Frequently Asked Questions

Check out our FAQ for installation and usage, purchases and license registration for AppCheck


Q. Is the file automatically blocked(cured) by Ransomware behavior detection?
AppCheck Anti-Ransomware for personal (non-commercial) provides only process block protection from ransomwares.

If you want to remove(remediate) the ransomware itself, please purchase the full version AppCheck Pro.

In case of file tampering behavior is originated from system file, it is only blocked and not deleted and if ransomware binary file is locked and cannot be deleted, file extension is renamed to .bak which prevents from running in the future.
Q. I want to recover the original file stored in RansomShelter Backup Folder <Backup (AppCheck)> due to Ransomware infection.
First locate the file encrypted files and remove them.

Then browse to the original file stored in the Ransomware Shelter backup folder<DriveLetter\Backup(AppCheck)>, copy (Ctrl + C) and paste (Ctrl + V) it to desired location.
Q. How do I delete files stored in RansomShelter Backup Folder <Backup (AppCheck)>?
The option for automatic deletion of files after 7 days is provided.

You may manually delete them by disabling AppCheck real-time protection.
Q. The "Ransomware Behavior Detected" message is displayed and the normal program is forcibly terminated.
"Ransomware Behavior Detection" protects against data corruption by blocking related processes when tampering multiple file tampering at once.

Sometimes, however, it can also detect suspicious behavior of a normal program.

In this case, you may recover modified files from quarantine as follows.

(1) Check the file path and file name indicated in the item "Detecting Ransomware Behavior" in the "Threat Log"  in AppCheck tool.

(2) Add detected normal executive file to whitelist by clicking "User trust file". (※ Please do not add explorer.exe / svchost.exe system file, because it may not prevent file encryption by Ransomware infection.)

(3) Select files for recover in the "Quarantine“, and click "Restore to original location" in context menu with the right mouse click.

You might want to report your false positive application to through "Support - Online Support" in our homepage, so we can improve our product for the future.
Q. I get error, "Service is not running, do you want to run it now?“ when I run AppCheck.
This error message is displayed when AppCheck Service process (AppCheckS.exe) is not running properly.

Due to the variety of PC environments, please check following for determine and troubleshooting.

1) AppCheckS.exe file has been deleted and does not exist.
Please check AppCheck installation directory ("?:\Program Files\CheckMAL\AppCheck\AppCheck.exe").
Some of antivirus may detect our application as false positive. Check the diagnosis log or quarantine of your antivirus program and restore the file.

If AppCheckS.exe does not exist, remove "AppCheck Anti-Ransomware" from Control Panel and reinstall it.

2) AppCheckS.exe file exists problem persists.
Try click "Yes" in the error window.
If the same message is repeated, please find the dump file and log file referring to the following information, and send the compressed file to Online Request.

Also, if the "AppCheck Anti-Ransomware Service" item is deleted and does not work, please remove "AppCheck Anti-Ransomware" from Control Panel and reinstall it.

[Dump file location] - Check "Show hidden files, folders and drives" in folder options
Locate files %SYSTEMROOT%\System32\config\systemprofile\AppData\Local\CrashDumps\AppCheckS*.dmp. (You may need permissions to access the folder. Please try to access in sequence.)

[Log file location] - Check "Show hidden files, folders and drives" under Folder options
In ?:\ProgramData\CheckMAL\AppCheck, you may locate files with .db and .log extension)

If you cannot find crashdump folder and/or files, please apply following registry to create crash dump, then send it to us after the dump file is created.

[How to set up user dump]
Please download userdump.reg file apply and reboot.
Q. Does AppCheck have self protection?
The AppCheck Anti-Ransomware protections installation folders (?:\Program Files\CheckMAL, ?:\ProgramData\CheckMAL) and will be added additional security if malicious event identifies which interferes AppCheck to function properly.
Q. I’d like to know which information is sent while using AppCheck.
AppCheck provides detailed information in "Article 4. Data Collection and Use" in "CheckMAL Software License Agreement" provided in first installation of Anti-Ransomware.
Q. If I disable RansomShelter, does it affect Ransomware Proactive Defense?
Ransomware Proactive Defense includes automatic recovery of damaged files. You may disable RansomShelter, but some damaged files cannot be recovered.

