Online Manual

Installation, removal and how-to instructions for AppCheck Anti-Ransomware Solution.

AppCheck Anti-Ransomware: Installation

AppCheck Anti-Ransomware (AppCheck below) supports Windows 7 (32/64bit) and higher operating system. Installer is integrated into single installer file, and automatically appropriate language by detecting operating system language.

  • ⑴ It is recommended to shut off all your applications before the installation.

    Image - AppCheck Installation Screen #1

  • ⑵ Read License Agreement carefully, and click "I Agree" button to continue the installation.

    Image - AppCheck Installation Screen #2

  • ⑶ The default installation folder (both 32 and 64 bit) for AppCheck is “C:\Program Files\CheckMAL\AppCheck”

    Image - AppCheck Installation Screen #3

  • ⑷ Click "Finish" button to complete the installation and launch AppCheck.

    Image - AppCheck Installation Screen #4

AppCheck Anti-Ransomware: Uninstallation

  • ⑴ To uninstall AppCheck, go to Control Panel and click "Uninstall a program." Find "AppCheck Anti-Ransomware" and double click.

    Image - AppCheck Uninstallation Screen #1

  • ⑵ Before the uninstallation, it is recommended to turn off "AppCheck Anti-Ransomware" in the system tray, and click "Next" button.

    Image - AppCheck Uninstallation Screen #2

  • ⑶ To remove AppCheck from the system click "Uninstall" button.

    Image - AppCheck Uninstallation Screen #3

  • ⑷ After the uninstallation process, manually locate RansomShlter folder "" in each drive and delete them.

    Image - AppCheck Uninstallation Screen #4

AppCheck Anti-Ransomware: Main Menu

Image - AppCheck Main Menu Screen

  • Genuine Registration:: Purchase guide and genuine online registration.
  • Tools: Provides threat log, quarantine and event lig information.
  • Options: General, Ransom Guard, Auto Backup, WHitelist settings.
  • System Scan: Click to start scan the system and remove Ransomware generated payment instruction files.
  • Real-time Protection: Enable/Disable Ransom Guard(Ransomware Protection, Ransom Shelter), Ransom Shelter<Backup(AppCheck)> and Auto Backup <AutoBackup(AppCheck)> Folder Protection.
  • Ransomware Protection (partially for Pro only): Proactive Ransomware Defense, File Destruction Detection, Automatic Remediation(Pro only), MBR protection(Pro only), File Protection in shared folder(Pro only).
  • Ransom Shelter: Real-time backup of original files and automatic restoration of damaged files from RansomShelter folder <Backup(AppCheck)>.
  • Auto Backup(Pro only): Automatic backup of user specified folder to the desired location using file history method.
[ 1-1 ] System Scan

The system scan displays the results of the scan as "safe" or "Infected" through a manual scan of the Ransomware payment instructions file.

Image - AppCheck System Scan Screen

If the system is diagnosed as "Dangerous" as a result of the scan, you can click the circle to check the details of the system scan. You can delete and move to quarantine the diagnosed files by clicking the "Remediate All" button.

Image - AppCheck System Scan Result Screen

[ 1-2 ] Real-time protection

Real-time protection includes Ransom Guard (Ransomware Proactive Defense, Ransom Shelter, File Destruction Detection, MBR Protection, File Protection in Shared Folders), automatic deletion of files stored in Ransom Shelter, and enable/disable protection on both Ransom Shelter <Backup (AppCheck)> folder and Auto Backup <AutoBackup (AppCheck)> folder.

Image - Image - AppCheck Real-time protection inactive screen

While Auto Backup feature is independent of Real-time protection, Automatic Backup folder <AutoBackup (AppCheck)> cannot be protected when Real-time protection is disabled.

Depending on Real-time protection is enabled or disabled, the AppCheck icon changes color in the system tray.

Image - AppCheck system tray notification area comparison screen

  • Green icon: Real-time protection enabled.
  • Gray icon: Real-time protection disabled.
[ 1-3 ] Blocking Ransomware Behavior

RansomGuard blocks and remediates the Ransomware encryption behavior and notifies "Ransomware behavior detected" when file encryption behavior has detected.

Image - 앱체크 랜섬웨어 차단 알림 화면

  • Details: Opens AppCheck Tools, and you can review threat log, quarantine, event log information.
  • Move to Quarantine: Move detected file to quarantine to stop running. System files and codesigned files are only blocked and cannot be removed.
  • Add to Whitelist: If the detection is considered as normal behavior, the user may add them to the whitelist, and AppCheck will not monitor the application in the future.

Note that AppCheck (Free) only blocks the process when ransomware behavior is detected, while AppCheck Pro provides removal.

