SBGuard-Anti-Ransomware

SBGuard Anti-Ransomware 1.4.5

World’s first most complete, actively updated Ransomware prevention tool that protects your Windows PC against all known Ransomware malware, such as CryptoLocker, CryptoWall, TeslaCrypt, CryptoXXX, CTB-Locker, Zepto and many others.

SBGuard_screen1

See it in action

In this lab example we have used one of most popular Ransomware breeds, the notorious TeslaCrypt. First video example has SBGuard PROTECTION ENABLED and second video has it DISABLED.

Note that these videos are for demonstration purposes only. Real world Ransomware will be delivered via different methods. 99% of Ransomware comes via some sort of a link, either via email or browser activity. SBGuard Anti-Ransomware is specifically designed to prevent execution of malicious files that arrive that way.

sbguard_disabled_thumbsbguard_enabled_thumb

How it works

By enabling protection, SBGuard Anti-Ransomware injects a large number of restriction mechanisms and modifies some core Windows components to prevent malicious behaviours and executions which Ransomware viruses use to infect the system. As new Ransomware viruses are released, SBGuard team will work hard and fast to protect against any new sneaky techniques these malicious programs use.

Update 30.08.2016

 

More details about what SBGuard actually does at this stage:
It injects around 700 registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations and prevent certain file types from executing. On top of that it will disable Windows Gadgets (known vulnerability) and disallow several other system actions Ransomware will attempt to perform to encrypt your data. We have gathered all possible tricks Ransomware uses to execute it’s payload and we believe our software will prevent execution of most known Ransomware if not all. We are actively monitoring new ways Ransomware enters the system and we will keep adding more exclusions. We do however have a work in progress on some more advanced techniques that will require SBGuard to run as a service. Another feature on it’s way is to provide live notifications when SBGuard blocks any execution, including from legitimate softwares. This will help novice users to diagnose any issues quickly.

Important: SBGuard Anti-Ransomware could block legitimate programs from installing. It is recommended to disable protection before installing new Windows applications and then re-enabling it back after.

What SBGuard Anti-Ransomware doesn’t do

SBGuard Anti-Ransomware is not an Anti-virus. It is designed to prevent Ransomware infection and documents encryption. It will however help protect against many known viruses which use similar techniques to infect Windows PCs. For maximum possible protection, we recommend a bundle of SBGuard Anti-Ransomware and a reputable Anti Virus product. For more information and recommendations, please contact us.

Important: SBGuard Anti-Ransomware is actively developed and updated to protect against all known and future Ransomware exploits, however please note that nothing offers 100% protection against Ransomware. It is crucial to stay vigilant when browsing internet and opening emails. “Think before you click”

Requirements and Instructions

Requirements

  • SBGuard Anti-Ransomware has been tested on Windows 7 Pro & Ultimate (Home edition not tested well enough), 8, 8.1 and 10. Windows XP is not supported
  • .net framework 3.5 is required to run it. All operating systems after Windows Vista have .net 3.5 inbuilt
  • SBGuard Anti-Ransomware requires to run with “Administrator” privileges, to be able to modify Windows core components

Instructions

  • Run setup.exe and follow the instructions
  • Run SBGuard Anti-Ransomware shortcut on your desktop.
  • Note: Windows 8 & 10 may display a message “Windows protected your PC” > click More Info > Run Anyway

SmartScreen

  • Read instructions in the application
  • Click Enable Protection button
  • Restart your computer for changes to take effect

  • Open SBGuard Anti-Ransomware and check “Protection Status”, it should be green, meaning protection is enabled

  • If wish to install new programs it’s advised to Disable Protection > Restart PC > install your program > Enable Protection > Restart PC

Current stable version SBGuard Anti-Ransomware v.1.4.5.1

Please check your SPAM or JUNK folder in case the email link doesn’t show up in your inbox

21 Comments

    • Thank you for letting us know. It’s most likely due to the fact that we don’t have the valid publisher certificate applied on compiled SBGuard file. This means the product publisher shows as “Unknown” which some applications and some webmail see as suspicious.
      We are working on the certificate and should have it applied some time soon.

