Yes, Bruce, a good anti-virus, that's up to date, should identify Cryptolocker variants and prevent them from becoming resident (and thus stopping them from encrypting your files). But..... There is always a window of time in which new virus variants are spreading in the wild, before the antivirus makers identify them, and an update their definitions. That's the time when you're at risk. That's why Cryptoprevent is so valuable -- it's your only protection during that window of time. As you observed, Cryptoprevent is not a background process and thus won't drag the system. However, there is a premium edition of Cryptoprevent, that does actively update itself; so, that it's aware of how to protect against new variants of Cryptolocker. Even still, I would not expect this to use significant system resources. Chris Hart Computer Support & Technology Consulting for Connecticut and Western Massachusetts Tel: 860-291-9393 http://www.MyMacTech.com From: Bruce Hooke <bghooke at att.net> Date: Friday, January 16, 2015 at 11:51 AM To: Chris Hart <chris at chrishart.net>, <Hidden-discuss at lists.hidden-tech.net> Subject: Re: [Hidden-tech] Any experience with a Virus that attacksdocuments? A quick clarification. I just did some more reading and it turns out Cryptoprevent is not running all the time. It sets some policy rules in Windows that should prevent the Cryptolocker software from running. - Bruce From: Bruce Hooke <bghooke at att.net> Date: Friday, January 16, 2015 at 11:27 AM To: Chris Hart <chris at chrishart.net>, <Hidden-discuss at lists.hidden-tech.net> Subject: Re: [Hidden-tech] Any experience with a Virus that attacksdocuments? Thank you, Chris, for this very informative email. While, as you said, anti-virus software won't quarrantine the affected files, do you know if properly up-to-date anti-virus software should catch the initial "virus" (if that's the right name for it) that causes the documents to be encrypted? I am considering installing the Cryptoprevent software but it is presumably yet another background process that has to be there and running all the time, using system resources. Thanks, Bruce -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20150117/6610006b/attachment.html