Online Manual

Installation, removal and how-to instructions for AppCheck Anti-Ransomware Solution.

AppCheck Anti-Ransomware: Installation

AppCheck Anti-Ransomware (AppCheck below) supports Windows 7 (32/64bit) and higher operating system. Installer is integrated into single installer file, and automatically appropriate language by detecting operating system language.

  • ⑴ It is recommended to shut off all your applications before the installation.

    Image - AppCheck Installation Screen #1

  • ⑵ Read License Agreement carefully, and click "I Agree" button to continue the installation.

    Image - AppCheck Installation Screen #2

  • ⑶ The default installation folder (both 32 and 64 bit) for AppCheck is “C:\Program Files\CheckMAL\AppCheck”

    Image - AppCheck Installation Screen #3

  • ⑷ Click "Finish" button to complete the installation and launch AppCheck.

    Image - AppCheck Installation Screen #4

AppCheck Anti-Ransomware: Uninstallation

  • ⑴ To uninstall AppCheck, go to Control Panel and click "Uninstall a program." Find "AppCheck Anti-Ransomware" and double click.

    Image - AppCheck Uninstallation Screen #1

  • ⑵ Before the uninstallation, it is recommended to turn off "AppCheck Anti-Ransomware" in the system tray, and click "Next" button.

    Image - AppCheck Uninstallation Screen #2

  • ⑶ To remove AppCheck from the system click "Uninstall" button.

    Image - AppCheck Uninstallation Screen #3

  • ⑷ After the uninstallation process, manually locate RansomShlter folder "" in each drive and delete them.

    Image - AppCheck Uninstallation Screen #4

AppCheck Anti-Ransomware: Main Menu

Image - AppCheck Main Menu Screen

  • Genuine Registration:: Purchase guide and genuine online registration.
  • Tools: Provides threat log, quarantine and event lig information.
  • Options: General, Ransom Guard, Auto Backup, WHitelist settings.
  • Empty RansomShelter: Click to delete files and folders of >Backup(AppCheck)< in each disk drives.
  • Real-time Protection: Enable/Disable Ransomware behavior protection, MBR Protection, Network drive protection, Ransom Shelter<Backup(AppCheck)> and Auto Backup <AutoBackup(AppCheck)> Folder Protection.
  • MBR Protection: Enable/Disable protection of Master Boot Record(MBR) and GUID Partition Table(GPT) from alteration.
  • Network drive Protection: Protect files shared through network drives.(Pro only)
  • Auto Backup: Automatic backup of user specified folder to the desired location using file history method.(Pro only)
  • System Scan: Scan for Ransomware payment information files in PC for remediate(removal).
[ 1-1 ] System Scan

The system scan displays the results of the scan as "safe" or "Infected" through a manual scan of the Ransomware payment instructions file.

Image - AppCheck System Scan Screen

If the system is diagnosed as "Dangerous" as a result of the scan, you can click the circle to check the details of the system scan. You can delete and move to quarantine the diagnosed files by clicking the "Remediate All" button.

Image - AppCheck System Scan Result Screen

[ 1-2 ] Real-time protection

Real-time protection includes RansomGuard (Ransomware Proactive Defense, RansomShelter, File Destruction Detection, MBR Protection, Netork drive Protection, File Protection in Shared Folders), automatic deletion of files stored in Ransom Shelter, and enable/disable protection on both Ransom Shelter <Backup (AppCheck)> folder and Auto Backup <AutoBackup (AppCheck)> folder.

RansomGuard blocks and remediates the Ransomware encryption behavior and notifies "Ransomware behavior detected" when file encryption behavior has detected.

Image - Image - AppCheck Real-time protection inactive screen

While Auto Backup feature is independent of Real-time protection, Automatic Backup folder <AutoBackup (AppCheck)> cannot be protected when Real-time protection is disabled.

Depending on Real-time protection is enabled or disabled, the AppCheck icon changes color in the system tray.

Image - AppCheck system tray notification area comparison screen

  • Green icon: Real-time protection enabled.
  • Gray icon: Real-time protection disabled.
[ 1-3 ] MBR Protection

MBR Protection enables to protect any alteration process or behavior of Master Boot Record(MBR) and GUID Partition Table(GPT).

[ 1-4 ] Network drive Protection

The network drive protection feature provided in AppCheck Pro is designed to block(remove) and protect files located in the shared folder connected through the network drive. Files are automatically restored when the file encryption behavior is detected.

Unlike SMB server protection, network drive protection blocks if the ransomware tries to encrypt files in network drive in the AppCheck installed PC.

Image - Ransomware Block Notification

  • Details: Opens AppCheck Tools, and you can review threat log, quarantine, event log information.
  • Move to Quarantine: Move detected file to quarantine to stop running. System files and codesigned files are only blocked and cannot be removed.
  • Add to Whitelist: If the detection is considered as normal behavior, the user may add them to the whitelist, and AppCheck will not monitor the application in the future.

Note that AppCheck (Free) only blocks the process when ransomware behavior is detected, while AppCheck Pro provides removal.

