Jump to content
jessepgordon

Will MBARW collide with BitLocker or TrueCrypt?

Recommended Posts

I am very interested in this technology. We have a large file store of sensitive / classified data and of course we wouldn't to lose it to ransomeware.

 

Some of our file sets are encrypted on either workstations or in the main file storage array.

 

My question is: given that ransomeware does its dirty by encrypting files, would MBARW detect our legitimate encrypted file sets as ransomeware and try to deal with them? Are there any potential conflicts between MBARW and legitimately encrypted files?

 

Cheers

Jess 

Share this post


Link to post
Share on other sites

Jess,

 

We are unsure of possible conflicts at this stage so we cannot say for sure, although it would be nice to get feedback if tried.

 

Most encryption applications tested did not get flagged by MBARW though because they use a different method than ransomware.

Share this post


Link to post
Share on other sites

Thanks for the reply. I am going to try it on a desktop OS (Win 7 & 1.8), a Laptop (Win 7, 8.1 & 10) and a server (Win Server 2008). 

I will be testing for 2 encryption scenarios - BitLocker encrypted drives and TrueCrypt containers.

 

I will report back in several days :0)

Share this post


Link to post
Share on other sites

Well, I can find no conflicts with either BitLocker or TrueCrypt on Windows 7 or 8.1 or Server 2008 R2.

I think it is safe to say that the same results will be true for Win 10 and Server 2012 but have not had time to test these.

Maybe someone else can give that a shot.

For my purposes, I am satisfied that we can deploy MBARW. I will look forward to the RTM.

 

Cheers

Jess

Share this post


Link to post
Share on other sites

i use TrueCript without any problem..... i use in very very massive mode, using for 

cript Virtual Machine in power-on situation.

 

Felix

Share this post


Link to post
Share on other sites

i tried to open an Truecrypt Container with AntiRamsomware Beta 0.9.14.361 and Truecrypt 7.1a. Does not work, the PC will not open the Container and pc crashes 1/2. If I deactivate real-Time protection first, its ok.
Otherwise there is Kaspersky 10.2.4.674 on the same PC. Maybe it is the combination...

Share this post


Link to post
Share on other sites

Hello Ulifax and :welcome:
 

If by "and pc crashes" you mean that a classic Blue Screen of Death (BSoD) results, please continue below.

 

If the system in question may be configured to permit the creation of [a] corresponding BSOD .dmp file(s) please continue:

  • Hold down the Windows Key WindowsKey.png + type R. A Run window should appear.
  • Copy and Paste, or type, the following to the Run Window's: Open: box (Please include the quotes). "%SystemRoot%\Minidump\"
  • A Windows' Explorer window containing .dmp file(s) should appear. Please select the/all relevant file(s) in this directory. If a Location is not available window appeared, single-left-click OK and go to Permit Dump Files:. Else continue.
  • With all relevant files selected, single-right-click the selected file(s) and make the screen's pointer hover over Send To and then single-left-click Compressed (zipped) folder.
  • This should have produced a new zip file. Rename this file BSOD.zip
  • At this point Attach the just created BSOD.zip file to this topic through the forum's reply window's More Reply Options button.

Permit Dump Files: If the system's Minidump directory or the .dmp files were absent, please consider following the computer's OS procedures for permitting their creation in future similar troubleshooting scenarios.

Thank you.

Share this post


Link to post
Share on other sites

No, i didn´t mean that the whole PC crashes with a BSOD. But in consequence, it is like a PC-Crash because all programs hang and you only can make a hard reboot because even stuck a triggered manually reboot (when "is logged off") and i could not terminate all programs via Task Manager bit by bit, hangs easily fixed. So I then lost patience and have restarted the PC twice and after that i deactivated Real-Time-Protect first.

Share this post


Link to post
Share on other sites

Hello Ulifax:

Please create the following files for developer analysis:

Create a ZIP file of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another ZIP file of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped files to your next reply and then do a conventional Windows uninstall & reinstall of Beta5, MBARW 0.9.14.361 and include the status of the system's issue in your next reply.

Thank you.

Share this post


Link to post
Share on other sites

Sorry but unfortunately I can not post such files from the computer in a public forum because it contains statements about all installed programs and processes and that is a business-used computer. I can send it directly to Malwarebytes. Where should I send forth it so?

Share this post


Link to post
Share on other sites

Hello Ulifax:

 

A member of the Malwarebytes MBARW development team may post an answer to your last post.

 

In the meantime this topic will be left open and the issue may be held in abeyance but not forgotten as your observations and reports may hold enough actionable information for now.

 

Thank you for your beta testing and valued feedback.

Share this post


Link to post
Share on other sites

Have tested again and reinstalled. The effect still occurs. Now I can say it more precisely: It crashes ONLY TrueCrypt from; which then, however, so that you then can not even shut down. "(No feedback," no respond "). The only thing that helps is to restart by switching off or hard reset. Same effect when I exclude the Crypted Container from Anti-Ransomware.

Share this post


Link to post
Share on other sites

Hello Utifax,

Go to the Event Veiwer and see what logs are showing that is hanging up. That may help your solution too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.