To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Protecting against CryptLocker

andrzej W/ Alumni Posts: 48 Junior Protector

Can anyone guide me though the F-Secure Policy 11 maze and point what setting needs to be adjusted to achive desired prevention through AV software instead of GPO as recomended in


Since F-Secure does not offer much protection and recommends just frequent system backups as the only workaround against CyptLocker.   am planning to implement proactive approach (described in the article mentioned above) by setting retrictions for executing *.exe files located in %AppData% and its immediate subfolder.

Ideally I would prefer just to warn users instead of disallowing, since preventing execution of exe from %AppData% will break i.e. DropBox


Please note the above can be accomplished by competition i.e. McAfee does it via  access protection rules





  • Dmitriy
    Dmitriy W/ Alumni Posts: 179 Threat Terminator

    Sorry for the lagged response to your message.


    F-Secure Policy Manager doesn't provide any granular control to define which applications are allowed to run, or which folders executable files can or can't run from. However, our end point security protection has multiple layers of defense to detect and proactively block CryptoLocker and other ransomware. Specifically, it is known to us that Cryptolocker malware uses certain memory injection technique that we can monitor via DeepGuard. If DeepGuard sees this certain behavior pattern, it will block the executable from continued execution and therefore preventing further damage to the system.


    Please check the following community posts for more information and solutions on how to prevent Cryptolocker from getting into your computers and encrypting your data:

This discussion has been closed.