      Cheers

    • We haven’t applied a valid publisher certificate, that’s most likely why Avast detects problems. We are working on obtaining one.
      Thanks

  1. SHA256: 4d9713f180aed8cea9e70a8b468b56a6701f4637fe103b7179541afa6e268712
    File name: SBGuardsetup.exe
    Detection ratio: 4 / 57
    Analysis date: 2016-09-04 15:24:43 UTC ( 1 day, 6 hours ago )

    • Hi,
      We are working on it as fast as possible. Stay tuned, we will send notifications once implemented.

      • It doesn’t look right, it says it install itself for autorun at Windows startup, that’s not true. Once you close it it’s closed, no autoruns or startups. Also, the registry keys malwr.com detected are not what SBGuard injects. Also, no injection happens unless buttons within the program are pressed and disabling each button will fully revert the process to Windows default state.
        It heavily modifies registry to inject all restriction mechanisms, that’s it’s purpose. We can guarantee you there is nothing malicious about what it does.
        We are a respected registered Australian business, we wouldn’t risk our reputation by giving something malicious. SBGuard project is our contribution to society to help protect against Ransomware.
        Any questions, we are more than happy to answer.

          • We haven’t done much testing on Home versions as we thought majority of people uses Pro, but based on a lot of feedback it seems Home versions are heavily present. We will try and perform more testing soon and let you know. You are welcome to do so if you wish and give us your feedback.
            Thank you for submitting false positive report, not sure why it sees it as heuristic.. We are working on the certificate, hopefully that fixes it.
            Cheers

  2. Hey fellas, I hope you have not dropped work on SBGuard, it’s a solid concept and was moving along nicely.
    We also miss your updates and communication over at malwaretips.com
    We wish you well and hope to hear something in the near future. PeAcE

    • Hi CyberGhosT. Thank you for your comment. We apologise for the late reply.
      Unfortunately due to time constraints and budget limitation we have paused any further SBGuard development. It is not the end of it, we will resume our work on it at some point soon.
      Regardless of any new updates, SBGuard is still very much a strong prevention tool since Ransomware has not changed the way it arrives/deploys to a PC. Even WannaCry uses exactly the same method as any other variant previously. SBGuard will prevent it’s initial execution.
      We will keep you updated. Cheers

  3. Hello!
    In our company on many computers, your software is installed.
    The option is enabled “Enabled All”
    After updating the corporate software, he stopped working, found out that he was in conflict with SB-Guard
    Do I want to ask how to disable all restrictions using the Group Policy object?

    • Hi. Not sure I understand the situation.
      Could you explain a bit more? Do you need to disable SBGuard?

      Cheers

  4. I hope you further develop this anti-ransomware tool because you proceeded others with what you developed so keep on even with minor updates to make it into the lists next year (2018-2019) with prevention against file-less malware and bitcoin miners or or .

    I know that others offered free products, but why not you keep on with them because:

    Your product does differ from other ones:
    Three other free ones that use honeypot system to trap ransomware via Deception Technology (Awesome)
    Another one monitors all running processes and stops malicious ones based on behavioral detection done via AI Technology (Awesome)
    A third one locks the computer by white list/ black list technique (Awesome)

    However, with the injection of these “700 registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations and prevent certain file types from executing” is a technique that, as far as I know from reading, is not listed with others. (Awesome)

    What type of technique is this?
    – Registry Editing?
    – Windows Hardening Tweaks?
    – *EXE. Prevention?

    Tell me what is it and can it replace the above ones I mentioned or go along with them?
    Can it be installed and be active along with internet security and any other of these of the above?
    Which should be installed first, injection or monitor or honeypot ?
    Many Thanks in advance

  5. Try to offer a solid free product like or even better than the ones available and another extremely fortification malware solution for home and small businesses one to keep pace with others and go up.

    I know very well that financial problems can cause havoc and hinders work development.

    God bless all of you

    My Respect & Greetings

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment