SBGuard Anti-Ransomware 1.4.5
World’s first most complete, actively updated Ransomware prevention tool that protects your Windows PC against all known Ransomware malware, such as CryptoLocker, CryptoWall, TeslaCrypt, CryptoXXX, CTB-Locker, Zepto and many others.
See it in action
In this lab example we have used one of most popular Ransomware breeds, the notorious TeslaCrypt. First video example has SBGuard PROTECTION ENABLED and second video has it DISABLED.
Note that these videos are for demonstration purposes only. Real world Ransomware will be delivered via different methods. 99% of Ransomware comes via some sort of a link, either via email or browser activity. SBGuard Anti-Ransomware is specifically designed to prevent execution of malicious files that arrive that way.
How it works
By enabling protection, SBGuard Anti-Ransomware injects a large number of restriction mechanisms and modifies some core Windows components to prevent malicious behaviours and executions which Ransomware viruses use to infect the system. As new Ransomware viruses are released, SBGuard team will work hard and fast to protect against any new sneaky techniques these malicious programs use.
Update 30.08.2016
More details about what SBGuard actually does at this stage:
It injects around 700 registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations and prevent certain file types from executing. On top of that it will disable Windows Gadgets (known vulnerability) and disallow several other system actions Ransomware will attempt to perform to encrypt your data. We have gathered all possible tricks Ransomware uses to execute it’s payload and we believe our software will prevent execution of most known Ransomware if not all. We are actively monitoring new ways Ransomware enters the system and we will keep adding more exclusions. We do however have a work in progress on some more advanced techniques that will require SBGuard to run as a service. Another feature on it’s way is to provide live notifications when SBGuard blocks any execution, including from legitimate softwares. This will help novice users to diagnose any issues quickly.
Important: SBGuard Anti-Ransomware could block legitimate programs from installing. It is recommended to disable protection before installing new Windows applications and then re-enabling it back after.
What SBGuard Anti-Ransomware doesn’t do
SBGuard Anti-Ransomware is not an Anti-virus. It is designed to prevent Ransomware infection and documents encryption. It will however help protect against many known viruses which use similar techniques to infect Windows PCs. For maximum possible protection, we recommend a bundle of SBGuard Anti-Ransomware and a reputable Anti Virus product. For more information and recommendations, please contact us.
Important: SBGuard Anti-Ransomware is actively developed and updated to protect against all known and future Ransomware exploits, however please note that nothing offers 100% protection against Ransomware. It is crucial to stay vigilant when browsing internet and opening emails. “Think before you click”
Requirements and Instructions
Requirements
- SBGuard Anti-Ransomware has been tested on Windows 7 Pro & Ultimate (Home edition not tested well enough), 8, 8.1 and 10. Windows XP is not supported
- .net framework 3.5 is required to run it. All operating systems after Windows Vista have .net 3.5 inbuilt
- SBGuard Anti-Ransomware requires to run with “Administrator” privileges, to be able to modify Windows core components
Instructions
- Run setup.exe and follow the instructions
- Run SBGuard Anti-Ransomware shortcut on your desktop.
- Note: Windows 8 & 10 may display a message “Windows protected your PC” > click More Info > Run Anyway
- Read instructions in the application
- Click Enable Protection button
- Restart your computer for changes to take effect
-
Open SBGuard Anti-Ransomware and check “Protection Status”, it should be green, meaning protection is enabled
- If wish to install new programs it’s advised to Disable Protection > Restart PC > install your program > Enable Protection > Restart PC
Current stable version SBGuard Anti-Ransomware v.1.4.5.1
Please check your SPAM or JUNK folder in case the email link doesn’t show up in your inbox
Complete your name and email to subscribe to SBGuard updates and receive free download.
Hotmail places your email as Spam and Norton quarantines your download setup
Thank you for letting us know. It’s most likely due to the fact that we don’t have the valid publisher certificate applied on compiled SBGuard file. This means the product publisher shows as “Unknown” which some applications and some webmail see as suspicious.
We are working on the certificate and should have it applied some time soon.
Cheers
mi antivirus Avast lo detecta como sospechoso y bloquea la descarga
We haven’t applied a valid publisher certificate, that’s most likely why Avast detects problems. We are working on obtaining one.
Thanks
SHA256: 4d9713f180aed8cea9e70a8b468b56a6701f4637fe103b7179541afa6e268712
File name: SBGuardsetup.exe
Detection ratio: 4 / 57
Analysis date: 2016-09-04 15:24:43 UTC ( 1 day, 6 hours ago )
What generated this info?
