What's new in RansomWhere? 1.2.5
Jun 12, 2018
- on upgrade, list of pre-installed apps is retained
- improved code signing checks (mahalo @midnite_runr!)
New in RansomWhere? 1.2.4 (May 27, 2018)
- Expanded whitelist
- Fixed file handle leak
- Reduced false positives by ignoring gzipped files
New in RansomWhere? 1.2.3 (Oct 6, 2017)
New in RansomWhere? 1.2.2 (Sep 29, 2017)
New in RansomWhere? 1.2.1 (Sep 27, 2017)
- improved High Sierra compatibility
- improved process path resolution
New in RansomWhere? 1.2.0 (Apr 20, 2017)
- Added process monitoring to:
- reduce time to detect untrusted processes
- track children that are creating encrypted files
- identify trusted processes creating encrypted files on behalf of an untrusted ancestor
- Added processes signing info to alert window
- Added ability to persistently approve unsigned binaries (via hash)
- White listed (via code-signing auth) more AV prodcuts, and other false-positives
- Bug fixes, code optimizations, etc.
New in RansomWhere? 1.1.0 (Apr 14, 2017)
- added processes signing info to alert window
- added ability to persistently approve unsigned binaries
- white listed (via code signing auth) more AV prodcuts, and other false-positives
- bug fixes, code optimizations, etc.
- added process monitoring to:
- a) reduce time to detect untrusted processes
- b) track children that are creating encrypted files
- c) identify trusted processes creating encrypted files on behalf of an untrusted ancestor
New in RansomWhere? 1.1.0 (May 24, 2016)
- expanded monitoring to entire file-systems (not just /Users/*)
- extended support to older OS X versions (back to OS X 10.8)
- added command-line interface ('-install' and '-uninstall' for easier (non-UI) deployment)
- alerts and user's response now logged to system log
- now trusts signed/verified apps from Mac App
- white listed (via code signing auth) various AV products, and other false-positives
- gray listed Apple-signed apps such as Python, etc (to not explicitly trust)
- explicitly set launch daemon plist to r/x
- improved enumeration for installed/baselined apps
- improved UI (alert, install window, etc)
- added drop down menu for installer
- created .dmg and .pkg builds for easier deployment
- bug fixes, code optimizations, etc.
New in RansomWhere? 1.0.0 (Apr 20, 2016)