On my Win 10 system new folders are created automatically by some hidden process. The folders are created in the Documents folder and also in the root folder on the hdd.
Also in some other folders theese folders appear. The names consist of some letters and often 2 figures. In the folders there is always appr. 10 files, *.docx, *.doc, *.xlsx, *.mdb, *.jpg and some others. I suspect that this is activitry of some malware. The folder names is created so they will apear in the beginning and in the end of the folder list.
McAfee and Malwarebytes do not recognizes the folders, files and activities as suspicioius. Cyber Reasons Ransom Free however detects them as ransomeware. Does anyone have experience or knowledge about this matter? Theres has not been any encryption activities yet on the harddrive.
In the enclosed pdf you will se the folder names at the end of the arrows and on page 2 you will se the typically file namnes created in the folders. The pdf is written in Swedish but I hope you will understand the information anyway.
After some search I found the anser. This behaviour is the result of Cyber reasons Ransom Free software installed by myself.
The folders I described is a kind of trap for malware, especially ransomware. So, there is no longer any worry about this behaviour.
Cyber Reasons RansomFree works on both desktops and servers. We have seen Ransom ware attacks on both desktops and servers.
Unfortunately the traditional antivirus softwares are not so succesful in preventing Ransom ware attacks resulting in encrypted files,
The best protection for PC:s probably is software like RansomFree, detecting suspicious behaviour combined with the new feature in Windows 10, "Controlled Folder Access". Unfortunately, Controlled Folder Access only works with Windows Defender Antivirus. I hope McAfee will develope a solution similar to Controlled Folder Access since at least one of the other Antivirus software provides a similar function.
This morning McAfee LiveSafe has popped up a window saying "Risky Connection Blocked, About This Connection, IP Address 18.104.22.168, Program: Cybereason RansomFree Service, About this IP address: "<blah, blah ... You can cnange your NetGuard settings for this program in the Internet Connections for Programs drawer in Firewall."
The IP in an Amazon AWS network in Virginia. Cybereason Free is a well-known established service (and has been installed on my machine much longer than LiveSafe), LiveSafe won't let me add the service to the firewall settings, reporting that an entry for this program already exists. The exceptions editor is extremely clunky, there is no search mechanism, and there is no sign of the Cybereason service in the listing of programs (but there are about 40 entries for various pieces of McAfee services.)
Yes, I understand that LiveSafe provides an anti-malware component (and yet, by choice, I continue to run Cybereason on my machine). LiveSafe has been on my machine for about 2 years now and this is the first instance of this behavior.
This looks like buggy behavior to me. What's up with this, folks?