Frequently Asked Questions

Check out our FAQ for installation and usage, purchases and license registration for AppCheck

Q.
What is the difference between AppCheck Free and AppCheck Pro?
A.
The main difference between of AppCheck Pro and Free version is below.

1. Automatic Remediation and Block

AppCheck Free only blocks and kills the process while AppCheck Pro blocks and deletes(remediates) the detected Ransomware behaved files.

Automatic recovery of damaged files are both supported.

2. Network Drive and SMB Server Protection

AppCheck Pro provides protection of Network Shared folders. Any file damage or encryption behavior to attached shared folder will be detected and blocked. Especially SMB Server Protection provides protection against unwanted file change of current host's shared folder.

3. Auto Backup

AppCheck Pro provides additional protection through flexible scheduled backup of user specified folder or files.


More details and comparison chart can be found in
this page.
Q.
Autobackup is completed. (Error: 53)
A.
Message is logged "Automatic Backup is completed (error: 53)".
If this message occurs, please check your IP address or computer name is correct for "Server" field, and shared folder is correct "Share" field in "Option > Auto Backup"

Below is example for entry of each field.
 
Q.
Can I recover files encrypted by Ransomware with AppCheck?
A.
You may recover your original files if infection happened if AppCheck is installed beforehand.

However, neither AppCheck and AppCheck Pro does not support the recovery once files were encrypted before the installation.
Q.
Error message while update (ERROR=12175)
A.

You could encounter a message “an error occurred while update. (ERROR=12175)” when you run "AppCheck Information → Check Updates" menu in the environment with AppCheck installed.

 

This error could be caused by preventing to get an update server security certificate because the computer date is set differently from the current time.

Please adjust the computer date and try again.

Q.
Auto Backup Completed (Error: 86)
A.
This is due to invalid credential of target network share.
 

Please check id and password, and try again.
Q.
Cannot continue backup due to insufficient space.
A.
Due to the insufficient space of destination, AppCheck Auto Backup cannot continue the backup.
 

You may change the destination or remove unnecessary files to free up disk space.
Q.
Auto Backup is Completed (Errror: 1223)
A.
While running Auto Backup, unexpected interruption happens, such as system rebooting or AppCheck update, AppCheck logs "Auto Backup is completed (Error: 1223)".
AppCheck will re-run Auto Backup in next schedule and continue to backup that are not completed.
Q.
Auto Backup Completed (Errror: 3)
A.
When AppCheck Auto Backup cannot reach to target location, AppCheck logs "Auto Backup is completed (Error: 3)".
 

Check destination folder or path is available.
Q.
Auto Backup is completed (Error: 67)
A.
This is error when you have enabled Auto Backup to Network Drive, but unable to reach to destination server because of invalid server address or destination share name.
 

Please check information and try again.
Q.
Error message while update (ERROR = 12007)
A.
 When you encounter error message (ERROR=21007), it is most likely related to your Internet connection.
 

Please check your Internet connection and try again. If error persists, please contact to Online Support.
Q.
I’m unable to restore quarantine file. (Code: 5)
A.
This is because AppCheck application doesn’t have permission to destination folder.

To recover files, please follow the instruction below:

1) Right click on AppCheck in tray and select Quit.

2) In Program List, locate AppCheck Anti-Ransomware and right click to bring the context menu.

3) Click "Run program as administrator...".

4) Select files you would like to recover in quarantine and right click.

5) Select "Restore to original position". Your file is restored.
Q.
I’m unable to restore quarantine file. (Code: 3)
A.
This happens when original destination path is not available.

You may restore your file to another folder using the "Export to specified location" context menu in right click.
Q.
AppCheckD.sys related blue screen during app check.
A.
If you encounter a blue screen due to a crash related to the AppCheckD.sys driver, boot into Safe Mode (F8) and follow the instruction.

1) ?:\Windows\MEMORY.DMP (Please copy the file to another folder and compress it.)

2) In control panel, uninstall AppCheck.

3) After booting in normal mode, if the following dump file exists, please send the compressed file to Customer Center.

* C:\Windows\MEMORY.DMP (Please copy the file to another folder and compress it.)
* Minidump file is created to ?:\Windows\Minidump folder at blue screen
Q.
I’d like to recover files which were detected as malicious by AppCheck.
A.
All files deleted by AppCheck is in Quarantine. You may right click and "Restore to original location" to recover files in Quarantine.
Q.
If I disable RansomShelter, does it affect Ransomware Proactive Defense?
A.
Ransomware Proactive Defense includes automatic recovery of damaged files. You may disable RansomShelter, but some damaged files cannot be recovered.

