Due to an issue where files in the "C:\Users\%UserName%\AppData\Local\Temp\.das.local.jobsroot" folder are backed up to the shelter while the AutoCAD program is running, select "Options - Exception Settings - Trusted Process List ( Please add the file "C:\Program Files\Autodesk\AutoCAD <version>\Design Automation\Bin\Das.Local.exe" to "Always allow" and use it.

The main difference between of AppCheck Pro and Free version is below.

1. Automatic Remediation and Block

AppCheck Free only blocks and kills the process while AppCheck Pro blocks and deletes(remediates) the detected Ransomware behaved files.

Automatic recovery of damaged files are both supported.

2. Network Drive and SMB Server Protection

AppCheck Pro provides protection of Network Shared folders. Any file damage or encryption behavior to attached shared folder will be detected and blocked. Especially SMB Server Protection provides protection against unwanted file change of current host's shared folder.

3. Auto Backup

AppCheck Pro provides additional protection through flexible scheduled backup of user specified folder or files.


More details and comparison chart can be found in this page.

Message is logged "Automatic Backup is completed (error: 53)".
If this message occurs, please check your IP address or computer name is correct for "Server" field, and shared folder is correct "Share" field in "Option > Auto Backup"

Below is example for entry of each field.
 

You may recover your original files if infection happened if AppCheck is installed beforehand.

However, neither AppCheck and AppCheck Pro does not support the recovery once files were encrypted before the installation.

This is due to invalid credential of target network share.
 
Please check id and password, and try again.

Due to the insufficient space of destination, AppCheck Auto Backup cannot continue the backup.
 
You may change the destination or remove unnecessary files to free up disk space.

When AppCheck Auto Backup cannot reach to target location, AppCheck logs "Auto Backup is completed (Error: 3)".
 
Check destination folder or path is available.

This is error when you have enabled Auto Backup to Network Drive, but unable to reach to destination server because of invalid server address or destination share name.
 
Please check information and try again.

 When you encounter error message (ERROR=21007), it is most likely related to your Internet connection.
 
Please check your Internet connection and try again. If error persists, please contact to Online Support.

This is because AppCheck application doesn’t have permission to destination folder.

To recover files, please follow the instruction below:

1) Right click on AppCheck in tray and select Quit.

2) In Program List, locate AppCheck Anti-Ransomware and right click to bring the context menu.

3) Click "Run program as administrator...".

4) Select files you would like to recover in quarantine and right click.

5) Select "Restore to original position". Your file is restored.

This happens when original destination path is not available.

You may restore your file to another folder using the "Export to specified location" context menu in right click.

All files deleted by AppCheck is in Quarantine. You may right click and "Restore to original location" to recover files in Quarantine.

Ransomware Proactive Defense includes automatic recovery of damaged files. You may disable RansomShelter, but some damaged files cannot be recovered.

It is recommended to enable RansomShelter because in case of proactive defense cannot block ransomware behavior, you may able to recover files manually.

AppCheck provides detailed information in "Article 4. Data Collection and Use" in "CheckMAL Software License Agreement" provided in first installation of Anti-Ransomware.

The AppCheck Anti-Ransomware protects installation folders (?:\Program Files\CheckMAL, ?:\ProgramData\CheckMAL) and AppCheck service file(AppCheckS.exe) and will be added additional security if malicious event identifies which interferes AppCheck to function properly.

However, AppCheck Pro provides additional protection for AppCheck service.

"Ransomware Behavior Detection" protects against data corruption by blocking related processes when tampering multiple file tampering at once.

Sometimes, however, it can also detect suspicious behavior of a normal program.

In this case, you may recover modified files from quarantine as follows.

(1) Check the file path and file name indicated in the item "Detecting Ransomware Behavior" in the "Threat Log" in AppCheck tool.

(2) Add detected normal executive file to whitelist by clicking "User trust file". (※ Please do not add explorer.exe / svchost.exe system file, because it may not prevent file encryption by Ransomware infection.)

(3) Select files for recover in the "Quarantin", and click "Restore to original location" in context menu with the right mouse click.

You might want to report your false positive application to through "Support - Online Support" in our homepage, so we can improve our product for the future.

The option for automatic deletion of files after 7 days is provided.

You may manually delete them by disabling AppCheck real-time protection.

First locate the file encrypted files and remove them.

Then browse to the original file stored in the Ransomware Shelter backup folder<DriveLetter\Backup(AppCheck)>, copy (Ctrl + C) and paste (Ctrl + V) it to desired location.

AppCheck Anti-Ransomware for personal (non-commercial) provides only process block protection from ransomwares.

If you want to remove(remediate) the ransomware itself, please purchase the full version AppCheck Pro.

In case of file tampering behavior is originated from system file, it is only blocked and not deleted and if ransomware binary file is locked and cannot be deleted, file extension is renamed to .bak which prevents from running in the future.