What happens when a purchased CryptoPrevent license expires?
In the past CryptoPrevent reverted to the free edition after the expiration of a license term, which still allowed usage of the protection features but disabled automatic/scheduled updates as well as other non-protection and convenience features. With the free edition now discontinued, we do not want these systems left unprotected even for a minute, therefore CryptoPrevent will remain a fully active product after the expiration of the license term, although any support or updates will be discontinued.
To be clear, an expired product license will lose the ability to receive product and definition updates as expected, but all protections and features will remain fully functional after your license expires. This effectively makes CryptoPrevent a one-time purchase, with updates included throughout the purchased license/subscription term only (some software vendors will refer to this as an included “product maintenance” period.)
Please note: When definition updates are disabled due to an expired license, you will no longer have the ability to enable or disable the Extended Hash Definitions option. The currently selected option when the subscription expires will remain in effect unless you re-subscribe to enable update functionality.
To restore update functionality and receive the current version of the software, with any newer features since your license expired, you can purchase a new license at any time.
CryptoPrevent Apply Protections (Plan/Custom Settings & Final Notes)
Applying Protections (Plan or customized selected)
Once you have confirmed all your desired settings at this point, click the Apply Protection Plan Depending on the policy and number of protections selected, it may take several minutes to apply protections.
You may also be prompted to whitelist all executables located in locations that will be blocked.
Please ensure that your systems is malware free prior to installing CryptoPrevent and particularly prior to answering yes to the question about whitelisting.
After the settings are applied, you will be prompted to reboot.
There is no guarantee that protections will be enabled unless a reboot is performed.
After rebooting, please test all your applications and ensure that they function as expected.
If you note any problems you feel may be caused by CryptoPrevent, you can review the History tab and to determine what may have happened.
Remediation will include either whitelisting or alteration of protection settings.
If you need additional assistance or advice in that, please contact our Help Desk via email: support@d7xtech.com
CryptoPrevent Command Line Parameters (Premium Only Feature)
/undo
Remove protections but leave whitelists
/undoall
Remove protections and all whitelists
/l=#
Set a specific plan level set of protections
Note: l is a lowercase L
#=0 for None Protection Plan
=1 for Minimal Protection Plan
=2 for Default Protection Plan
=3 for Maximum Protection Plan
=5 for Extreme Protection Plan
=a for Custom Plan (This won’t actually apply any new settings it will just reapply current settings)
/whitelist
Whitelist all EXEs in protected locations
/enablesidebar
Enable Sidebar and Gadgets
/disablesidebar
Disable Sidebar and GadgetsFor the following protections a “=0” can be added to disable protection. Enabling the protection would not require additional parameters.
You may also want to run “/apply” to ensure settings have been fully applied.
/bcdedit
Prevent bcdedit from execution on the system
/syskey
Prevent syskey from execution on the system
/cipher
Prevent cipher from execution on the system
/vssadmin
Prevent vssadmin from execution on the system
/known
Enable Prevent known malware from starting on Protection Settings->Software Restriction Policies->Default Plan
/programdata
Enable %programdata% on Protection Settings->Software Restriction Policies->Default Plan
/userprofile
Enable %userprofile% on Protection Settings->Software Restriction Policies->Default Plan
/startup
Enable Startup Folders on Protection Settings->Software Restriction Policies->Default Plan
/bin
Enable Recycle Bin on Protection Settings->Software Restriction Policies->Minimum Plan
/appdata
Enable %appdata% on Protection Settings->Software Restriction Policies->Minimum Plan
/appdatadeep
Enable %appdata%\* on Protection Settings->Software Restriction Policies->Minimum Plan
/localappdata
Enable %localappdata% on Protection Settings->Software Restriction Policies->Minimum Plan
/localappdatadeep
Enable %localappdata%\* on Protection Settings->Software Restriction Policies->Maximum Plan
/fakeexts
Enable Double File Extensions on Protection Settings->Software Restriction Policies->Minimum Plan
/tempexes
Enable Block Executables Temporarily Extracted from Archives on Protection Settings->Software Restriction Policies->Maximum Plan
/w=[filename.ext]
Whitelist a specific executable in %appdata%
/p=[filename.ext]
Whitelist a specific executable in %programdata%
/u=[filename.ext]
Whitelist a specific executable in %userprofile%
/s=[filename.ext]
Whitelist a specific executable in Startup Folder
/a=[custom allow policy rule]
Custom allow rule; full file/path NO WILDCARDS
/b=[custom block policy rule]
Custom block rule; wildcards supportedYou can add multiple entries by separating values with “,”(comma)
/enablefiltermodule
Enable the filter module based on the current settings
/disableenablefiltermodule
Disables the filter module (regardless of current settings)
/noallowprompt
Disable allowing applications from running when blocked by filter module
/fs=[extensionType] (separate values with ‘,’ comma)
Add suspicious filter module for CPL, SCR, or PIF
/fc=[extensionType] (separate values with ‘,’ comma)
Add constant filter module for CPL, SCR, or PIF
/disablefs=[extensionType] (separate values with ‘,’ comma)
Remove supsicious filter moduel for CPL, SCR, or PIF
/disablefc=[extensionType] (separate values with ‘,’ comma)
Remove constant filter module for CPL, SCR, or PIF
/updatehour=[XX] or Random
Defines update hours for scheduled updates
(XX should be between 00 and 23)
(Assumes /enableupdates command as well)
/killemall
Kills all non-essential running processes
/test + /silent
Writes a file w/ text 0 or 1 to show protections status
/test
Displays a form to show protection status
/silent
Silent Mode
/reboot
Reboots the system (final operation if other parameters are defined)
/nogpupdate
Skip the group policy update after changes
/apply
Apply protection and alert when completed
/logging or /debug
Enable logging output to logs folder
/emailusername=”user@addy.com”
/emailsamesendtofromaddy
or use the following together:
/emailfromaddy=”user@addy.com”
/emailsendtoaddy=”user@addy.com”
/emailpassword=”password”
/emailserver=”serverAddress”
/emailport=”portNumber”
/emailauthenable
(Add =0 to disable)
/emailstarttlsenable
(Add =0 to disable)
/emailsslenable
(Add =0 to disable)
/clientemailid=”Client ID to be added to Email Subject”
/emaillocksettings
(Add =0 to disable)
Only applies to Bulk or White-Label Editions
/ProxyUpdateEnabled (add ‘=0’ to disable)
Enables proxy for update operations
/ProxyUpdateAddress=[domain]
Set proxy address to specified domain or IP for update operations
/ProxyUpdatePort=[Port#]
Set proxy port number for update operations
/ProxyUpdateUser=[userName]
Set proxy username for update operations
/ProxyUpdatePassword=[password]
Set proxy password for update operations
/ProxyUpdateSocksEnabled (add ‘=0’ to disable)
Set proxy to be SOCKS proxy instead of HTTP proxy for update operations
/ProxyEmailEnabled (add ‘=0’ to disable)
Enables proxy for email operations
/ProxyEmailAddress=[domain]
Set proxy address to specified domain or IP for email operations
/ProxyEmailPort=[Port#]
Set proxy port number for email operations
/ProxyEmailUser=[userName]
Set proxy username for email operations
/ProxyEmailPassword=[password]
Set proxy password for email operations
/ProxyEmailSocksEnabled (add ‘=0’ to disable)
Set proxy to be SOCKS proxy instead of HTTP proxy for email operations
/ProxySame (add ‘=0’ to disable)
Apply the same proxy settings for email as are applied for updates
/ProxyFromFile=[ini file location]
Applies proxy settings from an INI file format
Example Proxy INI File contents:
[Proxy]
UpdateSameEmail=1 or 0
UpdateEnabled=1 or 0
ProxyAddressU=testAddress
ProxyPortU=1234
ProxyAuthU=1 or 0
ProxyUserU=userName
ProxyPassU==password
ProxySocksU=1 or 0
EmailEnabled=1 or 0
ProxyAddressE=testAddress
ProxyPortE=1234
ProxyAuthE=1 or 0
ProxyUserE=userName
ProxyPassE==password
ProxySocksE=1 or 0
WARNING: These settings are designed and should be used for advanced users only or as directed by Foolish IT support staff. Misuse of these setting can severely impact the performance and ability of both FolderWatch and the HoneyPot Detection Protection features in CryptoPrevent. Use these options at your own risk and in most cases here less is more and being specific is safer!
WARNING: These settings are designed and should be used for advanced users only or as directed by Foolish IT support staff. Misuse of these setting can severely impact the performance and ability of both FolderWatch and the HoneyPot Detection Protection features in CryptoPrevent. Use these options at your own risk and in most cases here less is more and being specific is safer!
