Kaspersky Anti-Ransomware for Business
Kaspersky Anti-Ransomware for Business is a powerful free ransomware blocker from the top-rated Kaspersky Labs.
Despite the name, this isn't solely a business product. You must enter some business-type details before you can download it, but otherwise Kaspersky Anti-Ransomware is free for anyone to use.
The program is a standalone version of the anti-ransomware protection included in Kaspersky Endpoint Security for Business, the firm’s enterprise antivirus product. It uses file and behaviour monitoring technologies to detect and block any threats, and includes Kaspersky's excellent System Watcher model to roll back any malicious actions and recover damaged documents.
There's no need to have Kaspersky Antivirus installed, and in fact the Help file warns that you can't install Anti-Ransomware on a system that already has other Kaspersky applications. The program should run happily alongside other security software, though, and it's an easy way to add a second layer of protection to your existing system.
Setup
Click Download at the Kaspersky Anti-Ransomware for Business page and you're asked to register the program by handing over your name, company, email address, country, postcode, phone number and more. That's far more intrusive than most of the competition, but it's not unusual for a business product.
Anti-Ransomware is small by Kaspersky's standards, requiring around 30MB on our test PC. The interface process requires around 10MB RAM, a background service does most of the work, and there are some drivers offering support.
As we'd expect from Kaspersky, there are no issues with the program files, which are all sensibly organized and digitally signed.
Anti-Ransomware benefits from Kaspersky's strong self-defense capabilities, too. Even if malware manages to close the Anti-Ransomware process, it restarts almost instantly.
There's an unusual bonus feature in the ability to whitelist programs, ensuring they'll never be blocked. Anti-Ransomware doesn't raise many false alarms, in our experience, but it's good to have this available as an option.
A Trace feature enables the logging of significant program events, which might be handy if you're an expert trying to troubleshoot a complex issue.
If you really are running Kaspersky Anti-Ransomware in a business, you'll appreciate the option to automatically email reports on program performance to an administrator. Enter a target email address, a schedule (weekly, monthly) and your email server details, and it'll keep your administrator up-to-date with whatever's happening.
This isn't a substantial feature set compared to Kaspersky's usual products, but it's still much more than you'll get with most other anti-ransomware tools. If you're tired of the underpowered competition, this could have a lot of appeal.
Performance
The Kaspersky website claims Anti-Ransomware will protect even against 'unknown' threats, but unless you have a large collection of unknown ransomware, that's difficult to test.
What we can do instead is confront the program with a known ransomware type, and watch what happens. We tried running Cerber on a Kaspersky-protected system, with the internet connection disabled to ensure Anti-Ransomware couldn't use any cloud scanning engines. The results were good, with the threat being detected and blocked without difficulty. Cerber only had time to encrypt four files, but Kaspersky's System Watcher recovered them almost immediately and we lost no data at all.
Next, we tried to run KnowBe4's RanSim, a clever testing tool which can safely emulate multiple types of ransomware behaviour. Unfortunately, although it's non-destructive and only useful for testing, Anti-Ransomware identified it as a Trojan and blocked the program before it could even start.
As with most anti-ransomware programs, RanSim was blocked from running, but not deleted. In a real-world situation you would have to run an antivirus scan to find and properly remove the threat.
Finally, we turned to RanTest, a simple ransomware simulator of our own. This is far more basic than RanSim, but as it's never been released to the outside world, Kaspersky wouldn't have encountered it before.
We launched RanTest, and as it didn't recognize any immediate threat, Anti-Ransomware allowed the program to start. But just a fraction of a second later, after encrypting just three files, the RanTest process was killed. An alert warned us of the threat, and the three damaged files were recovered.
Our tiny test program wasn't serious ransomware, and made no effort to hide what it was doing, so it's no surprise that it was detected. But this does show that Kaspersky Anti-Ransomware for Business really can block previously unknown threats by their behaviour alone, and maybe without you losing a single byte of data.
Final verdict
Kaspersky’s app delivers easy-to-use ransomware protection which detected and blocked all our test threats, and quickly recovered the very small number of encrypted files. Forget the 'for business' tag – this is a tool that everyone needs to try.
0 comments:
Post a Comment