[ 1-4 ] MBR Protection

MBR Protection feature provides protection from Ransomwares and malwares which alters Master Boot Record and interrups booting to Operating System.

Image - MBR Protection Notification

This feature supports both GPT and MBR partition systems and availble in AppCheck Pro.

[ 1-5 ] Auto backup

Auto Backup feature is provided in AppCheck Pro. You may configure to periodically backup the folder to designated destination using file history method.

Users can specify backup run for only specific extensions, folders, and exclusions.

Backup destination can be either Local Disk, Network Shared Folder (SMB / CIFS).

In particular, the Auto Backup folder <AutoBackup (AppCheck)> protects your backup files from various file tampering action, including Ransomware..

[ 1-6 ] Genuine Registration

AppCheck Anti-Ransomware Free has some features limited in Ransom Guard and Auto Backup. Individuals who want to use without limitations or for companies and government should purchase AppCheck Pro.

To purchase the AppCheck Pro license, click on the "Registration" button (key shape icon) at the top of the AppCheck main screen, and click "Buy Now"

Image - AppCheck genuine registration screen

For online registration and activation Internet connection is required. You may receive license information through your email. Enter email and license key provided and click "OK" to complete the online activation.

Image - AppCheck license expiration screen

You may receive license expiration information before 30 days of expiration. You may need to purchase for the license renewal in this period.

Image - AppCheck license expiration screen

When AppCheck license is expired, all features are disabled. If you have a new license purchased, you may need to remove AppCheck and reinstall to enter the new license.

[ 1-7 ] Empty RansomShelter

RansomShelter is a temporary backup folder >Backup(AppCheck)< created in each drives, while files are created/modified/deleted in certain conditions. These files can be maintained up to seven days.

The purpose of this backup is to keep your original files and recover them in case of Ransomware encrypts files.

The folder is safely protected while Real-Time Protection is on. In some cases user might need extra spaces in the disk drive, may click "Empty RansomShelter"(trash icon), to delete RansomShelter folders in each drives.

Image - Empty RansomShelter folders

Files are completely removed from the disk and not moved to windows Recycle Bin. In cases of files are not removed due to the permission issue, you may turn off Real-Time Protection while manually deleting the folders.

② AppCheck context menu in system tray

Image - AppCheck System Tray Menu Screen

  • Open AppCheck: Open AppCheck main screen.
  • Real-time protection: Enable/Disable RansomGuard (Ransomware protection, RansomShelter, MBR protection, network drive protection, file protection in shared folder, automatic deletion of files stored in Ransomware shelter), Ransomware shelter <Backup (AppCheck)>, <AutoBackup (AppCheck)> Folder protection.
  • Tools: Check detection log, quarantine, event log information.
  • Options: Opens for General, Ransom Guard, Auto Backup, Whitelist File Settings.
  • About AppCheck: AppCheck version, update check, copyright and license information, genuine registration information is displayed.
  • Exit: Exit the system tray.
[ 2-1 ] Tools

The AppCheck Tools provides detailed information of threat, quarantine, and event log. The log is automatically cleaned up if the accumulated amount of events exceeds a certain level.

AppCheck Tools: Detection Log

Detection Log displays detailed information of Ransom Guard activity including blocking, removal, and restoration through Ransomware behavior detection.

Image - AppCheck tools Detection Log popup menu

  • Open file location: Open the file location (destination path) of selected file through file explorer.
  • Copy: Copy the selected rows in plain-text into the clipboard.
  • Select AllSelect all items listed.
  • Refresh: Update current view
AppCheck Tools: Quarantine

Quarantine Log displays the Ransomware files, Encrypted files, and Ransomware payment information files that have been deleted through the Ransomware Behavior Detection and kept in the Quarantine folder. The Quarantine folder is located at "C:\ ProgramData\CheckMAL\AppCheck\Quarantine"

Image - AppCheck Tools Quarantine pop-up menu

  • Restore to original location: Selected file is restored to its original location.
  • Export to specified location: Export selected file to user specified folder.
  • Delete: Delete file in Quarantine (This action is irreversible)
  • Open file location: Open location using file explorer.
  • Copy: Copy the selected rows in plain-text into the clipboard.
  • Select AllSelect all items listed.
  • Refresh: Update current view
AppCheck Tool: Event Log

Event log displays information about terminations and start of Program itself, service, real-time protection, Ransom Guard, Auto Backup, option changes, update and alert messages.

Image - App Check Tool Event Log Popup Menu

  • Copy: Copy the selected rows in plain-text into the clipboard.
  • Select AllSelect all items listed.
  • Refresh: Update current view
[ 2-2 ] Options

The AppCheck option provides normal, Ransom guard, automatic backup (AppCheck Pro only), and Whitelist settings.

AppCheck Options: General

Image - App Check Options General Tab

  • Enable Tray Icon: Enable to display AppCheck Tray Icon in System Tray.
  • Alert when execution is blocked: Notification window is displayed when detecting Ransomware activity.
  • Use Auto Update: Enable to check update for every 3 hours.