Whitelist Process from being Killed
One entry per line
This option applies to the Kill Apps Now button on the Apply Protection tab, the options available in the right click menu of the system tray, and to the ability of FolderWatch service killing tasks during a HoneyPot Detection activation
Only the executable name with extension is needed and is not case sensitive (ex. c:\program files\InstalledProgram\InstalledProgram.exe would only need to have a line entry of “installedprogram.exe”)
Notes:
It is not recommended to add any browser process name as these are the most common apps you want to be killed easily and most modern browsers save the sessions fairly well
Common programs you may want to add would be a word processor or other office productivity application or database applications, however since these can be used as points of attacks you may want to be very conservative in adding these too, increasing autosave features to shorter durations may be a better route
FolderWatch Whitelist Path
One entry per line
This option allows entire folders or specific files or files in locations to be ignored by FolderWatch
This can be useful if a file requires a file lock and will not share access with FolderWatch in folders monitored by FolderWatch
line entry ending with a trailing backslash so the entire folder is ignored
ex:
<ad>\programV18.*\ would have FolderWatch ignore the entire folder for a path where the version number changes in application data (roaming for vista+)
c:\installed program\programfilename.* would have FolderWatch ignore filenames matching with any extension
c:\installed program\programfileV*.exe would have FolderWatch ignore filenames with variable version numbers with matching extension
HoneyPot Whitelist Pattern
One entry per line
This can be used to allow files that might match a built-in blacklisted pattern, helpful when filenames in folders monitored by FolderWatch might be similar or the same as some ransomware variants
Note each check for a whitelisted pattern adds time to the ability for checking against blacklisted patterns, meaning that ransomware could remain active and encrypt additional files prior to FolderWatch being able to detect and kill any active ransomware, it may be better to ignore specific files or types that match patterns using the FolderWatch Whitelist Path options
If a false positive is triggered with the *.crypto pattern, *.crypto can be added to a line to ignore future matches
<ad>\programV18.*\ would have HoneyPot detection ignore the entire folder for a path where the version number changes in application data (roaming for vista+)
c:\installed program\programfilename.* would have FolderWatch ignore filenames matching with any extension
HoneyPot Blacklist Pattern
One entry per line
This can be used to create your own encryption pattern matching options
<ad>\programV18.*\ would have HoneyPot Detection triggered if the folder has files created or changed where the version number changes in the folder in application data (roaming for vista+)
c:\installed program\programfilename.* would have HoneyPot Detection triggered if filenames matching with any extension in the specific folder
Custom HoneyPot Files
One entry per line
Allows you to:
create your own honeypot files named with or without default extensions
Syntax per line:
filename|filetype|extensionsdisabled
the pipe (|) character must separate the three definitions per custom honeypot file created and all items need to be defined as mentioned or errors may occur or produce unexpected results
filename=the custom file name you would like to be used (include extension if you are disabling the default extensions)
filetype=Normal, Hidden, or System which will create the custom file as indicated
extensionsdisabled=0 or 1, where 0 uses the default honeypot file extensions and removes any extension in the filename and 1 will not use the default honeypot file extensions and use the extension if defined in the filename above
enable or disable the default honeypot files creation
to disable the default honeypot files add a single line entry of:
nodefault
disabling default honeypot files and not adding custom files of your own will cause honeypot detection to operate on file/folder name pattern matching alone
to leave the default files created just do not add that line and the default files with various filenames will be created as system files as is the standard as well as any custom files you have defined
WARNING: These settings are designed and should be used for advanced users only or as directed by Foolish IT support staff. Misuse of these setting can severely impact the performance and ability of both FolderWatch and the HoneyPot Detection Protection features in CryptoPrevent. Use these options at your own risk and in most cases here less is more and being specific is safer!
Enable Proxy Settings
Enables proxy settings defined for update/download operations
Proxy Server Address (domain or IP only)
Port
Username
Password
Socks 5 Proxy enable/disable
Use the same proxy settings for email
Enable or disable using the same proxy settings defined for updates for sending emails as well
Enable Proxy Settings
Enables proxy settings defined for email operations
Proxy Server Address (domain or IP only)
Port
Username
Password
Socks 5 Proxy enable/disable
CryptoPrevent->Command Line Parameters (Premium Only Feature)
Command Line Parameters (Premium Only Feature):
/undo
Remove protections but leave whitelists
/undoall
Remove protections and all whitelists
/l=#
Set a specific plan level set of protections
Note: l is a lowercase L
#=0 for None Protection Plan
=1 for Minimal Protection Plan
=2 for Default Protection Plan
=3 for Maximum Protection Plan
=5 for Extreme Protection Plan
=a for Custom Plan (This won’t actually apply any new settings it will just reapply current settings)
/whitelist
Whitelist all EXEs in protected locations
/enablesidebar
Enable Sidebar and Gadgets
/disablesidebar
Disable Sidebar and GadgetsFor the following protections a “=0” can be added to disable protection. Enabling the protection would not require additional parameters.
You may also want to run “/apply” to ensure settings have been fully applied.
/bcdedit
Prevent bcdedit from execution on the system
/syskey
Prevent syskey from execution on the system
/cipher
Prevent cipher from execution on the system
/vssadmin
Prevent vssadmin from execution on the system
/known
Enable Prevent known malware from starting on Protection Settings->Software Restriction Policies->Default Plan
/programdata
Enable %programdata% on Protection Settings->Software Restriction Policies->Default Plan
/userprofile
Enable %userprofile% on Protection Settings->Software Restriction Policies->Default Plan
/startup
Enable Startup Folders on Protection Settings->Software Restriction Policies->Default Plan
/bin
Enable Recycle Bin on Protection Settings->Software Restriction Policies->Minimum Plan
/appdata
Enable %appdata% on Protection Settings->Software Restriction Policies->Minimum Plan
/appdatadeep
Enable %appdata%\* on Protection Settings->Software Restriction Policies->Minimum Plan
/localappdata
Enable %localappdata% on Protection Settings->Software Restriction Policies->Minimum Plan
/localappdatadeep
Enable %localappdata%\* on Protection Settings->Software Restriction Policies->Maximum Plan
/fakeexts
Enable Double File Extensions on Protection Settings->Software Restriction Policies->Minimum Plan
/tempexes
Enable Block Executables Temporarily Extracted from Archives on Protection Settings->Software Restriction Policies->Maximum Plan
/w=[filename.ext]
Whitelist a specific executable in %appdata%
/p=[filename.ext]
Whitelist a specific executable in %programdata%
/u=[filename.ext]
Whitelist a specific executable in %userprofile%
/s=[filename.ext]
Whitelist a specific executable in Startup Folder
/a=[custom allow policy rule]
Custom allow rule; full file/path NO WILDCARDS
/b=[custom block policy rule]
Custom block rule; wildcards supportedYou can add multiple entries by separating values with “,”(comma)
/enablefiltermodule
Enable the filter module based on the current settings
/disableenablefiltermodule
Disables the filter module (regardless of current settings)
/noallowprompt
Disable allowing applications from running when blocked by filter module
/fs=[extensionType] (separate values with ‘,’ comma)
Add suspicious filter module for CPL, SCR, or PIF
/fc=[extensionType] (separate values with ‘,’ comma)
Add constant filter module for CPL, SCR, or PIF
/disablefs=[extensionType] (separate values with ‘,’ comma)
Remove supsicious filter moduel for CPL, SCR, or PIF
/disablefc=[extensionType] (separate values with ‘,’ comma)
Remove constant filter module for CPL, SCR, or PIF
/updatehour=[XX] or Random
Defines update hours for scheduled updates
(XX should be between 00 and 23)
(Assumes /enableupdates command as well)
/killemall
Kills all non-essential running processes
/test + /silent
Writes a file w/ text 0 or 1 to show protections status
/test
Displays a form to show protection status
/silent
Silent Mode
/reboot
Reboots the system (final operation if other parameters are defined)
/nogpupdate
Skip the group policy update after changes
/apply
Apply protection and alert when completed
/logging or /debug
Enable logging output to logs folder
/emailusername=”user@addy.com”
/emailsamesendtofromaddy
or use the following together:
/emailfromaddy=”user@addy.com”
/emailsendtoaddy=”user@addy.com”
/emailpassword=”password”
/emailserver=”serverAddress”
/emailport=”portNumber”
/emailauthenable
(Add =0 to disable)
/emailstarttlsenable
(Add =0 to disable)
/emailsslenable
(Add =0 to disable)
/clientemailid=”Client ID to be added to Email Subject”
/emaillocksettings
(Add =0 to disable)
Only applies to Bulk or White-Label Editions
/ProxyUpdateEnabled (add ‘=0’ to disable)
Enables proxy for update operations
/ProxyUpdateAddress=[domain]
Set proxy address to specified domain or IP for update operations
/ProxyUpdatePort=[Port#]
Set proxy port number for update operations
/ProxyUpdateUser=[userName]
Set proxy username for update operations
/ProxyUpdatePassword=[password]
Set proxy password for update operations
/ProxyUpdateSocksEnabled (add ‘=0’ to disable)
Set proxy to be SOCKS proxy instead of HTTP proxy for update operations
/ProxyEmailEnabled (add ‘=0’ to disable)
Enables proxy for email operations
/ProxyEmailAddress=[domain]
Set proxy address to specified domain or IP for email operations
/ProxyEmailPort=[Port#]
Set proxy port number for email operations
/ProxyEmailUser=[userName]
Set proxy username for email operations
/ProxyEmailPassword=[password]
Set proxy password for email operations
/ProxyEmailSocksEnabled (add ‘=0’ to disable)
Set proxy to be SOCKS proxy instead of HTTP proxy for email operations
/ProxySame (add ‘=0’ to disable)
Apply the same proxy settings for email as are applied for updates
/ProxyFromFile=[ini file location]
Applies proxy settings from an INI file format
Example Proxy INI File contents:
[Proxy]
UpdateSameEmail=1 or 0
UpdateEnabled=1 or 0
ProxyAddressU=testAddress
ProxyPortU=1234
ProxyAuthU=1 or 0
ProxyUserU=userName
ProxyPassU==password
ProxySocksU=1 or 0
EmailEnabled=1 or 0
ProxyAddressE=testAddress
ProxyPortE=1234
ProxyAuthE=1 or 0
ProxyUserE=userName
ProxyPassE==password
ProxySocksE=1 or 0
Using Process Explorer on 64-bit OS
Process Explorer copies it’s 64-bit version to the temp folder to execute, you may need to whitelist the following location to allow this application to operate.
