Jump to content
Kaspersky Support Forum

Anti ransomware Encryption [Moved]

Guest

By Guest
in Kaspersky Endpoint Security for Business

 Share

Recommended Posts

Guest

Guest

Posted
Posted

I am using Kaspersky Anti ransomware free version for business. For testing i encrypted a file using 7 zip using network path Also tried on remote connection to encrypt the file.But both the cases the encryption is neither detected nor stopped.

How to test if the encryption is detected by tool. Where will be the result stored if it is detected.And why the 7 zip encryption is not detected.What are the other modes where it will not detect the encryption

andrew75

andrew75

Posted
Posted

@Shi, 7zip is a legal program. Its encryption function is also a legal function. Therefore, encryption using 7zip is not detected by the Kaspersky Anti-Ransomware Tool.

You can get more information about Kaspersky Anti-Ransomware Tool here.

MilanBortel

MilanBortel

Posted
Posted

Hi @andrew75,

you can built your own “test” ransomware using original AES encryption tool.

  1. download and extract AES tool from http://www.aescrypt.com/download/ into C:\AESCrypt\
  2. create a test file .Desktop/invoice.txt
  3. create ransomware.bat file using this code: 
    @echo off  

    if exist C:\AESCrypt\aescrypt.exe goto :Step1 

    echo **** not exist C:\AESCrypt\aescrypt.exe **** 
    pause 
    exit  

    :Step1
    if exist .\invoice.txt goto :Step2 
    echo **** not exist .Desktop\invoice.txt **** 
    pause 
    exit  

    :Step2 
    C:\AESCrypt\aescrypt.exe -e -p root .\invoice.txt
    if exist .\invoice.txt.aes goto :Step3  

    :Step3 del .\invoice.txt  
    echo **** Congratulations!!! Your personal files are encrypted **** 
    pause 
    exit
  4. then run the bat file :)

Kaspersky should recognize this encryption activity as a dangerous → block the process → restore the file. You can test on network path, on multiple files, .. see details on aescrypt.exe parameters here 

Cheers,
Milan

Vimaro

Vimaro

Posted
Posted

I am using Kaspersky Anti ransomware free version for business. For testing i encrypted a file using 7 zip using network path Also tried on remote connection to encrypt the file.But both the cases the encryption is neither detected nor stopped.

How to test if the encryption is detected by tool. Where will be the result stored if it is detected.And why the 7 zip encryption is not detected.What are the other modes where it will not detect the encryption

Dear user, 

Thanks for your message and your test. If you want to do a complete and complex test, please don’t hesitate to use Kaspersky Endpoint Security.

Have a great day.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...