Protecting against CryptLocker

Can anyone guide me though the F-Secure Policy 11 maze and point what setting needs to be adjusted to achive desired prevention through AV software instead of GPO as recomended in http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-26#entry3165383

Since F-Secure does not offer much protection and recommends just frequent system backups as the only workaround against CyptLocker. am planning to implement proactive approach (described in the article mentioned above) by setting retrictions for executing *.exe files located in %AppData% and its immediate subfolder.

Ideally I would prefer just to warn users instead of disallowing, since preventing execution of exe from %AppData% will break i.e. DropBox

Please note the above can be accomplished by competition i.e. McAfee does it via access protection rules

Andrzej

Find more posts tagged with

Comments

Dmitriy

Sorry for the lagged response to your message.

F-Secure Policy Manager doesn't provide any granular control to define which applications are allowed to run, or which folders executable files can or can't run from. However, our end point security protection has multiple layers of defense to detect and proactively block CryptoLocker and other ransomware. Specifically, it is known to us that Cryptolocker malware uses certain memory injection technique that we can monitor via DeepGuard. If DeepGuard sees this certain behavior pattern, it will block the executable from continued execution and therefore preventing further damage to the system.

Please check the following community posts for more information and solutions on how to prevent Cryptolocker from getting into your computers and encrypting your data&colon;
http://community.f-secure.com/t5/Security/crypto-locker-how-to-remove/m-p/34173/highlight/true#M6139
http://community.f-secure.com/t5/Stop-Ransomware/qa-p/stopransomware