%localappdata%\Temp\Procexp64.exe
CryptoPrevent White-Label Installation
Installation of CryptoPrevent White-Label Creator is carried out with very few steps:
Extract the ZIP archive downloaded from our site to a location of your choosing and make note of the location. This file contains the installer/setup routine for CryptoPrevent.
Launch the installer executable file from the above location.
Click next.
It is not possible to proceed without accepting the license agreement and clicking next.
Choose whether or not to create a desktop shortcut and click next.
Click install to initiate the installation.
Click finish to close the installation and launch the tool. Uncheck the box shown if you do not want to proceed at this time.
CryptoPrevent White-Label Main Interface
CryptoPrevent Creator-Configurator Tool Main Interface
Please enter in your company name for purchase identification purposes and the product key that was delivered as part of your White-Label purchase.
The vast majority of white label edition licenses that exist are not subscription based.
Please only use the Whitelabel Subscription checkbox if were provided with a username or password as part of a prior purchase.
In the case of subscriptions, it is necessary to check the box for that and enter your provided username and password.
The Test Login button must then be pressed to validate your information.
Copy and paste your product key exactly as you received it.
The key should automatically validate after a delay that may last for a minute or more.
If the information was entered correctly and was validated successfully, the bottom portion of the tool will be exposed.
You always want to make sure the Creator tool is up to date
The Latest version of CP will be shown in the top right
click the “Get Latest Update” button to upgrade the Creator
This will ensure any installers you create are up to date when you build the installer
Inno Setup is required to build your custom installer and it is necessary to either use the provided button or install it manually to complete a build.
The top portion of the tool’s interface shows the total number of remaining licenses associated with the product key previously entered.
In the above example, 99 installations/licenses are available to assign to a particular configuration.
Once installations/licenses are assigned to a particular configuration, they are reduced from your overall remaining installations.
Installations/licenses may be retrieved from a configuration as long as they have not been deployed.
Placing a smaller number of installs than originally specified or a zero in the Define Number of Installs for Configuration field will increase your overall remaining installations.
The loss of a configuration with installations/licenses attached will result in the loss of those installations/licenses.
For this reason, we provide backup and restore buttons to safeguard your configurations. Please do not hesitate to frequently utilize those buttons.
The standard steps you would want to follow to create a configuration are the following:
Assuming you have more than 0 “Overall Remaining Installations:” available.
Enter a name for the configuration
this name is for your reference only
the client in most all circumstances will not see this configuration name
however it is stored in an ini file on their system so keep that in mind when naming configurations
Enter a positive number in the “Define Number of Installs for Configuration” box
this is the number of installs the created installer will be able to be used on
this number can be increased/decreased in the future as long as
additional “Overall Remaining Installations” are available to increase the configuration’s remaining installs
there are “Installs Remaining on Configuration” to decrease, which will be added back to the “Overall Remaining Installs”
once the number of remaining installs on the configuration are at 0
the created installer will not longer install the premium version with your defined settings on new systems
This installer can still be used to reinstall on systems currently consuming a license under this White-Label key
a 0 (“zero”) can be entered here to disable the created installer from installing additional installs
This installer can still be used to reinstall on systems currently consuming a license under this White-Label key
if you enter the same number as the “Installs Remaining on Configuration”, no licenses changes will be made
this is useful if you want to change the configuration and resubmit for a new installer that has different settings
Save/Update Current Configuration
Backup Configurations to Zip
save this backup in a secure location
it is password protected, you will be prompted to enter a password at time of backup creation
Foolish IT has no access to this password
if it is lost/forgotten, it is unlikely that it will be recoverable
you should only need to restore this backup if:
you uninstall the CryptoPrevent Creator-Configuration tool from the system
the system with your configurations suffers a failure and needs to be reloaded
Adjusting the “Installs Remaining on Configuration” can be done by ensuring the appropriate configuration is loaded and then following steps 3-5 above
You can load a saved configuration using the “Load a Previously Saved Configuration” button
this will allow you to adjust the remaining installs
this will automatically apply to the currently created installer
or change the settings on the configuration
this would require submitting the configuration again and having a new installer created
note this may incur a charge for additional installer creation
additional information on the Submit tab documentation
CryptoPrevent White-Label Creator Protections Tab
Protections tab
The Minimum plan includes:
Software restriction policy path rules for the appdata folder, all folders beneath appdata, the “local” (as opposed to “roaming”) appdata folder, and the Recycle Bin.
It also includes protections related to program naming, including blocking of double file extensions and exploits related to the direction of text interpretation.
Please follow the provided link for more information regarding the right-to-left override character:
View the client documentation for more information on the specific locations these locations include
The Default plan includes:
Software restriction policy path rules for the programdata folder, the user profiles folders, and the start menu startup folders.
Three additional Windows utilities are also potentially blocked under this plan, vssadmin.exe, syskey.exe, and cipher.exe.
Please note that these are legitimate tools that have been known to be co-opted by malicious software.
If you have no use of these tools and you do not use applications that rely upon them, you may safely enable those protections.
The miscellaneous protections included in the Default plan will block some additional vectors for existing malware as well as the option to disable the use of legacy “Sidebar and Gadget” applications.
The Sidebar and Gadget” option is recommended by Microsoft due to known security implications of their usage:
View the client documentation for more information on the specific locations these locations include
The Maximum plan includes:
Software restriction policy path rules for the subfolders beneath localappdata and folders where files are temporarily extracted from archives, such as ZIP files
The Block Windows Programs section will optionally prevent the use of the following Windows utilities: bcdedit.exe, wscript.exe, and cscript.exe.
Disable Windows Script Host option
You may not want to enable this option because long login delays were reported when enabling this option in environments that utilize login scripts.
It should be safe to enable this option in a non-domain environment and when you do not rely upon the use of Windows scripts.
View the client documentation for more information on the specific locations these locations include
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
can either selectively block certain executable file types or indiscriminately block them.
The top three check boxes for the the .cpl, .scr, and .pif file types will check each files against our malware definitions and block them if a match is found.
The lower three check boxes may be selected to always prevent the execution of the respective file types.
Program filtering for .exe and .com executables is always based upon definitions because preventing them always would prevent most, if not all, software from operating.
The notification prompt settings on the right side only pertain to the .cpl, .scr, and .pif file types.
We recommend the default value of Message Box Alert for the notification prompt.
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent White-Label Creator FolderWatch Tab
FolderWatch tab:
FolderWatch provides additional monitoring of a selection of common folders and, optionally, custom folders.
Files flagged as potentially malicious will be quarantined in the folder specified here.
It is important to note that subfolders are monitored in the case of the predefined user folders but not in the case of custom folders.
It would be necessary to individually add subfolders to the custom list in order for them to be monitored.
d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
note it should be defined one line per folder
The HoneyPot feature related to FolderWatch places numerous files around your PC to act as bait.
When activity is detected against these files, the HoneyPot feature will do everything in its power to prevent any further system activity, including slowing the system and only allowing it to be rebooted or shutdown.