It is recommended to enable RansomShelter because in case of proactive defense cannot block ransomware behavior, you may able to recover files manually.
Q. I’d like to recover files from AppCheck which it detected as malicious.
All files deleted by AppCheck is in Quarantine. You may right click and "Restore to original location" to recover files in Quarantine.
Q. AppCheck blocks while I’m running normal program.
CARB engine in AppCheck may identify the behavior as ransomware and block few applications such as file recovery tool and file secure erase application.

You may disable Real-Time Protection for temporary. Also you may add your application to "Whitelist" in order to disable further detection.
Q. Can I recover files encrypted with Ransomware infection with AppCheck?
You may recover your original files if infection happened if AppCheck is installed beforehand.

However, AppCheck does not support the recovery once file was encrypted files before the installation.
Q. Avast Hardened mode blocks AppCheck.
Avast! AppCheck.exe, AppCheckS.exe, Uninstall.exe files can be blocked during the installation, deletion, update, and execution of AppCheck anti-ransomware if the Hardened mode option is set, please add AppCheck application to whitelist, to function properly.
Q. AppCheckD.sys related blue screen during app check.
If you encounter a blue screen due to a crash related to the AppCheckD.sys driver, boot into Safe Mode (F8) and follow the instruction.

1) ?:\Windows\MEMORY.DMP (Please copy the file to another folder and compress it.)

2) In control panel, uninstall AppCheck.

3) After booting in normal mode, if the following dump file exists, please send the compressed file to Customer Center.

* C: ?:\Windows\MEMORY.DMP (Please copy the file to another folder and compress it.)
* Minidump file is created to ?:\Windows\Minidump folder at blue screen
Q. I’m unable to restore quarantine file. (Code: 3)
This happens when original destination path is not available.

You may restore your file to another folder using the "Export to specified location" context menu in right click.
Q. I’m unable to restore quarantine file. (Code: 5)
This is because AppCheck application doesn’t have permission to destination folder.

To recover files, please follow the instruction below:

1) Right click on AppCheck in tray, and select Quit.

2) In Program List, locate AppCheck Anti-Ransomware and right click to bring the context menu.

3) Click "Run program as administrator...".

4) Select files you would like to recover in quarantine and right click.

5) Select "Restore to original position". Your file is restored.
Q. Error message while update (ERROR = 12007)
 When you encounter error message (ERROR=21007), it is most likely related to your Internet connection.

Please check your Internet connection, and try again. If error persists, please contact to Online Support.
Q. Auto Backup is completed (Error: 67)
This is error when you have enabled Auto Backup to Network Drive, but unable to reach to destination server because of invalid server address or destination share name. Please check information and try again.
Q. Auto Backup Completed (Errror: 3)
When AppCheck Auto Backup cannot reach to target location, AppCheck logs "Auto Backup is completed (Error: 3)". Check destination folder or path is available.
Q. Auto Backup is Completed (Errror: 1223)
While running Auto Backup, unexpected interruption happens, such as system rebooting or AppCheck update, AppCheck logs "Auto Backup is completed (Error: 1223)".
AppCheck will re-run Auto Backup in next schedule, and continue to backup that are not completed.
Q. Cannot continue backup due to insufficient space.
Due to the insufficient space of destination, AppCheck Auto Backup cannot continue the backup. You may change the destination or remove unnecessary files to free up disk space.
Q. Auto Backup Completed (Error: 1326)
This is due to invalid credential of target network share. Please check id and password, and try again.

Please upgrade your web browser for better website experience.