Altx-Soft ComplianceCheck against cryptolockers and ransomware

ComplianceChecker is a free Compliance Management tool made by Altx-Soft, a security product company from Moscow Region, Russia. Altx-Soft is known abroad mainly as a Top OVAL Contributor, they have been on award-list every quarter since 2012. Their flagman product, RedCheck, is a SCAP-compatible vulnerability and compliance scanner. They also produce family of “Check”-products for controlling and managing Windows operating systems.

Altx-Soft ComplianceChecker scanning results

ComplianceChecker is a promo product for the potential RedCheck buyers. It similar to RedCheck with the most management features cutted off. It can scan only the localhost.

ComplianceChecker is positioned mainly as an utility for SOHO/Home users and it’s not a secret, that on this market Compliance Management solutions are still an exotic. How could they attract the attention of an ordinary people? Altx-Soft took the hottest security topic of 2014-2015 – cryplockers and ransomware, that nowadays are the real threat for literally all kind of platform and especially Windows desktops. Altx-Soft tried to spread the message, that the best way to protect operating system from this kind of malware is to configure it properly. And it’s hard to disagree. So, they made a tool for the security assessment – ComplianceChecker, and made some other tools configure to operating systems (free for RedCheck users).

I have downloaded Compliance Checker here: http://www.altx-soft.ru/files/download/cc.zip

ComplianceCheck installer and user manual

It’s a bit a strange to describe in English a tool, that is available only in Russian. Yep, unbelievable, but there is no English language support at all. I hope, that this post could maybe somehow motivate Altx-Soft to translate it 😉 But don’t be afraid. Interface of the tool is trivial and I will do my best to describe what is happening on the screenshots.

Let’s see the basic functionality.

Installation process is straightforward. You just need to press second Next (“Далее”) button. No attempts to install bloatware or anything like this.

ComplianceCheck installation wizard ComplianceCheck installation wizard: select the destination folder

Start the installation… “Начать”

ComplianceCheck installation wizard: ready to install ComplianceCheck installation wizard: installation process ComplianceCheck installation wizard: installation is finished

And it is finished! “Готово”.

There are two policy checks available:

  • Configuration against ransomware through Software Restriction Policies (SRP)
  • Configuration against ransomware through Application Management Policies (AppLocker)

ComplianceCheck choose the policy and press button with red letters

Choose one policy and press button with red letters. To scan: “СКАНИРОВАТЬ”. And then the window with control statuses will appear. Scanning takes 1-2 seconds.

For SRP:

ComplianceCheck scan results

The same for AppLocker:

ComplianceCheck scan results

When you press on the security control you will see control description on the right panel.

At the bottom you can see statistics for the controls: pink – non-compliant, green – compliant, gray – not applicable.

ComplianceCheck scan results

SRP and AppLocker are not configured in my system, so all those controls are in “not applicable” state. But some controls: antivirus configuration, account management configuration are checked correctly.

Security content content is stored here:

C:\ProgramData\ALTEX-SOFT\ComplianceCheck\Data\Benchmarks\

ComplianceCheck security content content storage

I have copied folder RP-SRP folder as Test. You can see standard SCAP feed inside:

copied folder RP-SRP folder as Test

I have changed title in xccdf file.

changed title in xccdf file

Restarted application. New configuration policy appeared.

ComplianceCheck new configuration policy appeared

And this policy is scannable.

ComplianceCheck policy is scannable

Ok. Let’s try something more interesting. I have downloaded DISA STIG content for windows 8 and put it in the same folder.

ComplianceCheck DISA STIG content

Scanning took about 5 minutes. And in It works!

ComplianceCheck DISA STIG content scan results

A bit sad, that there is no option to save scan results. But we have OVAL definition result file in Temp folder:

ComplianceCheck OVAL definition result file in Temp folder

In conclusion: Even basic functionality of the tool, compliance checking against cryptolockers and ransomware, is very interesting and useful. But, I think the ComplianceChecker has even  bigger potential as a free universal compliance framework. Right now it is highly customizable and has an ability to run DISA STIGS and other SCAP content as is. It is free, it is fast. It seems good for testing and developing new security content, especially in situation when ovaldi development is stopped.

2 thoughts on “Altx-Soft ComplianceCheck against cryptolockers and ransomware

  1. Pingback: ZeroNights16: Enterprise Vulnerability Management | Alexander V. Leonov

  2. Pingback: Vulnerability Management vendors and massive Malware attacks (following the BadRabbit) | Alexander V. Leonov

Leave a Reply

Your email address will not be published. Required fields are marked *