WinPatrol WAR review

The veteran PC protector takes on ransomware – but who will win?

TechRadar Verdict

This app might be useful as a general malware killer, but WAR's ransomware protection is below par.

Pros

  • +

    Protects against all malware

  • +

    Blocked our simulated ransomware

  • +

    Highly configurable

Cons

  • -

    Failed to stop one ransomware type

  • -

    False positives

  • -

    Cluttered interface

  • -

    No trial

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

WinPatrol has been protecting PCs from malware for 20 years, so it's no surprise that the company is now taking on the very latest threats with WinPatrol WAR (formerly WinAntiRansom).

WAR isn't just an anti-ransomware tool, the company says, making this very big claim: "Protects against all forms of Ransomware, Trojans, Worms, Rats, Info Stealers, Keyloggers, Backdoors, Script Attacks and more..."

The program works at a very basic level by restricting malware's ability to carry out common actions, including changing files and Registry keys, accessing important folders or your network resources.

WAR offers some protection automatically, but you can also customize this in various ways. By default, for example, WAR creates a protected Documents\SafeZone folder which only trusted programs can access. But you can add other custom folders in a click or two, instantly shielding them from ransomware or other attacks.

WAR is a commercial product available with both lifetime and annual licences, and it's very important to check both options before you buy.

During the review, WinPatrol's Product page listed WAR as costing $19.95 (£15) for a one-year, one-computer licence. But when we went to the Lifetime page, we found WAR available on a lifetime licence for only $13.49 (£10). This was supposedly a special "85% off sale" so may not be available when you read this, but look around anyway – there may be a better deal somewhere on the site.

There's no free trial, unfortunately, and no way to sample WAR's abilities before you buy. WinPatrol does offer a 30-day money-back guarantee, though, and we've no reason to believe that this has any catches or restrictions. If you're not happy, tell them and you should get a refund without any hassles.

Setup

Our WinPatrol WAR experience started much like most software purchases. We handed over our email address, went through the payment process, downloaded and installed the package. An email arrived seconds later with a licence key, we entered it and were ready to go.

The WAR interface looks much more complicated than the usual anti-ransomware tool, at least initially, with multiple buttons, options and settings. It could be a little intimidating, but when you begin exploring, the program starts to make more sense.

The Programs tab lists your system's current executables, for instance, and highlights any that are whitelisted. It looks complicated, but for the most part you can ignore it, as WAR is able to discover and whitelist programs (if appropriate) entirely automatically.

Other tabs display recently blocked programs, network activity or Registry changes, which are useful for spotting malicious actions you might have missed. Or if WAR blocked something accidentally, you can whitelist it from the report in a couple of clicks.

There are also areas of the interface which aren't so obvious, but tapping the Help button opens a web page where you'll find out more (here's an example).

Performance

Our testing procedure started by introducing the deadly Cerber ransomware to a WinPatrol WAR-protected system, sitting back, and watching what happened.

The results were poor. WAR allowed Cerber to run for a very long time, and only warned us about malware activity at the very last moment, as Cerber wrote its ransom note to our desktop. WAR doesn't have the file recovery technology other anti-ransomware tools often provide, and so all our data was lost.

Our second test involved RanSim, a versatile ransomware simulator. The program runs multiple tests to simulate 10 different types of ransomware behaviour, then lets you know how many were blocked.

We launched RanSim, expecting to be able to run the tests, but no – WinPatrol immediately alerted us to signs of malware-like activity, and gave us the chance to kill the process. This didn't tell us whether WinPatrol has the ability to detect individual ransomware behaviour types, but we still got the chance to close the program before it did any harm, and that's what really matters.

For our final test, we used RanTest, a custom ransomware simulator of our own. It's much more basic than RanSim, but as the program has never been publicly released, we can be sure that WAR won't have seen it before.

Unknown or not, it made no difference: we launched RanTest, WAR raised an alert immediately and we were able to close it with a click.

Overall, WinPatrol did make some good decisions, but it missed the most dangerous real-world threat, and gave us several false alarms during testing, too. The program might be interesting as an extra tool for experts who know precisely what they need, but generally you'll get better ransomware-blocking performance elsewhere.

Final verdict

WinPatrol WAR has a lot of features which help protect against many malware types, but it couldn't stop Cerber trashing our test system, and the false positives were annoying. You can get better ransomware-specific protection for free.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.