CryptoPrevent v8.0 requires the Microsoft .NET Framework 4 Client Profile.  This is available for Windows XP SP3 to Current versions of Windows (Vista, 7, 8, 10) and is normally available through Windows Updates if it is not already built into the OS as it is in later versions.  You can also download the client profile here if you would like to manually install it.

Both CryptoPrevent v7.x and v8.x function on all versions of Windows (Windows XP will require Service Pack 2 to be installed) however the Program Filtering (“BETA” protection in v7.x) requires Windows 7 or above in order to be enabled.  On versions below Windows 7 the Program Filtering setting is unavailable.

Error:  (All Versions)  Unable to execute file in the temporary directory.  Setup aborted.  Error 5:  Access is denied.
This error is usually caused by existing anti-virus or security software.  We received confirmation that ESET Smart Security (with HIPS enabled) will cause this issue.  The resolution is to temporarily disable the HIPS component prior to installation.  There may be other security software with the same or similar issue but that is unconfirmed at this time.

Please see this document prior to performing your upgrade installation!

Cannot send email with Gmail  –  Please see the Email section of the Foolish IT Software FAQ

CryptoPrevent Email Setup FAQ

Why does CryptoPrevent need my email password?

While CryptoPrevent can send email TO your specified address, it also sends that email FROM your address, and in order to send email from your email address on your behalf, it needs your password.  This is because CryptoPrevent (or any program that sends email for that matter) needs an email (SMTP) server in order to send email, and it is expecting to use YOUR server, NOT MINE.  For this reason, CryptoPrevent needs both your email address (which is your server login) and your email password (again, also required to login to your server.)  By YOUR server I mean the server provided to you by your email host, e.g. Gmail, Yahoo, Hotmail, your ISP, or whoever provides your ‘domain’ (the @whatever.com part of your address.)

Why do you not provide an email server for CryptoPrevent to use?

There are several reasons.  First and foremost, SPAM.  My particular email server at my web hosting company is shared, and has had issues lately with being blacklisted for SPAM (though not from my domain – it’s someone else – but it affects me as well.)  So some of the major SPAM services like SORBS and SpamCop may from time to time blacklist that email server temporarily, until my web host can find the spammer, resolve the issue, and dispute the blacklisted entries with these respective companies.  During that time, many email providers who use these various SPAM services will reject emails sent from my particular server’s IP address — and if CryptoPrevent’s emails aren’t getting to you for this reason, then the feature does you no good!  For another thing, I’ve had reports that the server may get overloaded at times and automated emails may be delayed up to 12 hours from the time they are originally sent for whatever reason, again this does you no good if you don’t receive the alert in a timely fashion.  For these reasons I made the decision to NOT use my web host’s server, and require that you use your own email provider’s server for CryptoPrevent’s email capabilities.

Where is my password stored?  Is it ever transmitted anywhere?

No, I do not receive your email password in any way, shape, or form.  The password is used only to login to your email (SMTP) server in order to send the email to you.  The password is stored in your Windows Registry, specifically under the HKLMSoftwareFoolish ITCryptoPreventEmail Setup key, where it is encrypted so it is not legible to the naked eye, and will appear to be a big jumble of characters.

Can I use another email provider other than Gmail?

Yes, but you will need to use the Advanced settings to configure your email provider’s SMTP server.

Is TLS encryption supported?  (Updated 10/12/14)

YES!  Version 7.3.x and above support TLS encryption in SMTP server settings!  In prior versions, only SSL is supported.

My Gmail account doesn’t seem to work with this app, got any ideas?

Please see the Email section of the Foolish IT Software FAQ

See All FAQs and Terms (Quick Links) for links to all FAQs including purchase terms, free software agreements, and software licensing terms.

A note about Anti-Virus detections

Sometimes our software can be falsely flagged as a ‘threat’ by some Anti-Virus, Anti-Malware, etc. security software vendors.

Read more about Anti-Virus Detections (False Positives) on this page, which includes external links to submit “false positive” detections to most security software vendors.

Email  (Troubleshooting Gmail Issues)

My Gmail account doesn’t seem to work with this app, got any ideas?

Be certain to include the domain name (e.g. @gmail.com) in the email address field.

Enabling the “less secure application” feature may help:  https://www.google.com/settings/security/lesssecureapps

Two factor authentication can complicate things as well, and when using this you will need an “application specific password” in order to connect properly to the server through this app.  Learn more and obtain application specific passwords here:  https://support.google.com/accounts/answer/185833?hl=en

We have also had reports that Gmail will sometimes block what it considers a ‘suspicious login’ and that it should alert you of this the next time you login to the webmail interface.  I haven’t personally experienced this nor am I certain if there is a way to tell Gmail that your login isn’t ‘suspicious’ — but if anyone encounters this issue I would appreciate a screen shot of the message and if possible, a quick how-to on disabling this alert and hopefully allowing the app to send email.  Note that Gmail may not offer you the option to allow ‘suspicious’ logins, especially if they are constantly coming from different IPs in different geographic locations.

Digital Signatures and User Account Control

Most if not all of our applications are digitally signed!  A digital signature is what is displayed in User Account Control pop-ups requesting admin rights prior to running the apps.  There are two issues that one may discover that is caused by this setup.

1.  On some systems the signature was not correctly recognized as a trusted publisher, invoking the yellow warning “User Account Control” box and displaying “unknown” as the publisher.  This should no longer be an issue; several years ago we moved to Digicert from StartSSL for our code signing certificates, which should be supported on all modern platforms “out of the box” and without update.

To resolve the issue, be sure and install the Trusted Root Certificates update from Microsoft/Windows Update.  If this does not appear in the updates list, you may manually download and install the package directly from Microsoft HERE for Windows XP.  Alternately, visit  which will prompt you to download the appropriate cert, open the file and select Install.

1.  As a PC Repair business customer, one might expect the ability to fully brand a “White-Label” application with your business logo and details.  Unfortunately this is only partially true, without a lot of effort on your part.  The issue does not affect only our software, as the trusted publisher information appearing on the UAC prompt of ANY application cannot be altered, except by “signing” the executable with a new digital signature.  Otherwise UAC would be a pretty pointless feature, as all manner of malware could disguise itself as legitimate applications!

So how do you re-sign the executable with your own digital signature, specifying your own company name?  Well the process is fairly complicated, and involves obtaining an identity verification from a trusted certificate authority, such as Comodo, Verisign, or StartSSL (which I personally used the latter as it was far less expensive.) Digicert, which we currently use.  The process of obtaining identity verification, a digital code signing certificate, and applying that to the executable is outlined in my blog post Digital Code Signing – What a Chore!

Anti-Virus/Malware/Security Software and “False Positives”

Please note that our software here at FoolishIT.com (as well as software from other reputable vendors such as Nirsoft.net) will trigger a certain amount of ‘false positive’ alerts with various anti-virus or anti-malware software.  This is to be expected depending on the nature of the product, and tends to happen with software vendors that create powerful tools (like some of ours which are used by PC technicians in the repair industry.)

This causes major headaches especially for small developers like ourselves (terminology borrowed from Nir Sofer’s blog post from 2009) who do not have the notoriety, influence, or gangs of attorneys waiting and working to ensure our reputation isn’t damaged by careless Anti-Virus/Anti-Malware software vendors.  Often aggressive heuristics and even definition releases flag our PC technician software in particular, which is very powerful with many capabilities and features that do access and alter Windows files and configurations but of course only for repair (and tweak) purposes.

Scroll to the bottom of the page for external links and resources!!!

The first type:  “Infected”

Often these ‘false positives’ directly state the file is infected, typically with something ‘generic’ in the name.  Many times this is due to the software compression applied to the executable (program) file, in order to reduce file size and perhaps to help make the software “portable” (meaning it doesn’t require ‘installation’ on a PC, but can run from wherever you downloaded it to.)

Tools used to compress executable files (aka ‘exe packers’ or similar) can greatly reduce file size, saving space but also internet bandwidth in distribution efforts, ultimately reducing overhead costs.  They can also obscure source code that is visible (using the right tools) inside the program, providing protection against decompilation and other techniques of ‘reverse-engineering’ the software, which software crackers would use in theft of the product, such as ‘piracy’ (through usage and/or distribution) but also with theft of the intellectual property itself by direct source code reproduction.

Of course, the above also makes it more difficult for an Anti-whatever vendor to make a determination about the software’s intent – more often than not they don’t care to properly unpack and examine the executable, but rather mark it as malicious simply because that type of compression is detected.

The second type:  “Potentially Unwanted” (or similar)

Another ‘false positive’ is what the Anti-Virus or Anti-Malware vendors DO NOT consider a ‘false positive’ but rather an intentional but ‘potentially unwanted’ program (or using similar terminology) while the text DOES NOT mention an ‘infection’ in any way.  The alert box presented to the user also generally appears as if it were an infection however, using the same BOLD/RED text or other scheme as they do with real infections.

The problem is that some software, while NOT being used maliciously, COULD be used maliciously, depending on the user of such software…  The Anti-whatever software doesn’t know that YOU are trying to USE it, it just knows that it could be used by an attacker maliciously and without your knowledge.

Almost always Anti-whatever vendors will make the default (or ‘recommended’) action to stop/block/quarantine/remove the software, even when it is quite harmless.  This can be bad for a number of reasons, such as by letting the Anti-whatever do it’s thing to ‘protect’ you, it just might damage the legitimate installation beyond a clean removal, possibly impacting your operating system negatively in some way.  Depending on the software, it may be better to uninstall it the proper way.

There are really too many variables in the determination above to explain here, so don’t take our word for it because we aren’t giving it (we don’t know what you’ve downloaded either) but we know that the Anti-whatever software isn’t taking those variables into account, in fact they ignore them completely.  Only an informed ‘you’ can and should make that decision!  So if you are unsure, think about it, search the web carefully for more information, and finally call a local professional for help if that doesn’t work.

Either way it is always better to pay attention to the terminology and make your own informed decisions!

If you are receiving a detection with our software:

We’re not saying our software is immune to infection, rather due to the nature of our software it is often flagged as malicious, or “potentially unwanted” programs.  Rarely do security software vendors explain what they consider “potentially unwanted” to their customers, specifically not differentiating this category properly from actual threats, which can be seen in various indicators and reports from within the program’s interface.  It is also inevitable that some real threats are introduced to these “potentially unwanted” categories, for one reason or another, creating further confusion.

If you believe our software is potentially infected, please visit www.VirusTotal.com and upload our software for review.  Please understand however that the results are not fact, and you will likely see false positives here!  VirusTotal.com (now Google owned) is a mass virus scan engine designed to use a large variety of security software scanners from various vendors, and it is the very thing we’re talking about here!  As such, it is important to realize that if one should not use the results of a the scan to determine an actual infection.  The results are however a good indicator, as a high number of detections from vendors may reveal an infection, whereas a low number suggests a false positive.

We also strongly encourage you to consider submitting a “false positive” report to the vendor.  Typically the software allows submission of the detected samples along with gathered information for review.  If this option isn’t available, please fill out a false positive submission with the vendor.  You can find links to various vendors’ false positive submission forms below.

For large security software vendors, it may take many false positive submissions before they are noticed and can invest their time and resources to investigate.  Additionally, new versions of the same software often trigger the same or completely new detections, so they must be submitted again in the same way that previous versions of the software were reported.

Simply put, do not assume that someone else did it.  Numbers matter, so the more people who help in submitting false positives, the sooner they can get these issues resolved.  Your help will always be appreciated in this effort!

Known False Positive Submission Links:

If any information in the list is incorrect, please let us know!

• Avast (email only)
• AVG (20MB file limit, else use this email and compress it with a password.)
• Avira (or this email)
• Bitdefender (also this email, and the Emsisoft forum is another option (free account/login required.)
• ClamAV (or this email; uses Immunet Protect definitions)
• Comodo (or this email)
• Emsisoft (or the Emsisoft forum)
• Kaspersky (or this email)
• McAfee (email only)
• NOD32 (email only)
• Panda (or this email)
• Sophos (or this email)
• Symantec
• Trend Micro
• Vipre (or this email)
• Windows Defender (or this email)
• If your product is not listed here, a more comprehensive list with links is available on techsupportalert.com.

* Please realize that any request or submission does not guarantee any vendor will fix a false positive.  As an example:  some of our software has the capability of retrieve the Windows product key, used to install Windows on a PC – which could be used for legitimate or illegitimate purposes.  For this reason certain detections will likely never be removed, though some vendors may opt to downgrade their classification of the ‘threat’ to their ‘potentially unwanted programs’ category.  Nir Sofer’s blog post from 2009 shows us this isn’t even close to being a new phenomenon, so as we constantly fight these battles with “big a/v” we’re not expecting to win the war anytime soon…

CryptoPrevent IS a robust anti-virus/anti-malware software supplement, filling a huge gap that exists with traditional security solutions to provide protection against a growing multitude of new and emerging ransomware and other malicious software threats.  CryptoPrevent is NOT a replacement for anti-virus software, firewalls, or other security solutions, nor does it render backup software or user education useless.  As a company composed primarily of experienced professionals from the PC repair industry, we believe strongly in a layered security approach, combined with comprehensive backup software that is tested regularly, and user education focusing at a minimum on safe web browsing and email usage habits.

There is no software that will protect you in all cases.  Malicious software is forever evolving, and it will always be a cat and mouse game with both sides playing ‘catch up’ no matter which side of the situation you are on.  

That being said, there are more steps you can take to protect yourself even further, and to easily recover when something does slip through various defenses:

1. Backups – This is one of the most important steps you can take, and the most often overlooked or incorrectly implemented.  There are many options, so some personal research will need to be done to learn what best suits your particular needs, lifestyle and price point. Windows includes it’s own backup utilities (in later versions more than one, though not always easy to find or implement) and there are many 3rd party vendors offering solutions as well.  If you would like more assistance in choosing a solution, we would recommend contacting one of the qualified technicians in our Tech Directory.

A major issue with implementing backups is periodically verifying that they work as expected, including restoring the backed up data.  You must ensure your backup processes are working as intended in both backup AND restore operations, and you will appreciate having the knowledge and experience to restore data from them in a time of crisis.

Finally, it is also important to have multiple backups and even multiple locations to store them.  If you have backups stored on your system, ransomware can attempt to encrypt these as well, so disconnecting external drives containing backups and/or having offsite or secure cloud based backups is highly recommended.

2. Active/Updated Anti-Virus Software – CryptoPrevent can provide very effective protection for your system, but it is not a replacement for having active and current anti-virus software!  CryptoPrevent is designed as a supplement to other existing forms of security software, and uses several methods of protection that are very different from traditional anti-virus software; that being said, it is not designed to replace the traditionally proven forms of protection.  Consult our qualified technicians in the Tech Directory for additional support on choosing the best option for you.

3. Network and System Level Firewalls – Having firewalls at both the point of entry/exit to the internet as well as on the local systems themselves greatly increases your chances of preventing malicious attacks.  Most routers and even Windows itself have firewalls built in and enabled by default and should be left on!  There are also 3rd party options for firewalls at both the network and local system level that can greatly improve protections beyond the capabilities provided by most home routers and software firewall abilities.  Again consult our qualified technicians in the Tech Directory for additional support on choosing the best option for your environment.

4. Network Share Permissions – Most ransomware will try to encrypt files inside shared folders it may find on your network.  You can limit damage with network permissions for access control, by restricting write access only to users and groups who absolutely need it.  Anyone needing to access files in these locations can still do so with read-only access, but they could not modify the files; a protocol can be established for submission of the files to read-only shares by users without the write access.  Note this would not be a convenient or effective option in large environments or anywhere shared access to data is required in real-time.

5. User Education and Safe Internet Practices – When it comes down to it, this is by far the best protection against malicious infections of most all types. Especially when combined with CryptoPrevent and the above items, this knowledge will prevent a large majority of infections.  If you manage a group of users it is very important and in some cases a requirement to make sure they are aware of this information as well.

There are many items this topic will encompass, and many details for each; we can only cover a few in this FAQ, but some of the most important ones are:

There are many more safe practices to learn and good habits to develop!  To learn more, you can consult a qualified technician in the Tech Directory for additional information on ways to stay safe on the internet and protect yourself.

We recommend our Tech Directory so highly because these are technicians or shops that subscribe to our flagship product d7II.  By using this product they are in our eyes highly qualified technicians already, and should be able to assist you easily in any of the above items. We are also more than happy to help where we can, but please remember we are mainly available to support our products and not to provide broad and general technical support. We feel this is best left to the professionals in our Tech Directory!