[ 1-4 ] Ransom Shelter

Ransom Shelter included in RansomGuard provides real-time backup of original files to the <AppCheck(Backup)> folder when detecting file encryption behavior by Ransomware or file damage behavior which meets specific criteria.

This backup is utilized for automatic recovery of damaged file. File extension list in Ransom Guard are the target for automatic backup and restore.

Ransom Shelter Folder <Backup (AppCheck)> is created on each drive and provides an option to automatically delete the backed-up files when the seven days have elapsed regarding disk capacity management.

[ 1-5 ] Auto backup

Auto Backup feature is provided in AppCheck Pro. You may configure to periodically backup the folder to designated destination using file history method.

Users can specify backup run for only specific extensions, folders, and exclusions.

Backup destination can be either Local Disk, Network Shared Folder (SMB / CIFS), or Central Management Server (CMS Enterprise).

In particular, the Auto Backup folder <AutoBackup (AppCheck)> protects your backup files from various file tampering action, including Ransomware..

[ 1-6 ] Genuine Registration

AppCheck Anti-Ransomware Free has some features limited in Ransom Guard and Auto Backup. Individuals who want to use without limitations or for companies and government should purchase AppCheck Pro.

To purchase the AppCheck Pro license, click on the "Registration" button (key shape icon) at the top of the AppCheck main screen, and click "Buy Now"

Image - AppCheck genuine registration screen

For online registration and activation Internet connection is required. You may receive license information through your email. Enter email and license key provided and click "OK" to complete the online activation.

Image - AppCheck license expiration screen

You may receive license expiration information before 30 days of expiration. You may need to purchase for the license renewal in this period.

Image - AppCheck license expiration screen

When AppCheck license is expired, all features are disabled. If you have a new license purchased, you may need to remove AppCheck and reinstall to enter the new license.

② AppCheck context menu in system tray

Image - AppCheck System Tray Menu Screen

  • Open AppCheck: Open AppCheck main screen.
  • Real-time protection: Enable/Disable Ransom Guard (Ransomware protection, Ransomware shelter, MBR protection, file protection in shared folder, automatic deletion of files stored in Ransomware shelter), Ransomware shelter <Backup (AppCheck)>, <AutoBackup (AppCheck)> Folder protection.
  • Tools: Check detection log, quarantine, event log information.
  • Options: Opens for General, Ransom Guard, Auto Backup, Whitelist File Settings.
  • About AppCheck: AppCheck version, update check, copyright and license information, genuine registration information is displayed.
  • Exit: Exit the system tray.
[ 2-1 ] Tools

The AppCheck Tools provides detailed information of threat, quarantine, and event log. The log is automatically cleaned up if the accumulated amount of events exceeds a certain level.

AppCheck Tools: Detection Log

Detection Log displays detailed information of Ransom Guard activity including blocking, removal, and restoration through Ransomware behavior detection.

Image - AppCheck tools Detection Log popup menu

  • Open file location: Open the file location (destination path) of selected file through file explorer.
  • Copy: Copy the selected rows in plain-text into the clipboard.
  • Select AllSelect all items listed.
  • Refresh: Update current view
AppCheck Tools: Quarantine

Quarantine Log displays the Ransomware files, Encrypted files, and Ransomware payment information files that have been deleted through the Ransomware Behavior Detection and kept in the Quarantine folder. The Quarantine folder is located at "C:\ ProgramData\CheckMAL\AppCheck\Quarantine"

Image - AppCheck Tools Quarantine pop-up menu

  • Restore to original location: Selected file is restored to its original location.
  • Export to specified location: Export selected file to user specified folder.
  • Delete: Delete file in Quarantine (This action is irreversible)
  • Open file location: Open location using file explorer.
  • Copy: Copy the selected rows in plain-text into the clipboard.
  • Select AllSelect all items listed.
  • Refresh: Update current view
AppCheck Tool: Event Log

Event log displays information about terminations and start of Program itself, service, real-time protection, Ransom Guard, Auto Backup, option changes, update and alert messages.

Image - App Check Tool Event Log Popup Menu

  • Copy: Copy the selected rows in plain-text into the clipboard.
  • Select AllSelect all items listed.
  • Refresh: Update current view
[ 2-2 ] Options

The AppCheck option provides normal, Ransom guard, automatic backup (AppCheck Pro only), and Whitelist settings.

AppCheck Options: General

Image - App Check Options General Tab

  • Enable Tray Icon: Enable to display AppCheck Tray Icon in System Tray.
  • Alert when execution is blocked: Notification window is displayed when detecting Ransomware activity.
  • Use Auto Update: Enable to check update for every 3 hours.

Image - AppCheck Version Update Notification Window

Auto Update checks for updates for every 3 hours and notifies at boot time if a higher version is updated.

If the user clicks the notification window, release note in CheckMAL website is displayed in the default system web browser.

