AppCheck Anti-Ransomware review
AppCheck Anti-Ransomware by Checkmal is a complementary security solution for devices running Windows designed specifically to protect the device it is running on against ransomware attacks and exploits.
Ransomware attacks come in many different forms but the bulk of them holds files on the local system ransom by encrypting them. Affected users are asked to pay a specific sum, usually in Bitcoin, to purchase the encryption password that allows them to decrypt the data.
While you may get the encryption key when you pay, there is no guarantee that this is indeed the case.
Users and administrators can protect data in several ways; regular external backups are a must, as is the use of common sense to avoid the bulk of attacks. Anti-Ransomware software runs side by side with other security solutions, usually.
You can check out our overview of anti-ransomware software for Windows, or check out solutions such as Acronis Ransomware Protection, SBGuard Anti-Ransomware, or Bitdefender Anti-Ransomware.
AppCheck Anti-Ransomware
AppCheck Anti-Ransomware by Korean developer Checkmal is another program that you can run on your Windows systems to protect it against forms of ransomware and exploits. The program is fully compatible with all recent 32-bit and 64-bit versions of the operating system, and available as a free and pro version.
The free version is good for home use, the pro version may be used in corporate environments as well. Good news is: the core features, that is ransomware protection and exploit protection, are supported by both versions.
Program installation is straightforward; you get to select the installation directory but that is about it as no other options are provided. You can run the program right after installation to launch the control interface.
AppCheck Anti-Ransomware works automatically after installation but you may want to check out the interface and settings on first start to make sure everything is configured correctly.
The main interface displays toggles to turn protective features on or off. Three protections are enabled in the free version, real-time protection, exploit protection, and MBR protection are enabled but network drive protection is not. The latter is one of the Pro version features that the free version lacks.
The options
A click on the cogwheel icon in the interface opens the program options. The options are divided into tabs for easier access. Here is a quick overview of the preferences of the program:
- General: disable anonymous submission of files for analysis and auto-update.
- Ransom Guard: change ransomware protection and detection functionality, e.g. for how long important files are kept in the "Ransom Shelter", a safe space to protect files.
- Exploit Guard: toggle the feature and select which applications it should protect (web browsers, plugins, media players)
- Cleaner: customize the built-in cleaner functionality
- Auto Backup: is a Pro feature. May be used to create automatic backups of selected folders.
- Whitelist: exclude files so that they may be run on the system.
Protection
The developer states that AppCheck Anti-Ransomware protects against more than 900 different types of ransomware using the built-in behavior engine.
The program monitors the system while running and reacts to threats it identifies immediately.
YouTube user Cruelsister ran some tests in April 2017 and AppCheck Anti-Ransomware did well in the test. While the program did not protect 100% against any ransomware thrown at the system it was running on, it did protect against many.
The user's result was that AppCheck offered good but not perfect protection against the tested ransomware threats.
A user on the Tweakbytes forum ran tests as well against different types of ransomware and concluded that he considered AppCheck Anti-Ransomware to be a "must have" as it protected against the bulk of threats.
For me, AppCheck Anti-Ransomware is a must have, even in the free version, which is available for personal use, paying not even a penny. It will dramatically improve your level of security, against the ever-evolving amount of ransomware being brought up every day.
I ran custom tests on a test machine using RanSim and other ransomware files, and results were quite good even in the free version. The free version lacks several features that improve protection further.
Pro users get access to network drive, SMB server, and removable drive protection features, Office exploit protection, and automatic remediation and backup features.
The program uses a surprisingly low amount of memory while it is running on the system. While it does use multiple processes, all of the application's processes use less than 10 Megabytes of memory while it runs in the background.
Update: We took another look at the program in 2019. The developer improved it since our initial review in 2018. Protection has improved with additional signatures added to the detection database. The program works just like before for the most part though.
Closing Words
AppCheck Anti-Ransomware is a powerful yet lightweight program designed to protect Windows devices against ransomware attacks and exploits. While not perfect, it does a good job at protecting the system against threats; the developers push out new versions of the program frequently to add safeguards against new ransomware threats and exploits.