When this feature is activated, the idea is that the system has been grievously compromised and your data is at risk from malicious activity.
As such, it is a “last ditch” effort to preserve your data with the hopes that only our bait files will be compromised and not any legitimate data.
Please use this feature with caution as there is the possibility of false positives due to the fact that any manipulation of the HoneyPot files will trigger our HoneyPot protections.
If this feature is enabled it is highly recommended you enable the QuickAccess Tray Icon under the Installer tab as well
otherwise the end user will not be notified and the system will shutdown without warning when HoneyPot feature is activated
an event will still be written to the event log and and email alert (if enabled) will be sent out regardless of the QuickAccess Tray Icon being enabled
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent White-Label Creator Policies Tab
Policies tab:
Software Restriction Policy (SRP) Whitelist:
The whitelist is a list of programs explicitly allowed via software restriction path rules.
We provide a Whitelist EXEs already located in blocked locations upon install checkbox to simplify adding all existing items in blocked locations to the whitelist during client installation.
You may predefine whitelist policies using the Define button.
d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
note it should be defined one line per folder
Whitelist policies should be as specific as possible to avoid being overridden by a more specific blacklist entry.
This concern comes into play when using wildcards, so the use of wildcards should be avoided in whitelist rules if possible.
SRP Blacklist:
The blacklist is a list of programs explicitly blocked via software restriction path rules.
It is possible to use wildcards in blacklist policies.
Feel free to add additional rules using the Define button to enhance protections for your specific environment.
d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
note it should be defined one line per folder
User Hash Definitions:
Similar to the whitelist and blacklist software restriction policies, our hash definitions also utilize lists to either allow or block a specific hash definitions, respectively.
Use the various Define buttons to allow or disallow a hash, for the whitelist or blacklist, respectively to either remove a false positive or enhance protections over the base definitions.
note it should be defined one line per folder
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent White-Label Creator Updates Tab
Updates tab:
The updates tab allows you to enable a daily update schedule that runs at the hour of your choosing or at a randomly picked time.
You may disable the reboot prompt for installation under Windows XP using the provided check box.
Additional hash definitions will be downloaded from our servers if the Enable Extended Definitions Files *beta* option is checked.
As of this writing, over 50000 base definitions are applied and that number increases to over 70000 with that option enabled.
Check for Updates after Install allows you to ensure when an installer is used the latest CryptoPrevent is installed
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent White-Label Creator Email Tab
Email Settings tab:
This tab is used to enable email notifications of alerts.
Alerts will be emailed using the provided credentials and options.
Settings must be specified for every option except for email subject line text.
Please note that Google will block external SMTP access unless you enable the “use less secure apps” option in your Gmail account settings.
This restriction applies to any software that uses Google’s SMTP access and is not specific to CryptoPrevent.
For example, Microsoft Outlook is affected by this as well.
Please ensure your settings are correct by using the Send Test Email button.
This tab contains various options relating to how the installer we provide functions.
You can force the protections to apply automatically and silently after install
this will save a last step in the installation process where it would still be necessary to have the protections applied after installed
There also option to force a reboot when protections have been silently applied
however, it is necessary to specify the /verysilent command line parameter to have a completely silent installation without the need of any user interaction.
Note: applying protections after install can take a long time depending on the system
you can check the task manager to verify when CryptoPrevent.exe
optionally you can check “Restart After Install” to ensure protections are set
by waiting for the system to reboot on its own after applying protections
Additional checkboxes are provided for options relating to automatically launching the tray app for notifications, creating additional shortcut icons, and automatic restart preferences.
Optional Installer Texts, offers further customization of the actual installer itself for branding purposes
EULA-offer supplemental terms and conditions for installation
note the default CryptoPrevent EULA will always be included with the installer creation
Info (Pre)
offers ability to add information the end user reads prior to installation
Info (Post)
offers ability to add information the end user reads after the installation has completed
You will want to have a txt document ready with the text you would like to add to any of these options
Branding Options
provides the ability to add your own logo and icon to CryptoPrevent
the logo is used when protections are being applied
you can see an example of it’s usage with the “Test BMP Logo” after you have added a logo file
it is suggested you use a 24-bit BMP with dimensions of 280×190
the icon is used for shortcut icons, the upper left of the application and taskbar
Start Menu options
Apply & Undo protection options are always added to the start menu unless you uncheck the “Start Menu Launch CP” option
An additional option to open the main CryptoPrevent client interface to the start menu
An additional web address can be added to the start menu location as well
CryptoPrevent White-Label Creator Tray Tab
Tray tab:
This tab is used to configure all aspects of the tray icon.
Each option available on the right-click menu is optional as are three custom options.
** indicate options that would require administrative rights for the end user to actually be able to use them
it will prompt for elevation when needed
Custom options include the ability to:
Launch a program (ex a remote support tool)
Take a screenshot (ex useful when a user needs to show examples of an error)
Link to a web site (ex support ticket creation or link to your site)
This tab is used to create your installer to deploy this configuration
It is highly recommended you make installers only on a system you control
as well as limiting installer creation to a single system
If the “Save/Create Custom Installer button is Greyed out/unavailable
Ensure in the top right “Inno Setup is:” shows as installed
It is required for Inno Setup to be installed in it’s default location under the Program Files directory
When the Save/Create Custom Installer button is used this will also save you configuration
Be sure to make a backup of your configurations regularly
See the Load/Save tab documentation for more information about this process
Additional Notes on the Installer that is created:
Your custom installer contains your licensing codes.
Installations and licenses consumed by your custom installer are considered authorized by you.
You will be responsible for all usage of your custom installer.
If we believe your custom installer to be in violation of our licensing terms, we reserve the right to terminate the licenses and ban the associated codes.
For additional assistance, please send all communications to sales [at] foolishit.com or support [at] foolishit.com for the fastest response.
CryptoPrevent Bulk Creator Installation
Installation of CryptoPrevent Bulk Creator is carried out with very few steps:
Extract the ZIP archive downloaded from our site to a location of your choosing and make note of the location. This file contains the installer/setup routine for CryptoPrevent.
Launch the installer executable file from the above location.
Click next.
It is not possible to proceed without accepting the license agreement and clicking next.
Choose whether or not to create a desktop shortcut and click next.
Click install to initiate the installation.
Click finish to close the installation and launch the tool. Uncheck the box shown if you do not want to proceed at this time.
CryptoPrevent Bulk Creator Main Interface
CryptoPrevent Creator-Configurator Tool Main Interface
Please enter in your company name for purchase identification purposes and the product key that was delivered as part of your bulk purchase.
Copy and paste your product key exactly as you received it.
The key should automatically validate after a delay that may last for a minute or more.
If the information was entered correctly and was validated successfully, the bottom portion of the tool will be exposed.
Ensure your version of the Creator is up to date using the Configurator setup & “Get Latest Update” button on the far right prior to a new submission
CryptoPrevent Bulk Creator Load/Save ConfigTab
Load/Save Config tab
The top portion of the tool’s interface shows the total number of remaining licenses associated with the product key previously entered.
In the above example, 99 installations/licenses are available to assign to a particular configuration.
Once installations/licenses are assigned to a particular configuration, they are reduced from your overall remaining installations.
Installations/licenses may be retrieved from a configuration as long as they have not been deployed.
Placing a smaller number of installs than originally specified or a zero in the Define Number of Installs for Configuration field will increase your overall remaining installations.
The loss of a configuration with installations/licenses attached will result in the loss of those installations/licenses.
For this reason, we provide backup and restore buttons to safeguard your configurations. Please do not hesitate to frequently utilize those buttons.
The standard steps you would want to follow to create a configuration are the following:
Assuming you have more than 0 “Overall Remaining Installations:” available.
Enter a name for the configuration
this name is for your reference only
the client in most all circumstances will not see this configuration name
however it is stored in an ini file on their system so keep that in mind when naming configurations
Enter a positive number in the “Define Number of Installs for Configuration” box
this is the number of installs the created installer will be able to be used on
this number can be increased/decreased in the future as long as
additional “Overall Remaining Installations” are available to increase the configuration’s remaining installs
there are “Installs Remaining on Configuration” to decrease, which will be added back to the “Overall Remaining Installs”
once the number of remaining installs on the configuration are at 0
the created installer will not longer install the premium version with your defined settings on new systems
This installer can still be used to reinstall on systems currently consuming a license under this bulk key
a 0 (“zero”) can be entered here to disable the created installer from installing additional installs
This installer can still be used to reinstall on systems currently consuming a license under this bulk key
if you enter the same number as the “Installs Remaining on Configuration”, no licenses changes will be made
this is useful if you want to change the configuration and resubmit for a new installer that has different settings
Save/Update Current Configuration
Backup Configurations to Zip
save this backup in a secure location
it is password protected, you will be prompted to enter a password at time of backup creation
Foolish IT has no access to this password
if it is lost/forgotten, it is unlikely that it will be recoverable
you should only need to restore this backup if:
you uninstall the CryptoPrevent Creator-Configuration tool from the system
the system with your configurations suffers a failure and needs to be reloaded
Adjusting the “Installs Remaining on Configuration” can be done by ensuring the appropriate configuration is loaded and then following steps 3-5 above
You can load a saved configuration using the “Load a Previously Saved Configuration” button
this will allow you to adjust the remaining installs
this will automatically apply to the currently created installer
or change the settings on the configuration
this would require submitting the configuration again and having a new installer created
note this may incur a charge for additional installer creation
additional information on the Submit tab documentation
CryptoPrevent Bulk Creator Protections Tab
Protections tab
The Minimum plan includes:
Software restriction policy path rules for the appdata folder, all folders beneath appdata, the “local” (as opposed to “roaming”) appdata folder, and the Recycle Bin.
