Warp2Search
Software

Raccine 1.3 Beta / 0.10.5

Published by

Raccine is meant as a simple portable ransomware vaccine intended to protect against attacks that target shadow copies for deletion via vssadmin.exe.
Raccine is meant as a simple portable ransomware vaccine intended to protect against attacks that target shadow copies for deletion via vssadmin.exe.

Ransomware will often delete all shadow copies using vssadmin; Raccine intercepts that request and kills the invoking process. Raccine is a binary that first collects all PIDs of the parent processes and then attempts to kill all parent processes.

There are several advantages for Raccine, the method is generic, no replacement of a system file (vssadmin.exe or wmic.exe), which could lead to integrity problems and could break the "raccination" on each patch day, these changes are easy to undo, and finally, there is no running executable or additional service required (agent-less).

You have two different installation options:

Automatic
Download Raccine.zip from the Release section
Extract it
Run raccine-installer.bat

Manual
Apply Registry Patch raccine-reg-patch-vssadmin.reg to intercept invocations of vssadmin.exe
Place Raccine.exe from the release section in the PATH, e.g. into C:\Windows
(For i386 architecture systems, use Raccine_x86.exe and rename it to Raccine.exe)

It is important to note that you will be unable to run commands that use the blacklisted commands on a raccinated machine until you apply the uninstall patch raccine-reg-patch-uninstall.reg. This could break various backup solutions that run that specific command. It will not only block that request, but it kills all processes in that tree, including the backup solution and its invoking process.

If you have solid security monitoring that logs all process executions, you could check your logs to see if vssadmin.exe delete shadows or vssadmin.exe resize shadowstorage ... are frequently or sporadically used for legitimate purposes, in which case you should refrain from using Raccine.

Similar:
What's the Best Antivirus and Is Windows Defender Good Enough?
How to Tell the Difference Between a Virus and a False Positive
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
What to Do When Your Norton or McAfee Antivirus Expire


  Download

Lansweeper 8.0.130.39

Ubuntu 20.10 Review