Now You: Do you use anti-ransomware software?
Related articles
- CyberSight RansomStopper anti-ransomware for Windows
- No More Ransom: Anti-Ransomware Help Site
- RansomFree: protect your PC against ransomware
- TrendMicro Ransom Buster: Windows ransomware protection
I downloaded appcheck hoping I could restore my .lanset infected files. Looks like it won’t though. *sighs*
@Munak I have seen quite some ransomware bypassing my AV (like as AVG, F-Secure, Qihoo 360, Avira, Tencent PC Manager Global, Dr. Web, G-Data, VIPRE) which I tested in contained environment (not all for a long period, some only a few times), or getting detected by the Behavior blocker / the HIPS only after some files were affected. Not all antivirus products offer a restore / backup function.
That trend has gone back, mostly because signatures catch ransomware fast.
However, a undetected one will for sure cause trouble.
So IMO it’s wise to have some additional layer next to your AV of trust.
AppCheck is light and will not interfere with your AV (correct me if there is one).
You’re correct with the assumption I was given a license for the review (a single one, 1y), but with the request to continuously update the review, which I do as long as the license is active and whenever I find time.
Before being asked to do the review, I was a user of the free AppCheck AR and have been ever since.
There are plenty of solutions out there, but I didn’t try anything but RanStop (great, but heavy and paid, taken from a Giveaway when it was launched) and RansomFree (not on the level of AppCheck).
Yes, there will be ransomware not being blocked by AppCheck, that’s why you should have backups and a good AV (both stated in the review).
However, the dev does update the behavior detection rules (it’s a signature-less solution!!!) regularly, I’ve seen some ransomware being blocked only after a new version came out (Princess Locker).
Biggest point in the FREE version which IMO should be pointed out in the article and is the no-brainer in the whole product is the MBR protection, which has been part of the paid only version some time ago.
AFAIK the FREE version will also autobackup (but is not adjustable in terms of how often), and will roll back ransomware attacks (in terms of affected files).
As for the new Anti-Exploit functions, I cannot tell about, haven’t yet tried them.
Upon installation, the program created a folder called “Backup(Appcheck)” and a copy of an Excel file that I worked on. When clicking on this file, a window pops up that says “Document file xxx is locked for editing by yourself on a different system since. Open document read-only, or ignore own file locking and open the document for editing.”
Does anybody know what´s happening here?
Joe, I’ve got a “Backup(Appcheck)†folder in two different places – in the root of C: (the system drive) and D: (my data drive). In both cases the Appcheck folder has 4 subfolders (different of course) with various files and folders inside.
For example, there’s this: “C:\Backup(AppCheck)\Windows\appcompat\UA\GenericApp.png”. The .png file is a tiny graphic of ‘something’, can barely see it.
I agree, what is going on?
“RansomShelter is a temporary backup folder created in each drives, while files are created/modified/deleted in certain conditions. These files can be maintained up to seven days.
The purpose of this backup is to keep your original files and recover them in case of Ransomware encrypts files.
The folder is safely protected while Real-Time Protection is on. In some cases user might need extra spaces in the disk drive, may click “Empty RansomShelterâ€(trash icon), to delete RansomShelter folders in each drives.
Files are completely removed from the disk and not moved to windows Recycle Bin. In cases of files are not removed due to the permission issue, you may turn off Real-Time Protection while manually deleting the folders.”
Source : https://www.checkmal.com/manual/detail/
Belga, thanks very much for finding that explanation!
Mike S.
P.S.
On the difference between “product version” and personal user specification (permanent use of trial version) “backup system”
I have taken measures by using SpiderOak “ONE Backup” of cloud storage service.
https://spideroak.com/#start
“ONE Backup”
Secure cloud backup to protect you and your family from data loss and ransomware.
https://support.spideroak.com/hc/en-us/categories/115000423763-ONE-Backup
“I tend to not trust those who deceptive hype as this.”
I also share that value.
However, Author’s Martin Brinkmann
“The free version of the program blocks the malware process but does not offer remediation.” It is a free product and the 2-year license is available for $ 39.99.