It is recommended to enable RansomShelter because in case of proactive defense cannot block ransomware behavior, you may able to recover files manually.
Q.
I’d like to know which information is sent while using AppCheck.
A.
AppCheck provides detailed information in "Article 4. Data Collection and Use" in "CheckMAL Software License Agreement" provided in first installation of Anti-Ransomware.
Q.
Does AppCheck have self protection?
A.
The AppCheck Anti-Ransomware protects installation folders (?:\Program Files\CheckMAL, ?:\ProgramData\CheckMAL) and AppCheck service file(AppCheckS.exe) and will be added additional security if malicious event identifies which interferes AppCheck to function properly.

However, AppCheck Pro provides additional protection for AppCheck service.
Q.
I get error, "Service is not running, do you want to run it now?“ when I run AppCheck.
A.
This error message is displayed when AppCheck Service process (AppCheckS.exe) is not running properly.

Due to the variety of PC environments, please check following for determine and troubleshooting.

1) AppCheckS.exe file has been deleted and does not exist.
Please check AppCheck installation directory ("?:\Program Files\CheckMAL\AppCheck\AppCheck.exe").
Some of antivirus may detect our application as false positive. Check the diagnosis log or quarantine of your antivirus program and restore the file.

If AppCheckS.exe does not exist, remove "AppCheck Anti-Ransomware" from Control Panel and reinstall it.

2) AppCheckS.exe file exists problem persists.
Try click "Yes" in the error window.
If the same message is repeated, please find the dump file and log file referring to the following information and send the compressed file to Online Request.

Also, if the "AppCheck Anti-Ransomware Service" item is deleted and does not work, please remove "AppCheck Anti-Ransomware" from Control Panel and reinstall it.

[Dump file location] - Check "Show hidden files, folders and drives" in folder options
Locate files %SYSTEMROOT%\System32\config\systemprofile\AppData\Local\CrashDumps\AppCheckS*.dmp. (You may need permissions to access the folder. Please try to access in sequence.)

[Log file location] - Check "Show hidden files, folders and drives" under Folder options
In ?:\ProgramData\CheckMAL\AppCheck, you may locate files with .db and .log extension)

If you cannot find crash dump folder and/or files, please apply following registry to create crash dump, then send it to us after the dump file is created.

[How to set up user dump]
Please download userdump.reg file apply and reboot.
Q.
The "Ransomware Behavior Detected" message is displayed and the normal program is forcibly terminated.
A.
"Ransomware Behavior Detection" protects against data corruption by blocking related processes when tampering multiple file tampering at once.

Sometimes, however, it can also detect suspicious behavior of a normal program.

In this case, you may recover modified files from quarantine as follows.

(1) Check the file path and file name indicated in the item "Detecting Ransomware Behavior" in the "Threat Log" in AppCheck tool.

(2) Add detected normal executive file to whitelist by clicking "User trust file". (※ Please do not add explorer.exe / svchost.exe system file, because it may not prevent file encryption by Ransomware infection.)

(3) Select files for recover in the "Quarantin", and click "Restore to original location" in context menu with the right mouse click.

You might want to report your false positive application to through "Support - Online Support" in our homepage, so we can improve our product for the future.
Q.
How do I delete files stored in RansomShelter Backup Folder <Backup (AppCheck)>?
A.
The option for automatic deletion of files after 7 days is provided.

You may manually delete them by disabling AppCheck real-time protection.
Q.
I want to recover the original file stored in RansomShelter Backup Folder <Backup (AppCheck)> due to Ransomware infection.
A.
First locate the file encrypted files and remove them.

Then browse to the original file stored in the Ransomware Shelter backup folder<DriveLetter\Backup(AppCheck)>, copy (Ctrl + C) and paste (Ctrl + V) it to desired location.
Q.
Is the file automatically blocked(cured) by Ransomware behavior detection?
A.
AppCheck Anti-Ransomware for personal (non-commercial) provides only process block protection from ransomwares.

If you want to remove(remediate) the ransomware itself, please purchase the full version AppCheck Pro.

In case of file tampering behavior is originated from system file, it is only blocked and not deleted and if ransomware binary file is locked and cannot be deleted, file extension is renamed to .bak which prevents from running in the future.

위로