FREE ransomware simulator

CIS v10.0.0.6092 doesn’t even break a sweat; that’s the best you’ve got? Snort, chuckle, guffaw, snicker…

Of course I was in paranoid mode - not much can move very far w/ out generating an alert of some sort - and one has to go OUT OF THEIR WAY to get burned (create a rule to allow anything by everything and suppress ALL alerts 88) ).

AVG 2016 Internet Security Ultimate ‘passed’ with a score of 0/10. :o

Stock CIS 10 with FW SB and VS but no HIPS score is 7/10 infection.
CIS 10 stock with HIPS on score is 0/10 infection.

Why does HIPS not get switch on by default , if it can stop Ransomware ?

According to cruelsister’s video, CIS 10 scores a perfect 10/10 protection

And usually cruelsister suggests to enable sandbox without HIPS

Yes , remember he is running “Ransomfree” also with CIS10 when doing this test for 10/10 save.

You said CIS 10 can get 7/10 (so 3 missing) with HIPS off, while it gets 10/10 (0 missing) with HIPS on.
I said cruelsister got 10/10 with HIPS off, so I guess it depends on the configuration.

Usually cruelsister suggests to set CIS to Proactive Security and disable HIPS, but she has also pointed out that if you use CIS at the default Internet Security configuration (or Firewall Security for CFW), HIPS on is a must to achive the best protection

All fair and well , but the default install configuration is what just about all non tech savvy people use. That is why they dislike CIS , cause the protection is not 100%. Should the default not be set to be better as what it is at now. If we can get 10/10 with a default install then just imagine the press hype we can make out of that and boost uptake of CIS. Now it is regarded as the techy product that need tuning to be 100% safe.

Just my 2 cents

That’s true, I think there is a wish for CIS to ask for Proactive Configuration during installation process

I received a 10/10 in paranoid mode w/ default auto-sandboxing. I manually trusted the basic executables, i.e., RanSim, DataLauncher & DataCollector. ALL of the fundamental sim-images got sandboxed and ran virtually. That notwithstanding, CIS A/V subsequently discovered the files sitting in the KnowBe4 RansomSim folder and INSISTED these things were evil (despite scanning being disabled). Eventually it wouldn’t allow me to even delete the test-results folder - said it was locked - even so the folder was in exclusions; I had to reboot.

I believe that I’m pretty bullet-proof down to my root-hairs.

One caveat here is that I have ViralScan off - since I’m using behavior-blocker, i.e, sandboxing w/ virtualization - so if I have no idea what the converse may yield. All I know is that this is the latest and greatest thing, and unless you’ve taken steps to protect against that: you WILL get taken (eventually); these guys are getting real sophisticated with this nonsense. >:-D