SBGuard Anti-Ransomware is a one-click malware blocker
Australian backup vendor Sydneybackups has released SBGuard Anti-Ransomware 1.3.0, claiming it "protects your Windows PC against all known Ransomware malware, such as CryptoLocker, CryptoWall, TeslaCrypt, CryptoXXX, CTB-Locker, Zepto and many others".
How does it work? According to the developer, the program "injects a large number of restriction mechanisms and modifies some core Windows components to prevent malicious behaviors and executions".
It seems to us that’s a description more designed to impress newbies than provide any useful information, but we decided to take a look anyway.
The program is simple and lightweight. There’s no bulky Settings dialog, no resource-heavy background process -- just an "Enable Protection" button to lock down your system, and a "Disable" button to turn the protection off.
If you do risk enabling protection, we don’t think the program does any "injecting" or modifies any system files. Instead it seems to change various system permissions and policies, in particular preventing software launching from unexpected places.
This isn’t a new idea, and the good news is it will block at least some ransomware, as well as many other threats.
The bad news is that it will also conflict with some legitimate software. The developer warns of this, saying:
Important: SBGuard Anti-Ransomware could block legitimate programs from installing. It is recommended to disable protection before installing new Windows applications and then re-enabling it back after.
Unfortunately, this may not be enough, and the program could still cause other unexpected and hard-to-diagnose issues. For example, on our test PC password manager Norton Identity Safe wouldn’t open when SBGuard’s protection was enabled, complaining of a "network error".
Overall SBGuard Anti-Ransomware isn’t for security beginners, but if you’re more experienced, ready to handle any problems and would like to see if it’s doing anything new, the program could be interesting.
SBGuard Anti-Ransomware is a free package for Windows Vista and later.