① Main Menu

[ 1-1 ] Cleaner

Cleaner features system integrity scan, network environment scan, malware scan, adware scan, browser extension scan, malicious shortcut urls scan, ransomnote files removal, and temporary file/folder removal features. Through multiple scanners, AppCheck Cleaner removes various malicious codes, ransomware, and other temporary files and folders that are unnecessary on your PC.

To run Cleaner, you can do it through Cleaner button on the main screen of AppCheck, “AppCheck Cleaner” in the program list, or “Run Cleaner” menu provided in AppCheck menu on the taskbar notification area.

Cleaner button provided on AppCheck main screen displays messages saying “no threats found” or “All threats removed. Click to confirm.” depending on whether they are threats or not at the completion of examination.

Opens Cleaner diagnostic window when click on Cleaner button while running cleaner, to display detailed scan items and remediation results.

When detected in system integrity scan, it creates message “System is altered and requires to reboot system. Continue to reboot? (Yes: Scan after reboot, No: Cancel the scanning process)” and automatically rescan after reboot.

If there are “Delete after reboot” items during the Cleaner scan, it creates message “System requires to reboot to remove malware. Cancel may leave malware in system. Continue to reboot?” and remove detected malware by reboot.

Detected and removed details by Cleaner scan can be found in the detection log of AppCheck tool, and if you want to restore any of the removed items, you can find backup items in quarantine and restore them.

[ 1-2 ] Real-time Protection

Real-time protection includes RansomGuard (Ransomware Proactive Defense, RansomShelter, File Destruction Detection, MBR Protection, Netork drive Protection, File Protection in Shared Folders), automatic deletion of files stored in Ransom Shelter, and enable/disable protection on both Ransom Shelter <Backup (AppCheck)> folder and Auto Backup <AutoBackup (AppCheck)> folder.

While Auto Backup feature is independent of Real-time protection, Automatic Backup folder <AutoBackup (AppCheck)> cannot be protected when Real-time protection is disabled.

Depending on Real-time protection is enabled or disabled, the AppCheck icon changes color in the system tray.

Real-time protection alerts in the taskbar notification area when detects ransomware or malicious code attacks through Ransom Guard and Exploit Guard features.

If user clicks the Ransomware Activity Detection Notification window, it provides blocked program information and detailed options.

Note that AppCheck (Free) only blocks the process when ransomware behavior is detected, while AppCheck Pro provides removal.

[ 1-3 ] Exploit Guard

Exploit Guard blocks bugs and vulnerabilities in applications(Web Browser, Plugin, Media Player and Office) which cause malware infection.

When detected exploit attack while using a Web browser, you can view the information of Process Command-line, Target Command-line, Distribution URL, Referrer URL and Exploit URL through the alarm.

On PCs with exploit attack detection, check the security updates of Web Browser, Plugin, Media Player and Office program and update to the latest version.

[ 1-4 ] MBR Protection

MBR Protection enables to protect any alteration process or behavior of Master Boot Record(MBR) and GUID Partition Table(GPT).

Detected files are only blocked not deleted.

[ 1-5 ] Network drive Protection

The network drive protection feature provided in AppCheck Pro is designed to block(remove) and protect files located in the shared folder connected through the network drive. Files are automatically restored when the file encryption behavior is detected.

Network Drive Protection differs from SMB Server protection as this function blocks infected PC is attempting to encrypt outbound shared resources.

[ 1-6 ] Genuine Registration

AppCheck Anti-Ransomware Free has some features limited in Ransom Guard and Auto Backup. Individuals who want to use without limitations or for companies and government should purchase AppCheck Pro.

After purchasing AppCheck Pro license, please click “Register for activation” button (key icon) at the top of AppCheck main screen to register.

For online registration and activation Internet connection is required. You may receive license information through your email. Enter email and license key provided and click “OK” to complete the online activation.

You may receive license expiration information before 30 days of expiration. You may need to purchase for the license renewal in this period.

When AppCheck license is expired, all features are disabled. If you have a new license purchased, you may need to remove AppCheck and reinstall to enter the new license.

For renewal before AppCheck license expires, click “Extend Period” button to proceed purchasing the license at discounted price.

[ 1-7 ] Empty RansomShelter

Ransom Shelter automatically keeps files in <Backup(AppCheck)> when any suspicious file creation/modification/deletion behavior is detected. Files in RansomShelter are deleted automatically maximum of 7 days depending on user configuration.

The purpose of this backup is to keep your original files and recover them in case of Ransomware encrypts files.