Hi, your setup with SHA256: 5188A4F8254C07C202DCCCFEE4CE98AAC1FD73B001F876583A38934F8D42CC58, got a 4/57 detection at VirusTotal.com. See: https://virustotal.com/en/file/5188a4f8254c07c202dcccfee4ce98aac1fd73b001f876583a38934f8d42cc58/analysis/1473162480/.
Also, I know this is a lot to ask for, but could you implement the publishing certificate fast, and if possible SSL for this sites and the email?
Hi,
We are working on it as fast as possible. Stay tuned, we will send notifications once implemented.
I submitted the file on Malwr.com, see: https://malwr.com/analysis/MWUzNGI0MGE3MjJmNDQyZmI1ODBjMWI4NjI3ODU1NDI/
In my opinion 3 of the detection were caused by SBGuard modifying Windows Registry. I don’t know about Invincea detection of SBGuard though.
It doesn’t look right, it says it install itself for autorun at Windows startup, that’s not true. Once you close it it’s closed, no autoruns or startups. Also, the registry keys malwr.com detected are not what SBGuard injects. Also, no injection happens unless buttons within the program are pressed and disabling each button will fully revert the process to Windows default state.
It heavily modifies registry to inject all restriction mechanisms, that’s it’s purpose. We can guarantee you there is nothing malicious about what it does.
We are a respected registered Australian business, we wouldn’t risk our reputation by giving something malicious. SBGuard project is our contribution to society to help protect against Ransomware.
Any questions, we are more than happy to answer.
Just a question, can I run it on Windows 10 Home?
Also, I just got an email stating that a new version is available, the new version got 3/57 detection. See: https://virustotal.com/en/file/caf46ce2c9e923d02efd2d135d42fb7f8cf70f9a2113109cca68bde5eefbf876/analysis/1473166470/. I submitted the file to Qihoo and Crowdstrike as false positive, but I cannot find a false-positive report form for Invincea.
Thanks for the fast reply
We haven’t done much testing on Home versions as we thought majority of people uses Pro, but based on a lot of feedback it seems Home versions are heavily present. We will try and perform more testing soon and let you know. You are welcome to do so if you wish and give us your feedback.
Thank you for submitting false positive report, not sure why it sees it as heuristic.. We are working on the certificate, hopefully that fixes it.
Cheers
I hope the program is effective in the control of ransomeware
Yes it is 🙂
Hey fellas, I hope you have not dropped work on SBGuard, it’s a solid concept and was moving along nicely.
We also miss your updates and communication over at malwaretips.com
We wish you well and hope to hear something in the near future. PeAcE
Hi CyberGhosT. Thank you for your comment. We apologise for the late reply.
Unfortunately due to time constraints and budget limitation we have paused any further SBGuard development. It is not the end of it, we will resume our work on it at some point soon.
Regardless of any new updates, SBGuard is still very much a strong prevention tool since Ransomware has not changed the way it arrives/deploys to a PC. Even WannaCry uses exactly the same method as any other variant previously. SBGuard will prevent it’s initial execution.
We will keep you updated. Cheers
Hello!
In our company on many computers, your software is installed.
The option is enabled “Enabled All”
After updating the corporate software, he stopped working, found out that he was in conflict with SB-Guard
Do I want to ask how to disable all restrictions using the Group Policy object?
Hi. Not sure I understand the situation.
Could you explain a bit more? Do you need to disable SBGuard?
Cheers
I hope you further develop this anti-ransomware tool because you proceeded others with what you developed so keep on even with minor updates to make it into the lists next year (2018-2019) with prevention against file-less malware and bitcoin miners or or .
I know that others offered free products, but why not you keep on with them because:
Your product does differ from other ones:
Three other free ones that use honeypot system to trap ransomware via Deception Technology (Awesome)
Another one monitors all running processes and stops malicious ones based on behavioral detection done via AI Technology (Awesome)
A third one locks the computer by white list/ black list technique (Awesome)
However, with the injection of these “700 registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations and prevent certain file types from executing” is a technique that, as far as I know from reading, is not listed with others. (Awesome)
What type of technique is this?
– Registry Editing?
– Windows Hardening Tweaks?
– *EXE. Prevention?
Tell me what is it and can it replace the above ones I mentioned or go along with them?
Can it be installed and be active along with internet security and any other of these of the above?
Which should be installed first, injection or monitor or honeypot ?
Many Thanks in advance
Try to offer a solid free product like or even better than the ones available and another extremely fortification malware solution for home and small businesses one to keep pace with others and go up.
I know very well that financial problems can cause havoc and hinders work development.
God bless all of you
My Respect & Greetings