The user may click "Check for Update" link in the About AppCheck, and the will be notified "Current version is up-to-date." if installed AppCheck is the latest version.

AppCheck Options: Ransom Guard

Image - AppCheck Options Ransom Guard Tab

  • Enable Real-Time Ransomware Protection: Enable to be notified and block the encryption process.
  • Using Ransomware Protective Shelter: Enable to automatically backup Original files to Ransomware Shelter folder <Backup (AppCheck)> for automatic recovery. To delete the Ransom Shelter folder and internal files, you need to temporarily disable real-time protection.
  • Enable File Destruction Behavior Detection: Enable to stop the behavior of file destruction activity
  • Protect only Local Drives: Enable to exclude Network Drives
  • Auto clean-up files in Ransomware Shelter(deletes files older than 7 days):Enable to remove files older than seven days in Ransom Shelter folder <Backup (AppCheck)>.
  • Automatically remove ransomware after the detection: Enable to automatically remediate(delete) ransomware after the detection. This feature is only available for AppCheck Pro.
  • File extension list for protection (delimiter , or;):Protected extensions are 49 by default (7z, ai, bmp, cer, crt, csv, der, doc, docx, dwg, eps, gif, hwp, jpeg, jpg, key, lic, lnk, mp3, nc, ods, odt, ogg, one, p12, p7b, p7c, pdf, pef, pem, pfx, png, ppt, pptx, psd, ptx, rdp, rtf, srw, tap, tif, tiff, txt, uti, x3f, xls, xlsx, xps, zip). The additional file extension is available in AppCheck Pro.
  • Protect MBR: Blocks execution of the process that attempts to modify the Master Boot Record (MBR) area.
  • Protect Files in Shared Folders (File damage from remote PC): Enable to protect shared folder file encryption from the remote location. If a local folder is shared through the network, and a PC is infected to Ransomware, your shared folder is also can be encrypted.

If encryption is detected on your shared folder, files will be recovered automatically, and remote IP(version 4) is blocked for 1 hour.

To turn it off manually, disable and enable AppCheck Real-time protection.

Note that to protect shared folder from remote file destruction, it is required to disable "Internet Protocol Version 6 (TCP / IPv6)" check on the network interface.

AppCheck Options: Auto Backup

Image - AppCheck Options Auto Backup Tab

  • Automatic Backup Cycle: Performs automatic backup every 10 minutes, 15 minutes, 20 minutes, 30 minutes, 1 hour (default), 3 hours, 6 hours, 12 hours.
  • Backup Source Folder list: Add and remove folders for backup. Subfolders are included.
  • Backup only files have extensions (delimiter , or;): Only specified file extensions in source folders are backed up.
  • Backup exceptions by folders: Add folders to be excluded. Subfolders included.
  • Backup exception by file extensions (delimiter , or ;): Specified extensions is excluded from backup.
  • Backup Location: Select one from Local disk, network shared folder (SMB / CIFS), Central Management Server (CMS Enterprise)
  • Local Disk: Maximum disk space available on the local hard disk drive is selected automatically by default. User can specify folder to locate <AutoBackup (AppCheck)> folder.
  • Number of history file: User can configure number of history files(.history) remaining when running Auto Backup, default value is 3.
  • Network Shared Folder (SMB/CIFS): Enter the Server address (IP address or remote PC hostname), shared folder (remote shared folder name), User ID and Password.
  • Central Management Service (CMS Enterprise): An integrated service that enables you to distribute, manage provided for business or corporate user. CMS provides centralized management for licenses, detection management, and policy management.

For safety usage of backup to Network Shared Folder, it is recommended by creating a separate account with dedicated folder and not to use it for another purpose.

To delete the Auto Backup folder <AutoBackup(AppCheck)> and internal files, please temporarily disable real-time protection.

AppCheck Options: Whitelist

Users may add a file to exclude the Ransom Guard monitoring under the user's judgment.

Image - App Check Options Whitelist Tab

[ 2-3 ] About AppCheck

Display information about AppCheck including current version, manual update checks, copyright and licensing information, thanks to, and genuine registration information.

Image - About AppCheck

AppCheck Anti-Ransomware: How can I handle with blocked/detected program?

The free (non-commercial) version of the AppCheck only blocks the Ransomware behavior through Ransom Guard and does not provide automatic remediation(deletion).

AppCheck Pro provides automatic remediation (delete) by default, however, if the binary contains digital signatures, the process is only blocked.

Therefore, if the file is only blocked by Ransomware behavior detection by AppCheck, please take the additional measures as follows.

  • ⑴ Run system full system scan with your Antivirus.
  • ⑵ Contact to your security product vendor, or leave a message through Online Support in our homepage.

Please upgrade your web browser for better website experience.

위로