It also includes protections related to program naming, including blocking of double file extensions and exploits related to the direction of text interpretation.
Please follow the provided link for more information regarding the right-to-left override character:
View the client documentation for more information on the specific locations these locations include
The Default plan includes:
Software restriction policy path rules for the programdata folder, the user profiles folders, and the start menu startup folders.
Three additional Windows utilities are also potentially blocked under this plan, vssadmin.exe, syskey.exe, and cipher.exe.
Please note that these are legitimate tools that have been known to be co-opted by malicious software.
If you have no use of these tools and you do not use applications that rely upon them, you may safely enable those protections.
The miscellaneous protections included in the Default plan will block some additional vectors for existing malware as well as the option to disable the use of legacy “Sidebar and Gadget” applications.
The Sidebar and Gadget” option is recommended by Microsoft due to known security implications of their usage:
View the client documentation for more information on the specific locations these locations include
The Maximum plan includes:
Software restriction policy path rules for the subfolders beneath localappdata and folders where files are temporarily extracted from archives, such as ZIP files
The Block Windows Programs section will optionally prevent the use of the following Windows utilities: bcdedit.exe, wscript.exe, and cscript.exe.
Disable Windows Script Host option
You may not want to enable this option because long login delays were reported when enabling this option in environments that utilize login scripts.
It should be safe to enable this option in a non-domain environment and when you do not rely upon the use of Windows scripts.
View the client documentation for more information on the specific locations these locations include
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent Bulk Creator Filter Module Tab
Filter Module tab:
Filter Module
can either selectively block certain executable file types or indiscriminately block them.
The top three check boxes for the the .cpl, .scr, and .pif file types will check each files against our malware definitions and block them if a match is found.
The lower three check boxes may be selected to always prevent the execution of the respective file types.
Program filtering for .exe and .com executables is always based upon definitions because preventing them always would prevent most, if not all, software from operating.
The notification prompt settings on the right side only pertain to the .cpl, .scr, and .pif file types.
We recommend the default value of Message Box Alert for the notification prompt.
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent Bulk Creator FolderWatch Tab
FolderWatch tab:
FolderWatch provides additional monitoring of a selection of common folders and, optionally, custom folders.
Files flagged as potentially malicious will be quarantined in the folder specified here.
It is important to note that subfolders are monitored in the case of the predefined user folders but not in the case of custom folders.
It would be necessary to individually add subfolders to the custom list in order for them to be monitored.
d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
note it should be defined one line per folder
The HoneyPot feature related to FolderWatch places numerous files around your PC to act as bait.
When activity is detected against these files, the HoneyPot feature will do everything in its power to prevent any further system activity, including slowing the system and only allowing it to be rebooted or shutdown.
When this feature is activated, the idea is that the system has been grievously compromised and your data is at risk from malicious activity.
As such, it is a “last ditch” effort to preserve your data with the hopes that only our bait files will be compromised and not any legitimate data.
Please use this feature with caution as there is the possibility of false positives due to the fact that any manipulation of the HoneyPot files will trigger our HoneyPot protections.
If this feature is enabled it is highly recommended you enable the QuickAccess Tray Icon under the Installer tab as well
otherwise the end user will not be notified and the system will shutdown without warning when HoneyPot feature is activated
an event will still be written to the event log and and email alert (if enabled) will be sent out regardless of the QuickAccess Tray Icon being enabled
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent Bulk Creator Policies Tab
Policies tab:
Software Restriction Policy (SRP) Whitelist:
The whitelist is a list of programs explicitly allowed via software restriction path rules.
We provide a Whitelist EXEs already located in blocked locations upon install checkbox to simplify adding all existing items in blocked locations to the whitelist during client installation.
You may predefine whitelist policies using the Define button.
d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
note it should be defined one line per folder
Whitelist policies should be as specific as possible to avoid being overridden by a more specific blacklist entry.
This concern comes into play when using wildcards, so the use of wildcards should be avoided in whitelist rules if possible.
SRP Blacklist:
The blacklist is a list of programs explicitly blocked via software restriction path rules.
It is possible to use wildcards in blacklist policies.
Feel free to add additional rules using the Define button to enhance protections for your specific environment.
d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
note it should be defined one line per folder
User Hash Definitions:
Similar to the whitelist and blacklist software restriction policies, our hash definitions also utilize lists to either allow or block a specific hash definitions, respectively.
Use the various Define buttons to allow or disallow a hash, for the whitelist or blacklist, respectively to either remove a false positive or enhance protections over the base definitions.
note it should be defined one line per folder
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent Bulk Creator Updates Tab
Updates tab:
The updates tab allows you to enable a daily update schedule that runs at the hour of your choosing or at a randomly picked time.
You may disable the reboot prompt for installation under Windows XP using the provided check box.
Additional hash definitions will be downloaded from our servers if the Enable Extended Definitions Files *beta* option is checked.
As of this writing, over 50000 base definitions are applied and that number increases to over 70000 with that option enabled.
View the client documentation for more information on these protections
The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
these are the same protections as selecting the Default Protection plan in the CryptoPrevent client
CryptoPrevent Bulk Creator Email Settings Tab
Email Settings tab:
This tab is used to enable email notifications of alerts.
Alerts will be emailed using the provided credentials and options.
Settings must be specified for every option except for email subject line text.
Please note that Google will block external SMTP access unless you enable the “use less secure apps” option in your Gmail account settings.
This restriction applies to any software that uses Google’s SMTP access and is not specific to CryptoPrevent.
For example, Microsoft Outlook is affected by this as well.
Please ensure your settings are correct by using the Send Test Email button.
This tab contains various options relating to how the installer we provide functions.
Please note that it is not possible to uncheck the option to apply protection silently after Installation with the bulk edition of CryptoPrevent.
All installations with the CryptoPrevent Bulk client software silently apply protections
however, it is necessary to specify the /verysilent command line parameter to have a completely silent installation without the need of any user interaction.
Additional checkboxes are provided for options relating to automatically launching the tray app for notifications, creating additional shortcut icons, and automatic restart preferences.
Note: applying protections after install can take a long time depending on the system
you can check the task manager to verify when CryptoPrevent.exe
optionally you can check “Restart After Install” to ensure protections are set
by waiting for the system to reboot on its own after applying protections
This tab is used to submit your configuration to us.
We will build you an installer upon reception of your settings.
One of our staff will review each submission before completing your build.
Any information you may wish to communicate to us may be placed in the Notes for Installer field.
example: “This installer is just for testing”
The name, email, and password fields for the zip archive containing your .exe and .msi custom installer are all required fields.
The submission process requires access to port 465 for an SSL email connection, please ensure this port is open for CryptoPrevent if there is an error submitting your configuration.
Only one installer is included with your purchase
however, we do allow testing of your settings and will rebuild an installer for you if you encounter problems during this testing period
Note: test installers usually only include 1-2 licenses and we can add these back once you have completed your testing
Additional installers beyond the first one may be purchased for $25
by making a payment at the below link
using “Custom Installer” as the payment description
Please allow up to 24 hours for your installer to be built and delivered.
Normally this occurs much more quickly during our normal business hours, 0900-1800 EST Mon-Fri.
Our offices may be closed and our staff unavailable on weekends and many federal holidays observed by the United States.
Additional Notes on the Installer that is created:
Your custom installer contains your licensing codes.
You are not authorized to make your custom installer available to any third party or provide a public link to your custom installer.
Installations and licenses consumed by your custom installer are considered authorized by you.
You will be responsible for all usage of your custom installer.
If we believe your custom installer to be in violation of our licensing terms, we reserve the right to terminate the licenses and ban the associated codes.
For additional assistance, please send all communications to sales [at] foolishit.com or support [at] foolishit.com for the fastest response.
