I've been hit twice recently by ransomware; fortunately I have what is turning out to be reliable protection (acronis true image 2017 premium). It seems like most other antivirus software companies are pursuing ransomware solutions with the notable exception of Norton, except for this AVTest/PitStop sponsored testing at
which makes it look very good at ransomware detection and elimination, but unfortunately not in my 2 experiences.
Norton was running during both incidents and never reacted while my email files were being encrypted (30+GB of them).. True Image detected the encryption activity and alerted me, and at the press of a button, True Image removed the encrypted files and restored my files from a backup. Most vendors specifiy that they detect and eliminate ransomeware and how they do it, however I do not see this with the Norton product (Symantec's end node protection product does however its a corporate product).
Comcast: Are there any plans to augment or replace Norton security with an anti-ransomware solution?
Norton Users: Has anyone had any success with Norton preventing a ransomware attack
I do not know a lot about Acronis Active Protection, nor how it reacts when and if it detects a false positive - in other words does it alert and tell you it has stopped encryption, even if it falsely detects that ransomeware is present?
I know Norton from time to time will block a new file listing it as WS Reputation - a file that contains the similar malicious behaviour patterns of other known threats.
So, I guess my question at this point would be - how do you know they were not false positives that triggered Acronis? ..... and of course the next comment would be perhaps Norton did not miss anything (as they were false positves).
If interested in seeing what Norton blocks, have a look in History > Resolved Security Risks and also Intrusion Prevention.
I'm not sayng they are false positives, nor am I saying Norton did not miss them, but I am saying False Positives are possible and not being familiar with Acronis I do not know how it would react. Hopefully we have some Acronis users that see this and make comments.
A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'
I am not a Comcast employee, I am a paying customer just like you! I am an XFINITY Forum Expert and I am here to help. For information on the program click here. We ask that you post publicly so people with similar questions may benefit from the conversation. Was your question answered? Mark it as an accepted solution!
I am not a Comcast employee. I am a paying customer just like you! I am an XFINITY Forum Expert and I am here to help. We ask that you post publicly so people with similar questions may benefit. Was your question answered? Mark it as an accepted solution!
I am not a Comcast employee.
Was your question answered? Mark it as a solution!
I take your point. To answer your question, I encountered symptoms of the encryption activity (as it turns out later) prior to Acronis taking action. One of them was trying to search through email, which was unsuccessful and the other was reading an email was very slow taking ~30 seconds just to display one message.. So I knew something was slowing my machine down, but I was not aware of what it was. Within about five minutes of me noticing the symptoms, Acronis gave me the alert. The sluggish email response to at opening a message occurred in both instances, I was only searching in the first instance.
Acronis may have missed one file in the second instance because I could not open it with Outlook, Outlook said it was corrupted and wanted to know if I wanted to try and fix it with the scan tool, I said no, deleted it and restored a file from backup.
So I'm about 99% sure that these were not false positives and equally sure that Norton did not react. Acronis has popped up other times, in fact there is apparently one file that bothers it every day when I start up. Acronis just tells me that it stopped the file from modifying one of the backup files. So it looks at more than encryption behavior, it looks at file modifications, etc.