anti virus software protecting against ransom ware

What is a good anti virus software

Something that may combat ransomware
on windows 10
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
Is this for a single computer or network of them?  

The best and cheapest protection is a solid regular backup of your system. Windows 10 has built in backup utilities.
DP230Network AdministratorCommented:
We user Kaspersky Endpoint Security and still survive after few ransomware attacks.

But in my opinion, you should install Nessus and periodically scan the system, even PCs in subnets. Lasttime, we found MS17-010 and patched it before WannaCry wave, so we were safe!
btanExec ConsultantCommented:
Unlikely you are looking at antivirus. You need an endpoint protection and a good backup solution.

Malwarebyte anti ransomware and its suite of anti malware and anti exploit.

In fact Windows Defender Advanced Threat Protection is paced to defend against ransomware.

I have listed in the faq a list of measures whicb can be handy.
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

JohnBusiness Consultant (Owner)Commented:
In my opinion, anti virus is after the fact protection for ransomware.

Ransomware is spread mostly (90%) by emails. Do not open emails from strangers and implement top notch spam filtering.

I do not get any spam ( and guess what? No ransomware attacks.
Dr. KlahnPrincipal Software EngineerCommented:
I agree with the two preceding comments.  The only prophylaxis against ransomware is frequent full (not incremental) backups, stored offline on an external device that is only connected to the computer when a backup is being made.

At present there are several antivirus products claiming that "Our antivirus will catch ransomware after it has encrypted only X files!"  I don't regard that as a sane approach to the problem.  First, the antivirus let the ransomware run; then second, it let it encrypt multiple files before stopping it.  This is like a security service saying "We stop burglars after they have stolen only $5,000 of your possessions!"

Ransomware is becoming more and more ingenious about locating network shares, NAS, SAN and cloud backups.  Anything it finds, it will encrypt.  The only safe solution is one where the ransomware can't access the backup at all.
JohnBusiness Consultant (Owner)Commented:
I always forget to say "Back Up your files" . I am amazed when people have disasters, and I say recover from your backups, they say "What is a backup?"
yo_beeDirector of Information TechnologyCommented:
I agree education is the best form of protection, but it only takes a single user. Not all engineered ransomware for from people you do not know.  A solid engineered email will make you think you are responding to an email sent from someone you know, so an endpoint protection is a must in a network.  Not sure how it is an after thought. All solid EP's will detect know ransomeware signatures.

If it does come down to it that it was not detected your only option is to go back to a solid backup.
JohnBusiness Consultant (Owner)Commented:
A solid engineered email will make you think you are responding to an email sent from someone you know, so an endpoint protection is a must

I agree with that, but I think spam control comes first.

I am always amazed at

Mail from Fred Jones  "sensible paragraph of email text" in my Inbox

Mail from the very same Fred Jones (same email address)  "see this "special"  . Gone to my spam folder.
yo_beeDirector of Information TechnologyCommented:
These are all important pieces to having the steps of prevention and if you are not doing all the recommend suggestions you are making yourself and your network vulnerable to these attacks.
Dr. KlahnPrincipal Software EngineerCommented:
yo_bee said:

All solid EP's will detect know ransomeware signatures.

Indeed.  But it's not the known ones that are critical; it's the ones where Day Zero is still in effect and no signatures yet exist.  No reliable protection measures can exist against those.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Johnson, CD, MVPRetiredCommented:
Ransomware Authors are customizing each attack campaign and sometimes within the campaign itself so signature based AV doesn't get enough bad hits in order to create the signature therefor negating ANY AV product. We are left with looking for behavior  i.e. large numbers of files modified in a short period of time

All you can do is keep your machine up to date with patches, Unless you are absolutely sure who the sender is don't open email attachments. I recently received a few pdf's in the email from "FEDEX" but the sender was .. I immediately deleted these
you asked "What is a good anti virus software"  there is none - YOU are the best expert to combat them, as you can see from the posts above.
If YOU do not do the necessary, and use some precautions - you'll ALWAYS be vulnerable
if you ask most experts here - they have litlle or no problems with  malwares
There are a number of things you should be looking at, many of which have already been mentioned. However, in case you haven't thought about these: policies enforcing secure passwords that change on the regular basis, multifactor authentication (especially for remote access) is ideal, regularly reviewing firewall rules, and minimizing the number of systems that are remotely accessible.