CryptoPrevent Applying Protections (Plan/Custom Settings) & Final Notes
Applying Protections (Plan or customized selected)
Once you have confirmed all your desired settings at this point, click the Apply Protection Plan Depending on the policy and number of protections selected, it may take several minutes to apply protections.
You may also be prompted to whitelist all executables located in locations that will be blocked.
Please ensure that your systems is malware free prior to installing CryptoPrevent and particularly prior to answering yes to the question about whitelisting.
After the settings are applied, you will be prompted to reboot.
There is no guarantee that protections will be enabled unless a reboot is performed.
After rebooting, please test all your applications and ensure that they function as expected.
If you note any problems you feel may be caused by CryptoPrevent, you can review the History tab and to determine what may have happened.
Remediation will include either whitelisting or alteration of protection settings.
If you need additional assistance or advice in that, please contact our Help Desk via email: support@d7xtech.com
CryptoPrevent About Tab
About tab:
This tab displays information about CryptoPrevent including its history, evolution, and honorable mentions.
CryptoPrevent Updates Tab
Updates tab:
Enable a daily update schedule
runs at the hour of your choosing or at a randomly picked time.
A button is provided for manually checking for updates. (made available if enable daily update schedule checkbox fails)
Additional hash definitions will be downloaded from our servers if the Extended Hash Definitions option is checked.
As of this writing, over 50000 base definitions are applied and that number increases to over 70000 with that option enabled.
Note this list is not as well vetted as the standard definitions and may result in false positives
CryptoPrevent History Tab
History tab:
The History tab logs information about CryptoPrevent activity either since:
the Previous Startup
for as far back as the Windows event logs happen to record.
Events will be created whenever either a software restriction policy is enforced or when either our program filter module or FolderWatch protection detects malicious software or activity.
The contents of each event may be useful for troubleshooting purposes and for getting the path information necessary to create a whitelist policy entry.
Event IDs
866
Software Restriction Policy Protection
10177
v7 Filter Module Protection
10188
v8 Beta FolderWatch
10189
v8 Beta FolderWatch HoneyPot Detection
36650
v8.0.0.0 + denotes protection via the source for the event
CryptoPrevent Program Filter
CryptoPreventFW
CryptoPreventHP
36651
v8.0.0.0 + denotes protection via the source for the event
CryptoPrevent Program Filter
CryptoPreventFW
CryptoPreventHP
36652
v8.0.0.0 + denotes protection via the source for the event
CryptoPrevent Program Filter
CryptoPreventFW
CryptoPreventHP
36659
v8.0.0.0 + denotes protection via the source for the event
CryptoPrevent Program Filter
CryptoPreventFW
CryptoPreventHP
CryptoPrevent Email Settings Tab
Email Settings tab:
This tab is used to enable email notifications of alerts.
Alerts will be emailed using the provided credentials and options. (Settings entered here are only available to the local system, this information is not transmitted or used by Foolish IT in any way)
Settings are predefined for Google’s Gmail service or you may specify your own SMTP settings.
Please note that Google will block external SMTP access unless you enable the “use less secure apps” option in your Gmail account settings.
This restriction applies to any software that uses Google’s SMTP access and is not specific to CryptoPrevent. For example, Microsoft Outlook is affected by this as well.
If you identify a file you know to be malicious, you may use this tab to select that file, compute its hashes, and potentially upload it to Foolish IT for further analysis and potential inclusion in future base definitions.
After browsing for a file, its hashes will be computed and compared against the internal lists.
You will alerted in red text if the hash is not already present in our definitions and, in that case, the hashes will be added if and when you choose to upload the file.
If you choose not to upload the file, you will need to manually add the hashes to your custom hash definitions in order to have that file blocked.
Similar to the whitelist and blacklist software restriction policies, our hash definitions also utilize lists to either allow or block a specific hash definitions, respectively.
Hashes are only used with the Filter Module and FolderWatch protections
The blacklist will only contain custom hashes and does not expose the hashes distributed with CryptoPrevent.
As with the blacklist policies, you may add your own to enhance the base level of protections offered. (Premium Only)
Changes to these lists take effect immediately after clicking the Save Hash Definitions File button.
The HoneyPot feature related to FolderWatch places numerous files around your PC to act as bait.
the root folder of each Protected location selected in the FolderWatch tab will be protected by the honeypot files
this includes any custom locations
honeypot files may or may not be visible in these locations depending on what hidden/system files you have shown
When activity is detected against these files, the HoneyPot feature will do everything in its power to prevent any further system activity, including:
slowing the system
only allowing it to be rebooted or shutdown.
When this feature is activated, the idea is that the system has been grievously compromised and your data is at risk from malicious activity.
As such, it is a “last ditch” effort to preserve your data with the hopes that only our bait files will be compromised and not any legitimate data.
Please use this feature with caution as there is the possibility of false positives due to the fact that any manipulation of the HoneyPot files will trigger our HoneyPot protections.
CryptoPrevent includes a program filter module that can either selectively block certain executable file types or indiscriminately block them.
Prevent Suspicious File Types
depending what is selected the .cpl, .scr, and .pif file types will check each files against our malware definitions and block them if a match is found
Suspicious will also use various logic for determining if that file type should be launched
various items like file location, naming convention and others are included in this logic
Always Prevent File Types
always prevent the execution of the respective file types
Notification prompt
these settings only pertain to the .cpl, .scr, and .pif file types for filtering
We recommend the default value of Message Box Alert for the notification prompt.
Program filtering for .exe and .com executables
always restrict exe or com files based upon hash definitions
CryptoPrevent Protection Settings->Software Restriction Policies->Maximum Plan Tab
The Maximum plan tab:
The following protect each of these locations from executable files:
CryptoPrevent Protection Settings->Software Restriction Policies->Default Plan Tab
The Default plan tab
The following protect each of these locations from executable files:
%programdata%
Windows Vista + OS
%programdata%\*.[executable extension]
%userprofile%
All Supported OS
%userprofile%\*.[executable extension] (does not include *.com extension)
For each actual user folder at time of settings being applied, a rule for that specific user folder is added ([user folder location]\*.[executable extension]
Protection plans are an easy way to apply sets of CryptoPrevent protections.
Minimal plan
includes all protections available in the original release of CryptoPrevent for blocking CryptoLocker and similar ransomware.
These are a bare minimum level of protections and may not protect against more modern threats.
Default plan
includes additional protections to prevent a wider range of threats.
More restrictive plans could impact software installations and this is the highest plan that should not interfere with that.
For this reason, we refer to it as the “set it and forget it” plan.
Maximum plan
includes additional protections that will block even more threats.
Please use this plan with caution as it has the potential to interfere with:
software installations
certain backup application that rely upon the bcdedit.exe utility
Extreme plan
enables every available protection feature, including those considered “beta”.
This plan has the potential to block legitimate software from running.
Please test in your environment with these settings to determine if they will negatively impact the use of your PC.
Custom settings
when settings do not specifically follow a predefined protection plan.
A general guideline would be to start with the Default plan and check any additional protections that you are able to tolerate in your environment.
Testing should be performed whenever changing protection settings.
Testing involves applying the settings you wish to test, rebooting when prompted, and then trying out all your existing software for expected operation.
Enable Active Protections
includes master check boxes for active protections beyond software restriction policies.
Use Protection Plan Settings
checked means the two sub-items will follow selected plan recommendations
this box will automatically uncheck and the plan setting will be changed to custom if either of the two sub-items are changed
FolderWatch (real-time)
FolderWatch is a new protection feature in CryptoPrevent v8
allows for specified folders to be monitored for items that match the loaded hash definitions list (including custom added ones available in the premium version)
allows for HoneyPot Detection (Premium Version feature) to protect the selected locations as well
see more details about these items under the Protection Settings tab individual descriptions in this documentation
checked means the protections and folders under Protection Settings tab->FolderWatch tab and Protection Settings tab->FolderWatch HoneyPot tab will be protected and enabled by the FolderWatch service
unchecked means this protection will be disabled and the selected locations/enabling HoneyPot Detection will be irrelevant
Kill Apps Now button
CryptoPrevent includes certain features from Foolish IT’s next generation PC technician productivity tool, called d7x, which is currently in development.
will close all running non-essential applications.
Please be aware that using this option will not prompt you to save any work and will forcibly close running windows.
CryptoPrevent QuickAccess (Premium only feature)
a notification icon that will appear in the system tray when enabled
exposes CryptoPrevent functionality to the user without the need to open the entire user interface.
will also pop up with notifications regarding CryptoPrevent activity.