Image - AppCheck Version Update Notification Window

Auto Update checks for updates for every 3 hours and notifies at boot time if a higher version is updated.

If the user clicks the notification window, release note in CheckMAL website is displayed in the default system web browser.

The user may click "Check for Update" link in the About AppCheck, and the will be notified "Current version is up-to-date." if installed AppCheck is the latest version.

AppCheck Options: Ransom Guard

Image - AppCheck Options Ransom Guard Tab

  • Enable Real-Time Ransomware Protection: Enable to be notified and block the encryption process.
  • Using Ransomware Protective Shelter: Enable to automatically backup Original files to Ransomware Shelter folder <Backup (AppCheck)> for automatic recovery. To delete the Ransom Shelter folder and internal files, you need to temporarily disable real-time protection.
  • Enable File Destruction Behavior Detection: Enable to stop the behavior of file destruction activity
  • Protect MBR: Block alteration behavior of Master Boot Record(MBR) and GUID Partition Table(GPT)
  • Delete files in Ransomware Shelter:Select days to remove files older than selected days in Ransom Shelter folder <Backup (AppCheck)>.(default: 7 days)
  • Automatically remove ransomware after the detection: Enable to automatically remediate(delete) ransomware after the detection. This feature is only available for AppCheck Pro.
  • File extension list for protection (delimiter , or;):Protected extensions are 49 by default (7z, ai, bmp, cer, crt, csv, der, doc, docx, dwg, eps, gif, hwp, jpeg, jpg, key, lic, lnk, mp3, nc, ods, odt, ogg, one, p12, p7b, p7c, pdf, pef, pem, pfx, png, ppt, pptx, psd, ptx, rdp, rtf, srw, tap, tif, tiff, txt, uti, x3f, xls, xlsx, xps, zip). The additional file extension is available in AppCheck Pro.
  • Network Drive Protection: Files existing in the shared folder connected through the network drive are blocked and restored automatically when the network drive is encrypted by Ransomware infection from the local PC where AppCheck is installed.
  • Removable Drive Protection: Automatically block and restore damaged files in USB or CF Memory cards if files are encrypted by ransomware. However, the external hard disk drives connected via USB port is protected by default Ransomware Protection.
  • SMB Server Protection: Enable to protect shared folder file encryption from the remote location. If a local folder is shared through the network, and a PC is infected to Ransomware, your shared folder is also can be encrypted.

If encryption is detected on your shared folder, files will be recovered automatically, and remote IP(version 4) is blocked for 1 hour.

To turn it off manually, disable and enable AppCheck Real-time protection.

Note that to protect shared folder from remote file destruction, it is required to disable "Internet Protocol Version 6 (TCP / IPv6)" check on the network interface.

AppCheck Options: Auto Backup

Image - AppCheck Options Auto Backup Tab

  • Automatic Backup Cycle: Performs automatic backup every 10 minutes, 15 minutes, 20 minutes, 30 minutes, 1 hour (default), 3 hours, 6 hours, 12 hours.
  • Backup Source Folder list: Add and remove folders for backup. Subfolders are included.
  • Backup only files have extensions (delimiter , or;): Only specified file extensions in source folders are backed up.
  • Backup exceptions by folders: Add folders to be excluded. Subfolders included.
  • Backup exception by file extensions (delimiter , or ;): Specified extensions is excluded from backup.
  • Backup Location: Select one from Local disk, network shared folder (SMB / CIFS).
  • Local Disk: Maximum disk space available on the local hard disk drive is selected automatically by default. User can specify folder to locate <AutoBackup (AppCheck)> folder.
  • Number of history file: User can configure number of history files(.history) remaining when running Auto Backup, default value is 3.
  • Network Shared Folder (SMB/CIFS): Enter the Server address (IP address or remote PC hostname), shared folder (remote shared folder name), User ID and Password.

For safety usage of backup to Network Shared Folder, it is recommended by creating a separate account with dedicated folder and not to use it for another purpose.

To delete the Auto Backup folder <AutoBackup(AppCheck)> and internal files, please temporarily disable real-time protection.

AppCheck Options: Whitelist

Users may add a file to exclude the Ransom Guard monitoring under the user's judgment.

Image - App Check Options Whitelist Tab

[ 2-3 ] About AppCheck

Display information about AppCheck including current version, manual update checks, copyright and licensing information, thanks to, and genuine registration information.

Image - About AppCheck

AppCheck Anti-Ransomware: How can I handle with blocked/detected program?

The free (non-commercial) version of the AppCheck only blocks the Ransomware behavior through Ransom Guard and does not provide automatic remediation(deletion).

AppCheck Pro provides automatic remediation (delete) by default, however, if the binary contains digital signatures, the process is only blocked.

Therefore, if the file is only blocked by Ransomware behavior detection by AppCheck, please take the additional measures as follows.

  • ⑴ Run system full system scan with your Antivirus.
  • ⑵ Contact to your security product vendor, or leave a message through Online Support in our homepage.

Please upgrade your web browser for better website experience.

위로