“AppCheck Anti-Ransomware for personal (non-commercial) only process block protection from ransomwares.In case of file tampering behavior is originated from system file, it is only blocked and not deleted and if romomware binary file is locked and can not be deleted , file extension is renamed to .bak which prevents from running in the future “.
That commentary is enough for me.
It is similar to “faith” whether to believe or not. Since “trial version” is prepared, if you try it, you can obtain the degree of judgment.
For me, the point that this application’s “Korea” originated was a bottleneck and concerned about reliability. Knowing that there are many things “Russian, Chinese and Korean products lack credibility” on the knowledge.
Since this site (ghacks.net) can be trusted with objectivity and accuracy, I decided to “trial”.
I felt that the trial version was as commented by Martin (Author).
In particular, I was impressed with the low load (real, ZERO emission) at the time of resident (CPU: 0%, RAM: about 1 to 1.3%). In other applications, SystemResources (CPU, RAM) is wasted, and when updating the definition file the performance of the PC (overall responsiveness of the system) decreases.
Also, in order to confirm the support capability, I sent E-mail (https://appcheck.jiransoft.jp/ask/). There was a response soon, the contents were appropriate.
I got a good impression on this product and Developer.
In reference:
https://appcheck.jp/clm180302/
https://appcheck.jp/product/
https://appcheck.jp/manual/
“For me, AppCheck Anti-Ransomware is a must have, even in the free version, which is available for personal use, paying not even a penny. It will dramatically improve your level of security, against the ever-evolving amount of ransomware being brought up every day.”
Hmm, that sounds like a paid endorsement.
From their site:
“AppCheck is the only solution providing proactive defense from unknown ransomware threats based on Context-Awareness Ransomware Behavior engine.”
I tend to not trust those who use deceptive hype as this.
KIS and Malwarebytes provide sufficient protection against Ransomware, so I’m fine with that.
Personly I saw in the past what can happen when you have multiple security programs (Like antivirus, firewall, Petya and WannaCry (Filecoder) ransomware, etc.etc.) installed who are not working optimal (in best case scenarios) or not at all together. Next to that one program who does all also works faster.
So right now I am a fan of the low prized Eset Nod32 antivirus program who will do all for you.
This because Advanced Memory Scanner, ESET LiveGrid® Reputation System and Exploit Blocker are included.
Additionally, the latest ESET products provide also an enhanced Botnet Protection module that blocks communication between ransomware and Command and Control (C&C) servers.
I really like to here anybody his thought about this because I have to make a renewed round off all the players to see what changed last year because I have to renew the license.
Still someone wanting to make cash on the misery of people. Usual nowadays.
I use WinPatrol WAR but the available support for the product has fallen back dramatically in the last year or so, and bugfixes / updates are rare — nothing in over a year. One or two annoying bugs, too. Considering looking for alternatives…
Free version capabilities does not include “Automatic Remediation – Automatically block and remediate when ransomware behavior is detected.”
Yeah, you’re screwed if ransomware get’s to your PC. https://www.checkmal.com/product/appcheck/
Anders, the free version of the program blocks the malware process but does not offer remediation. Agree that it is not ideal but it is a free product and the 2-year license is available for $39.99.
“AppCheck Anti-Ransomware for personal (non-commercial) provides only process block protection from ransomwares.In case of file tampering behavior is originated from system file, it is only blocked and not deleted and if ransomware binary file is locked and cannot be deleted, file extension is renamed to .bak which prevents from running in the future”
BitDefender anti ransomware is crap, also CyberReason AntiRansomware is crap.
Martin, thanks for bringing this to our attention, sounds like a useful app.
I miss 1 aspect in the review: how well / effectively is Checkmal able to keep up with the ever-changing world of malware? How often are the malware signatures updated?
Klaas, the program does not protect against malware, only against ransomware and exploits. It is updated regularly, but not as frequently as antivirus products.
Sorry for the wrong term Martin, I used have used a more appropriate term: garbageware ;-)
Anyway, thanks for the info re updates.