any windows user, excepting (officially) Windows Home Premium and lower windows products.

    Claiming that your product somehow has to “force” windows to enable Software Restriction policies, along with the assertion that your program has to add 700 registry entries to do this gives the impression that youre fixing a glaring omission in the Windows operating system. Not to mention that youre probably “unofficially” shoehorning the unofficial GPO into Home products, which is against licensing by the way…

    I think Microsoft will find your claims and practices interesting, dont worry, i sent them a link….

    I hate the nonsense software thats about like CryptoPrevent and VoodooShield that separate fools from their money for tools that already exist in windows, or if they have the Home version of Windows actually make their PC’s less secure by using pseudo GPO (these products actually self refer to psuedo GPO) . People would be far better off, if they have Windows Home, upgrading to Pro and using Software Restriction GPO than any of this nonsense…

    With 35+ years in IT, i call these programs bs for lazy people

    People need to stop being lazy and learn how a PC, and their operatign system works, rather than being dumb “theres an app for that” tablet people….

    1. C0M said on August 30, 2016 at 8:06 pm
      Reply

      @Adrian Miller:
      Do you work for Micr$oft?

      Unless I’m wrong, there’s no windows update that talks about ransomware.
      Also, GPO is available in the home version by fiddling in the registry…

      C-can I modify your REGISTY(C) H0LY MICRS0FT(C) PLEASE ???

    2. SBGuard said on August 30, 2016 at 4:24 pm
      Reply

      Hi Adrian,

      We appreciate your comments and your opinion. I will try to clear up few things.
      1. Yes, SBGuard uses a lot of features that exist within Windows and anyone can sit down and input them manually, all you need is time to write 700 of them, to know exactly what and how Ransomware uses and then when something goes wrong, to be able to pinpoint which one of those 700 is causing issues. Don’t you think this would be too difficult especially for a regular user, why not have it in one click?
      2. The way we inject those registry keys, they do not get registered by GPO handlers, therefor they are harder to detect. We have had a particular malware that was able to disable entries registered by GPO.
      3. Utilising restriction policies is not the only feature SBGuard provides in it’s code.
      4. SBGuard does nothing against Microsoft policies or Windows proprietary code.
      5. This is a free product. We have developed it for ourselves, family and friends before deciding to publish it and try to help. There are only good intentions here, we have no gain from this.
      6. Any suggestions are more than welcome and we will keep upgrading and making this program better, more friendly and easier to use.

      Thank you

      1. Donotcrawl said on August 30, 2016 at 4:48 pm
        Reply

        If necessary call the kettle black. There is absolutely no reason to thank somebody for being aggressive and bumptious. It does not give you any credit.

    3. mjtobias said on August 30, 2016 at 4:16 pm
      Reply

      Sorry, but your response is what is actually BS. The average computer user, and I know whereof I speak because I deal with average users on a daily basis, is not going to put in the time it takes to learn how their OS works. They just aren’t. Whether that’s good or bad is another debate, but your solution is like teaching abstinence only to teenagers. Not only is it ill-informed, it’s dangerous. But in this case, it’s dangerous to far more than just two horny teens. This kind of “solution” is no solution at all. By all means, keep doing what you do and warning people and encouraging people to learn more about their OS, but don’t denigrate effective solutions just because they don’t meet your “standards.”

  23. SBGuard said on August 30, 2016 at 3:40 pm
    Reply

    CryptoPrevent is a great piece of software there is no doubt, but there are 2 issues from which we have learned when writing SBGuard.
    One of the problems is actually the fact it offers users to select level of protection. Anything except for the highest level, will not protect against a lot of Ransomware variants. SBGuard is built to offer only one level, a maximum possible one. That may come at a cost of having false positives although in the past 2 months of testing it across various systems, we found small amounts of programs that require SBGuard disabled to install.
    Second problem with CryptoPrevent is that it does not include all restrictions that SBGuard does, in fact SBGuard has over 300 combinations more.

  24. T J said on August 30, 2016 at 3:19 pm
    Reply

    This sounds similar to the way the program I use works.

    I use Cryptoprevent. It is a free program from Foolishit.com. The difference to SBGuard is that Cryptoprevent does not interfere with program installations unless the “paranoid” settings are used. The installation is self explanatory and the effects of different settings are explained in the “advanced settings” tab in the GUI.

    I’ve never had any false positives with Cryptoprevent.

  25. Ann said on August 30, 2016 at 3:17 pm
    Reply

    Did anyone look at that clip??
    it only shows what happen if the guard is off, not when it’s on.
    yeah I can make a program and commercial show what it does when it’s off : it does not help.
    It won’t show what happens if the guard is active, is that because it does not work tooo ?

    1. Martin Brinkmann said on August 30, 2016 at 3:46 pm
      Reply

      I embedded the wrong video, sorry for that. Fixed.

  26. SBGuard said on August 30, 2016 at 2:30 pm
    Reply

    Thank you for the post.
    We do agree that more precise information is required to make admins more comfortable to use it and soon we will publish a list of most of the restrictions SBGuard uses to prevent Ransomware execution. We can not however reveal everything the software does, otherwise it will just make it that easy for malware to evade it.
    There are new features coming that will also include live notifications for all SBGuard blocks, including of legitimate software.
    All information and updates will be published to email addresses that have registered for a free download.

    Keep you posted.

    1. Martin Brinkmann said on August 30, 2016 at 3:48 pm
      Reply

      I think it is easy enough to monitor the installation to see exactly what it does. So, any bad guy might do that and get all the info needed. Legitimate users on the other hand might not want to go through the troubles, and ignore your software as a consequence.

      1. SBGuard said on August 30, 2016 at 4:32 pm
        Reply

        Unfortunately it’s a cat and mouse game between the good guys and the bad guys.
        In regards to Ransomware, we don’t really care how they work or how smart and long their code is (well we do but that’s not the point of this reply :) ), SBGuard is here to prevent their execution, which is usually performed in a very similar way across the board. Ooops I wen’t off the topic.
        Anyway, I wanted to say thank you for the feedbacks, it will all be considered when doing our next release.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.