"My AV blocked RanSim.exe So I'm Safe" No You Are Not



Ransim1-1.pngI'm noticing a lot of people saying the ransim.exe file is getting blocked by your AV. You have to actually allow the initial processes to run to do the simulation.

It is the five test scenarios that you want to see blocked. The Ransim.exe, Launcher.exe and RansimSetup.exe files MUST be allowed to run--they are just the framework for the ransomware simulation and if you block those first few files, you're not actually allowing your system to test the various ransomware scenarios.

Q: My antivirus flagged RanSim.exe, Launcher.exe, or RanSimSetup.exe as malicious.

A: If this occurs, it is a false positive. There is no dangerous code in the files, and these files are not doing any testing/recording in regards to whether your system passes/fails the simulation of ransomware. They are simply the framework with which run the Ransomware simulation, so you can (and should!) allow them to run.

It is important to NOT turn off your antivirus at any point during this process. In order to have an accurate and meaningful ransomware simulation test, your antivirus must be configured and operating as it normally would.

If the files are flagged as malicious, certain antiviruses may provide a warning, which will allow you to let the file run, quarantine it, or block it. Other antiviruses, however, may not give you an option--it could automatically block and quarantine the file. If that happens, you will need to un-quarantine the file and start over.




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews