CryptoPrevent v.9 blocks InSpectre: Meltdown/Spectre? vulnerabilities check tool

Hi all!

 

I have MS Win 10 Pro 64-bit and have run several Meltdown/Spectre vulnerabilities check tools, namely SpecuCheck, SpectreMeltdownCheck and InSpectre, of which the last being the most informative.

 

The two first run successfully, however, the last is being blocked by CryptoPrevent v.9 and its Software Restriction Policies, since it copies an instance of itself called inspect64.exe to the AppData\Local folder.

 

Error message: CryptoPrevent Notification Module, SRP Block Detected, Blocked Program: 'C:\Users\User Name\AppData\Local\inspect64.exe', Protection Rule: 'C:\Users\User Name\AppData\Local\*.exe'

 

InSpectre is indeed a legitimate program, and should as such be able to run without restrictions of any kind, even if running from the said folder.

 

I have of course already whitelisted InSpectre.exe, but not inspect64.exe, since the latter is being generated at runtime.

 

And hence, my question is as follows;

 

How do I report this bug to Foolish IT, the creator of CryptoPrevent?

 

Thank you very much in advance!

 

Regards,

midimusicman79

Edited by hamluis, 26 February 2018 - 10:59 AM.
Moved from MRL to Ransomware - Hamluis.

You can contact and ask the developer, Nick (Foolish Tech CEO) the following ways.

• Submit a Ticket to Foolish IT Support
• Foolish IT Contact Us
• Email: foolishtech@foolibleep.com
• Phone: 844-311-FOOL

You can also contact... Proctor_Foolish_IT (Matt Proctor) who is Chief Financial Officer and an Authorized Company Representative for CryptoPrevent.  

• Email: proctor@foolibleep.com

Hi, quietman7!
 
Thank you for the prompt and insightful reply!
 
I have now signed up and submitted a ticket to Foolish IT Support.
 
I will let you know the outcome.

Thank you very much for the help! The issue is pending!
 
Regards,
midimusicman79

Edited by midimusicman79, 27 February 2018 - 12:16 PM.

You're welcome and good luck.

Hi again, quietman7!
 
Foolish IT's CFO Matt Proctor answered, and I quote:
 

Cry[p]toPrevent is behaving as intended.  Our recommendation would be to whitelist C:\Users\User Name\AppData\Local\inspect64.exe.

 
Which, upon tried, works great, although I discovered that the said file actually gets immediately deleted after being generated, but nevertheless, I was able to whitelist it without having it existing in the first place, as in specifying the file path instead of browsing to it.
 
Thank you very much for the help! The issue has been successfully resolved!
 
Regards,
midimusicman79

Edited by midimusicman79, 28 February 2018 - 10:49 AM.

The AppData\Local folder is one of the known hiding places for malware so that's what I suspected was going on but wanted you to contact Nick for confirmation.

In the end did you get any solution for this? I can not whitelist it. Very strange that Crypto Prevent does not allow the whitelisting of a single file.

to BC, arpcpro!

However, if you did not already notice this, you have replied to a six-year-old topic, so please start a new topic for your issue.

I've found a way to whitelist a specific exe file by typing it manually. This is the answer we need, and the warnings stopped.

 

 

 

However, if you did not already notice this, you have replied to a six-year-old topic, so please start a new topic for your issue. 

 

 

Thanks for the welcome. I did notice it was 6 years ago, but the problem is the same and it was unanswered. I found this post through a google search and I prefer that forums are kept clean with less redundant posts. I hate to click on multiple topics about the same thing until I find a useful one. Like this, the members who subscribed to the topic because they have the same problem might get notified. The search engine results already have this specific post indexed and scored high. This is not a facebook group where the old posts might disappear and people need to keep posting, asking the same things. If it was banned to reply, I guess that the forums would prevent the users from replying to posts after 3 or 4 years.

Edited by arpcpro, 26 June 2024 - 06:33 AM.

Glad to hear you resolved the issue, arpcpro!

You are welcome, Thank you for sharing the solution, and Good luck!