Long story short, there is no silver bullet solution.
yo_beeDirector of Information TechnologyCommented:
I currently have multiple pieces of security appliances in my infrastructure.  I use a product/service called eSentire.  This product is monitoring all in an out traffic both external and internal side of the firewall.  If it see traffic going to a known malicious IP or a non-signature it will severe the tcp packet right there and alert me of the computer that made the attempt.  If I do not respond I have a secondary device that will take the computer off-line.

It is not 100%, but it is another layer on top of my Spam filter, EP, regular patching.
btanExec ConsultantCommented:
Thought I like to share that besides preventive and detective, the incident response plan is very critical as it should have spelled out the playbook to handle those incident and we will expect incident to happen, you can bet on it especially when you are not tracking your asset closely on their patch compliance.  Handling Ransomware incident can be straightforward as in just shut down the machine and report to the authority as you recover data to new machine with your changed credential. But it is not that simple, typically the responser will advocate the victim to take a snapshot of the ransom note (for later identification of threat) in case it is not shown due to machine unbootable after shutdown and even forensically dumping memory (hoping to recover encryption keys but it is non-trivial as the key may differs for each document). So make sure IT, and Security team sync up and talks to each other. Importantly, do not pay ransom.

Another area worth exploring is into deception technology. It set up decoy to allure the exploit to dump the ransomware on it and contain it busy within the faked "honeyed" machine. There are also scheme which provide cryptotraps that keep the ransomware always in the recursive loops and stop it from mass spreading like case of WannaCry that spread based on SMB channels, and there are some via RDP. Still keep the hygiene check  updated regularly besides having to beef up the defence layer and controls - application whitelisting is important too..
It would help users tremendously if mail clients would stop hiding the sender source.  I don't remember exactly when mail clients started hiding the source of email, because that's when I started making all my mail clients show the full headers to help track of headers to avoid getting phished.  Users usually will complain about spam and I'd always have to ask for the full headers, because I wouldn't know what to block when the email only shows  "Received from: Fred Smith" when they forward it to me.  Many of them invariably delete the mail before they can forward it to me.

They click on mail because it came from "Fred Smith" in accounting, rather than showing the full header of "Fred.Smith <>"  to make it easier to spot the fake.  The phishers can craft mail to look just like it came from internal sources.  Stupid marketing minded people want their email to look "pretty" and clean, so they started changing mail clients to cater to aesthetics instead of functionality.

Rather than showing, mail clients show "Question comment on Experts Exchange" in Outlook.  You have to carefully hover over the sender link to see the actual email address.  Just show people the full "Question comment on Experts Exchange <>"  Outlook is the biggest culprit in assisting spammers to hide and falsify email for phishing expeditions to the non-technical users.

I am always amazed at
That's just your bias from your environment, based on your locations.  I've seen places were gmail is the most prevalent spammer source.  I've also see places where yahoo is the most prevalent source.  There are plenty of others It varies depending on which coast and which country you're in.  The spammers use all sources.  You may just happen to get more from based on your environment.
Josh PetragliaDigital Care CoordinatorCommented:
Webroot has been highly effective at protecting users against Ransomware.
I highly encourage you to read this discussion to learn more.

If you'd like more information on how our Product works to detect these types of threats, please feel free to reach out to me directly for more information.
E ATech LeadCommented:
Here are few best anti-ransomware software that you can check:

Kaspersky Internet Security
Malwarebytes 3
Zemana Antimalware
Trend Micro Internet Security
Bitdefender Internet Security 2017

Get in detailed:

Stay safe and don’t forget the best protection is always a backup! to protect yourself:

Hope this helps!
rgb192Author Commented:
thanks for information and telling me about scope
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.