A typical method of malicious code infections including Ransomware is automatic infecting through software vulnerabilities (exploits) of web browsers and Adobe Flash Player. In fact, recently, Magniber Ransomware, targets users who do not have proper security patches, which is infected automatically and cause damage just by accessing the website.
Today, CheckMAL released AppCheck version 126.96.36.199 with the "Vulnerability Protection (Exploit Guard)" to prevent automatic infection through vulnerability in advance.
This release includes Exploit Guard(beta), so both free and paid users can get benefit of exploit protection.
To enable Explot Guiard, you may simply turn "Exploit Guard" on in AppCheck main window, and will be prompted "This feature is currently in beta and should be used with caution. Would you like to read more?".
Exploring into more of Exploit Guard, four categories of protection are available.
|Web Browser|| Internet Explorer, Microsoft Edge, Chrome, Firefox|
|Plugin|| Java, Adobe Flash Player|
|Media Player|| Windows Media Player, Windows Media Center, GomPlayer, PotPlayer|
|Office|| Microsoft Office, Hancom Office, Adobe Acrobat|
While protected applications are running, Exploit Guard prevents malicious code execution through its vulnerability, and protects from not only ransomwares but also many exploit based malwares.
Picture above demonstrates detection of exploit through Internet Explorer while visiting malicious website.
When user clicks the message, user can get the information of blocked application, and "Details" will provide the additional information.
Note that blocked applications by Exploit Guard are blocked even the application is listed in Whitelist.
User can find more information of blocked process by Exploit Guard in Detection Log.
Exploit Guard includes file submission feature. User has an option to submit files by enabling "Send suspicious files upon detection(The file is submitted anonymously and will be used only for analysis)"
For better detection and feature improvement, please allow us to collect files.
Exploit Guard added in AppCheck 188.8.131.52 protects users from various exploit based malwares proactively. It is recommended to update AppCheck and activate the Exploit Guard feature.Since Exploit Guard is provided as beta, user may experience abnormal behavior of protected applications.
If you are experiencing the issue, you may disable the applications causing issues in "Exploit Guard (BETA)" or turn the Exploit Protection off.
Also, if you have any bugs or opinion for improvement, please contact us through "Online Support
" on our website.
Finally, check out the video demonstration of Magniber Ransomware protected by AppCheck. ◆ Currently known issues and how to solve it.
(1) Avast! When Exploit Guard is activated in the environment of other vaccine is installed, antivirus users may experience irregular error message or web browser malfunction while PotPlayer is running.
- (Solution) Disable Exploit Guard in AppCheck options.