Note: this tray should be enabled when using FolderWatch HoneyPot Detection to alert the end-user when detection has occurred (otherwise the system will shutdown without warning)
Apply Protection Plan button
Available on all tabs
this button applies the currently selected plan and protections enabled under the Protection Settings tab
Be sure to use this button when changing plans or after all individual settings have been customized as you want to have applied
Test Protection button
currently tests only the protection location of %appdata% (which is enabled on all plans except None)
indicates mainly if the Software Restrictions Policies have been enabled and have taken effect
this will not test other locations, the filter module protections or FolderWatch protections
CryptoPrevent Client Installation
Installation of CryptoPrevent is carried out with very few steps: (Note: Bulk/White-Label Client installation may vary slightly from the below)
Extract the ZIP archive downloaded from our site to a location of your choosing and make note of the location. This file contains the installer/setup routine for CryptoPrevent.
Launch the installer executable file from the above location.
Click next.
It is not possible to proceed without accepting the license agreement and clicking next.
Choose whether or not to create a desktop shortcut and click next.
Click install to initiate the installation.
Click finish to close the installation and launch CryptoPrevent. Uncheck the box shown if you do not want to configure CryptoPrevent or apply protection.
Note: CryptoPrevent will not protect your PC just by installing it. It is required that protections be reviewed and applied for CryptoPrevent to start working.
You will be asked if you are in possession of product key for the purposes of enabling all premium features. If you have purchased and received an email containing your key, please choose yes.
Copy and paste your product key exactly as you received it and click ok.
You will be asked if you would like to schedule daily updates. You may either choose to do that with a random time or you may opt not to and select a time of your choosing at a later time.
Click ok to proceed to the main interface.
CryptoPrevent Subscription License
License Term: 1 year included. The license term is extended for 1 additional year beginning with each successful subscription renewal (billed automatically.)
Subscription Renewals: Renewals occur annually from the date of original purchase (note this is not necessarily the date you may have initially activated the software and licensing term.) Renewals are automatically charged at each annual billing cycle, unless the subscription is cancelled prior to the next billing date. Automated renewals are charged to the same payment method used during the original purchase, unless the payment method is modified prior to the next billing cycle (you will receive a link in your purchase email to modify your payment method on file as necessary, as well as a notification should the payment method expire prior to your next billing date.) You will be notified automatically by our billing system on or before the anniversary of your original purchase about the pending subscription renewal and charge. It is the responsibility of the subscriber to cancel any subscription prior to the billing date.
As a valued customer, your current rate will NOT be subject to any future pricing increase, so long as your automatically renewing subscription plan remains active!
Subscription Cancellations: You may cancel your subscription at any time to stop automatic billing (a link will be provided in the notification email received prior to any pending subscription renewal, or you may contact us for assistance as necessary.) It is the responsibility of the subscriber to cancel any undesired subscription renewal prior to the next billing date in order to avoid charges.
Please note that cancellation of your automatically renewing subscription will result in termination of user support as well as product and definition updates after the included term expires (which is 1 year from your last successful purchase/renewal charge.)
If your subscription is cancelled, you may purchase or resubscribe in the future, but you are NOT guaranteed the same or similar discounted subscription rate, as product prices may increase in the future to both new and existing customers not locked in to an automatically renewing subscription.
CryptoPrevent Fixed Term License
License Term: Available in 1, 3, or 5 year terms. You may be notified about the pending expiration of your license term, at which time you will be provided options to purchase a new license term.
CryptoPrevent License (All Purchases)
License Term: Term begins at ‘initial software activation’ which occurs during the very first software installation by using the installation key provided with the purchased license.
Product and definition updates are provided only within the purchased license term (this applies to both automated as well as manual mechanisms.) Product and definition updates for the CryptoPrevent software include new features/functionality (and any necessary bug fixes) for the application/program binaries (the CryptoPrevent software itself) as well as malware “definitions” (used by the software) for detection information on newly discovered malicious threats.
User support is provided within the purchased term through our email support system for the CryptoPrevent software only.
License does NOT include user support or product and definition updates beyond the license term purchased. In order to continue receiving user support or product and definition updates beyond the purchased term, including newer program features and functionality released after your purchased license expires, you must purchase a new license to obtain a current version of the software.
Additional terms are applicable (e.g. you can’t steal it, resell it, distribute it to torrent sites, etc.) and are available for review in the store’s general Terms and Conditions page.
Will CryptoPrevent protect me against everything or is there more I need to do?
Short answer is “No, there is nothing that will protect you in all cases.” Malicious software is forever evolving, and it will always be a cat and mouse game with both sides playing ‘catch up’ no matter which side of the situation you are on.
CryptoPrevent is a securitysupplement, filling a need where other solutions fall short, however it is not a replacement for anti-virus software, firewalls, or other security solutions, nor does it render backup software or user education useless. As a company composed primarily of experienced professionals from the PC repair industry, we believe strongly in a layered security approach, combined with comprehensive backup software that is tested regularly, and user education focusing at a minimum on safe web browsing and email usage habits.
d7 Premium (Free License) Offer and Service Limitations
In addition to the standard Free Software Agreements, d7 Premium is subject to the following service limitations:
We’re sorry if you missed it, but our Christmas 2015 offer for a FREE copy of the original d7 Premium has finally expired as of October 27th, 2017.
This is the final version of the original d7 line (v10.4.35 released Jan 2014) and is provided “as-is” with no updates to be released for any reason (including but not limited to feature improvements or any functional issues)
There is no included product or other related support provided for these free licenses. Paid supportmay be provided on a case by case basis, but cannot be guaranteed due to certain technical limitations with the final version of d7
At no time will the “dCloud” service (for online configuration storage and the dCloudLauncher tiny remote deployment package) be included with or provided to these free licenses, as new server resources are dedicated to these capabilities for d7II subscribers.
You may however, with this license, host your own FTP service for the functionality it provides with d7.
If you’re interested in more, every d7II account includes cloud server access, but perhaps more exciting is our planned d7x administrative and server-side components!
All functionality will be unrestricted as-is, with some exceptions in behavior related to the “Registration Name” required for use with your unique product key, and provided in the email with your product key.
The registration name is required to appear in the titlebar of any copy of d7 Premium, and normally it would uniquely identify an IT provider who owns the license, however in this case it is required to identify our website.
This registration name may also appear in other areas of d7 Premium.
Beyond the registration name limitations, you are free to ‘brand’ d7 Premium with your own company name (using the custom title bar/app name text) and any supported logos that you wish to use.
Altering the name will invalidate the product key and license.
Free Software Agreement
Software advertised as “free” on this website is intended as free for personal as well as commercial usage, unless otherwise specified on the product page itself (where it would typically involve some extended functionality labeled as a ‘premium’ feature, or possibly where commercial functionality or support is desired.)
All free software on this website is distributed “as-is” with no warranty or guarantee of any kind; this includes product support as well as any compensation monetary or otherwise for any damages resulting from the use or misuse of this software.
See the inserted EULA.txt or product Info.txt file within the product download for the full end user license agreement.
All Sales and Promotions
Current sales and promotional pricing does not apply retroactively, so refunds or credit cannot be given on any past or future purchase as completed outside the time frame of any current sale or promotional pricing.
All sales and promotional pricing for subscription based products apply to new customers in their first year of subscription service and does not include any recurring payments, unless otherwise specified in the terms of the sale advertisement.
I may already be infected, will this help? (and where can I find reputable PC repair services?)
Unfortunately CryptoPrevent is only designed for malware prevention, and cannot help if you are already infected, at which point you should seek help from your local or remote PC repair specialists.
If you don’t know where to turn for help, consult our new Tech Directory!
Background: We at Foolish IT have been seeking a way to help our customers when they need local or remote repair/malware removal services, because frequently customers end up here after they are already infected. As this site hosts a lot of PC Technician related software, also frequently people will land on this website searching for answers in fixing other PC issues.
In order to stock the database, we’ve recently reached out to our technician clients who use our flagship d7II: PC Productivity Software, the best tool in the industry for PC Repair, Malware Removal, and workflow automation, to invite them to sign up for approval to appear in our Tech Directory.
All PC Repair shops, Technicians, MSPs, and other IT Service Providers who use the best tools in the industry also receive current and regular or on-demand training from our staff. While our training is first provided to ensure the tools are used accurately and efficiently, to produce the best and most consistent results, we also provide continuing education courses in malware removal and other repair tactics as well. We want to ensure our technician customers are getting the best possible result, and that means ensuring that their customers (you) are happy with the work!
While it is just getting started, so there may be very few entries in the list especially for someone local to your area, some of our listed businesses will provide Remote Support services and can possibly remotely assist you with your issues right now! So visit the Tech Directory today!
CryptoPrevent Software License Terms
CryptoPrevent License Terms (All Editions)
Usage of CryptoPrevent for personally owned systems allows up to five installations (1 installation=1 PC) per license
Usage of CryptoPrevent in any business or commercial environment requires one license per installation (per PC.)