The folder is safely protected while Real-Time Protection is on. In some cases user might need extra spaces in the disk drive, may click “Empty RansomShelter”(trash icon), to delete RansomShelter folders in each drives.

Files are completely removed from the disk and not moved to windows Recycle Bin. In cases of files are not removed due to the permission issue, you may turn off Real-Time Protection while manually deleting the folders.

② AppCheck context menu in system tray

[ 2-1 ] Tools

The AppCheck Tools provides detailed information of threat, quarantine, and event log. The log is automatically cleaned up if the accumulated amount of events exceeds a certain level.

If you double click Threat Logs, Quarantine, and General tabs in AppCheck tool will perform a refresh.

User can enable to display MD5 Hash values.

AppCheck Tools: Detection Log

Detection Log displays detailed information of Ransom Guard activity(Detecting Ransomware Behavior), Processed threats by Cleaner (Bloced, Removed, Restored, Block Failed).

AppCheck Tools: Quarantine

Quarantine Log displays the Ransomware files, Encrypted files, and Ransomware payment information files that have been deleted through the Ransomware Behavior Detection and kept in the Quarantine folder. The Quarantine folder is located at “C:\ProgramData\CheckMAL\AppCheck\Quarantine”

When clicking empty quarantine, it prompts “Files will be removed from the Quarantine and this action is irreversible. Are you sure to continue?”. Deleted files are completly removed not moved to Recycle Bin.

AppCheck Tools: Event Log

Event Log displays logs of Start and End of Application Service, Realtime Protection, RansomGuard, Cleaner. Also other logs such as update, auto backup, option changes, notification messages and etc.

[ 2-2 ] Options

The AppCheck option provides Normal, Ransom Guard, Cleaner, Auto Backup (AppCheck Pro only), and Whitelist and SMB Block/Allow List settings.

AppCheck Options: General

Auto Update checks every 6 - 12 hour for update, and when updated, displays notification message: “New version has updated. Click to find out more.”

If the user clicks the notification window, release note in CheckMAL website is displayed in the default system web browser.

The user may click “Check for Update” link in the About AppCheck, and the will be notified “Current version is up-to-date.” if installed AppCheck is the latest version.

AppCheck Options: Ransom Guard

AppCheck Options: Exploit Guard

Exploit Guard blocks bugs and vulnerabilities in applications which cause malware infection. If you turn off “Enable Exploit Guard Protection” check box will stop the entire feature. However, you can protect specific application programs you want by selecting the check boxes.

You can only activate application protection for Office on the original version of AppCheck Pro.

AppCheck Options: Cleaner

AppCheck Options: Auto Backup

For safety usage of backup to Network Shared Folder, it is recommended by creating a separate account with dedicated folder and not to use it for another purpose.

To delete the Auto Backup folder <AutoBackup(AppCheck)> and internal files, please temporarily disable real-time protection.

AppCheck Options: Whitelist

Whitelist is a feature that allows users to add files that are blocked by ransomware activity detection to be excepted by themselves.

However, system files such as explorer.exe / svchost.exe are highly exploited by ransomware and cannot be detected if they are added to whitelist.

Also, make sure to check “Always allow files registered below” box after adding whitelist.

AppCheck Options: SMB Allow/Block List

SMB Allow/Block option is only provided in AppCheck Pro. User can manage to allow or blocked IP(IPv4/IPv6) list for SMB access.

If the files in the shared folders are damaged due to the ransomware running on the remote PC, a block message notification for IP address(IPv4, IPv6) is displayed.

If user clicks the notification, IP address is displayed on the AppCheck notification window. When the user clicks “Add SMB allow IP address”, the IP address is added to “Allowed address list” in “SMB allowed Address” of AppCheck option to allow further access.

You may check the blocked list in AppCheck Pro Option %gt; SMB Allow/Block List, and by default, Blocked IP are temporally blocked 1 hour from the detection and removed automatically afterwards.

Temporarly blocked IPs are temporally blocked for 1 hour from the detection, and user can allow temporarly or permantly.

After 1 hour, blocked IP is automatically removed from the list and remote PC can access afterwards.

Adding IP address supports in various ways, starting from single IP address, range, subnet is allowed. User may refer to example for better understanding.

Because adding IP address allows unrestricted access of file modification, it is recommend to install AppCheck in remote host for better protection.

[ 2-3 ] About AppCheck

Display information about AppCheck including current version, manual update checks, copyright and licensing information, thanks to, and genuine registration information.