You may NOT distribute the CryptoPrevent software (unless explicitly licensed for resale) or disclose purchase details including any license or registration information to anyone outside of your household residence (home use license) or business employment (if licensed for a commercial environment.)
You may NOT redistribute the registered version of this application to any 3rd party torrent/download sites, etc., however you may host the application on your own web space for the sole purpose of providing it for your own usage (and the usage of your employees if licensed for a commercial environment.)
Any use of this software requires that the user agree to the terms and conditions as presented here and during any installation/usage of the software, whether that user agreed to the terms or is acting on behalf of a user who agreed to the terms.
These terms come with no warranties or guarantees of any kind, and the user of this software shall bear sole responsibility for any resulting damages in the use or misuse of this software.
Bulk/Resale Edition License Addendum
Installation of the CryptoPrevent Bulk/Resale Edition in ANY environment requires one license per installation (per PC.)
Resale is only applicable for the sale to an end user.
Once a license has been utilized; it cannot be reclaimed and is non-transferable from the PC it was installed on.
Unlimited Edition License Addendum
You must maintain sole possession of your Unlimited installer, this installer is only for your installation purposes it may NOT be distributed to any 3rd party. The client license is the only item that is resalable under terms, not the installer.
If you would like to have installers you may distribute: you must contact us to create an installer of a limited number for that specific distribution and charges may apply for the creation of installers.
Resale of Unlimited to another reseller or distributor is strictly prohibited, Resale is only applicable for the sale to an end user
d7x Software Agreement and License Terms
d7x (d7II) is a Subscription Service
d7x (and d7II) software is licensed as a subscription service, with variable pricing based on the number of technicians using the product. The software subscription will automatically renew on a recurring billing cycle, to be determined by the chosen subscription term and the original pricing agreement for subscription term renewal; this means your original payment method will be charged on the anniversary date of the original purchase for the originally agreed upon rate.
Note that you will be required to agree to the terms of this purchase prior to payment, not only here at the merchant (Foolish IT LLC) website (foolishit.com) but also at the secure pop-up from our payment processor during checkout, and that they have the right to charge your account on a recurring basis according to the specific terms that you agreed to for the product you are purchasing. Older subscriptions using Paypal will have also agreed to their terms on their website, where payment is processed on our behalf. Paypal includes their own terms which state that you agree that Paypal has the right to charge your account on a recurring basis according to the specific terms that you agreed to both here and at their site during checkout.
Any subscription may be cancelled at any time without disruption in service for the remainder of your subscription term, however no refunds will be given for automatic renewals.
If you do not agree to the automatic recurring billing of a subscription license, you may opt for our d7x Fixed Term Licenses. Fixed term licensing allows you to ‘opt in’ for a renewal at every recurring billing cycle, in order to keep your license active. Fixed term licenses do NOT ‘lock in’ the annual licensing rate, which is subject to the current pricing agreement and terms for manual license renewal at the time your renewal is due.
Sales and promotional pricing for any subscription product will only apply to new customers in their first year of subscription service, unless otherwise specifically specified in the terms of the sale advertisement.
Scope of d7x (d7II) License
d7x (d7II) subscriptions are licensed per technician, and an active subscription is required for both licensed usage and updates. Failure to maintain an active subscription will result in revocation of your license and usage rights.
As an active subscription holder, you and/or your employees are free to use the software on as many computers as is necessary, apply your own company brand to the application where possible, and charge your clients a fee for it’s usage as you see fit.
You may NOT distribute the software or disclose purchase details including any license or registration information to those outside of your employment, including contract companies or employees (even when presenting the original company’s ‘brand’ and logo to the customer. Anyone outside of your company’s direct employment must obtain a separate software license for usage in their own name.
You may NOT redistribute the registered version of this application to any 3rd party torrent/download sites, etc., however you may host the application on your own web space for the sole purpose of providing it for you and your employees usage only.
Any use of this software requires that the user agree to the terms and conditions as presented during the initial registration of the software, whether that user agreed to the terms or is acting on behalf of a user who agreed to the terms.
These terms come with no warranties or guarantees of any kind, and the user of this software shall bear sole responsibility for any resulting damages in the use or misuse of this software.
All Software Downloads Requiring Email Signup
We wish to keep our users informed on important developments related to our software, such as CryptoPrevent, so we ask that you give us a valid email address for important future announcements from our Foolish Newsletter.
After submitting your email address, you will receive two emails from us. One contains your download link, and a second is an ‘opt-in’ email, confirming that you wish to receive our Foolish Newsletter for related important announcements. (See pic below)
You may ‘opt-out’ by simply ignoring the ‘opt-in’ email.
As you MUST confirm the subscription by clicking the button in the email you will receive, simply ignoring this email is all that is necessary to avoid occasional important announcements.
We do NOT use your email for any other purpose, nor will we ever give/lend/lease/sell it to any third party!
We realize some may refuse to share your email address with us, and while we understand (we mostly feel that way ourselves as consumers) we ask that you keep in mind our intent. We did after all develop the software you came here to install on your PC. All of our software is either designed to prevent malicious damage, or to repair that damage. It would stand to reason that we would not go against our purpose to disrespect your email privacy.
You may also choose to download our software from 3rd party download sites, such as Majorgeeks!
All Purchases
All sales are final, no refunds or exchanges.
A subscription may be cancelled at any time without disruption in service for the remainder of your subscription term, however no refunds will be given for automatic renewals.
Terms and conditions are subject to change at anytime without notice.
Governing Law / Jurisdiction; Dispute Resolution
You agree that all matters relating to your purchase or use of software, including all disputes, will be governed by the laws of the United States and by the laws of the State of North Carolina without regard to its conflicts of laws provisions. You agree to the personal jurisdiction by and venue in the state and federal courts in Guilford County, North Carolina, and waive any objection to such jurisdiction or venue.
Does CryptoPrevent work on Server operating systems?
Yes it is compatible, just like a workstation OS. We would highly recommend installing it on a terminal server.
Otherwise it is actually pointless to install CryptoPrevent or other CryptoLocker prevention rules on a server OS, as it is usually company policy that employees do not check their email from the server, or browse the internet, etc. There is no other reason that malicious files would be executed from the server itself, if no one uses it as if it were a workstation. What then would be the purpose of installing the protection on the server?
The best way to protect a server from CryptoLocker is to protect the workstations. Even with CryptoPrevent installed on the server, if a workstation with a mapped drive gets infected, any data on an open network share is still compromised!
Does CryptoPrevent work with my existing Anti-Virus / Anti-Malware software?
Yes! CryptoPrevent should co-exist peacefully with your existing security software. There may from time to time be some minor issues, and they will be outlined on the Troubleshooting page.
Does my existing Anti-Virus software protect against this threat?
We cannot answer that. Your existing Anti-Virus protection is only as good as the latest definition files, and I can’t tell you which products on the market are confirmed to protect against this threat.
What I can tell you is that there is NO Anti-Virus software on the market today that provides the same type of protection that CryptoPrevent provides, it works in an entirely different manner.
Since the two can co-exist on the same PC peacefully, and CryptoPrevent’s protections do not utilize any system resources, why not utilize both methods of protection?
Will this protect against other malware?
YES! A LOT of trojan based malware out there utilizes the same infection tactics and launch point locations as CryptoLocker, therefore CryptoPrevent will protect against all malware that fits the same or similar profile and behavior. Additionally new SRP rules to the existing protection system, plus new protection types (and definition updates) integrated into CryptoPrevent v6/v7 (and another coming soon in v8) will stop far more malware than just ‘crypto’ style ransomware!
You released a new version. Should I update, and how?
YES! You should periodically check for and update to the latest version using the program’s update function to stay current with the latest methodology in preventing current malware.
This process is entirely automatic for users with a purchased license (which includes automatic updating functionality) however the free edition available in older versions of the product can only update to CryptoPrevent v9.1, the last version in which the free edition was available.
After update it is then necessary to re-apply the protection to your system. It is not necessary to undo the previous protection in place before doing this, or even to uninstall the app before updating.
Where is the free edition?
CryptoPrevent’s free edition is a stripped down version of CryptoPrevent which includes the original SRP based protections, but excludes the FolderWatch and HoneyPot protections, and excludes all of the additional functionality such as the tray icon, email alerts, maintenance features, and of course automatic updating of the software and definitions. With the release of CryptoPrevent v9.1, the free edition no longer allows any updating, even when performed manually.
You can still obtain the free version of the latest CryptoPrevent by removing your old versions and installing the latest version. You can download the latest CryptoPrevent to the right.
An existing installation of the free edition can be updated to the latest version at any time (without losing your pre-configured settings) by purchasing a license. After purchase you can simply copy and paste the product license key into the software; we’ll send you that automatically after purchase!