To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

F-secure Policy Manager : Can I block a specific executable based on filename

niepce
niepce Posts: 20 Security Scout
in Business Suite

Hello all,

 

Im struggling to block a specific executable named Emotiplus_skype.exe

This tiny thing replicates via Skype via all contacts, and installs a browser search engine hijacker. In addition to providing very nice smileys in skype :)

 

I am struggling to find how to block it FSPM wise. I have options to include extensions, exclude extensions, exclude files and folders based on path and filenames.... but I can't find any option to block a specific file based on filename (neither in manual, real time, or deepguard scanning options).

 

Anyone got a clue ?

 

In the meantime, I sent the file to the lab for analisys, just in case.

Comments

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    I think SHA1 checksum banning works via Deepguard and the NIF module in FSAVCS. But of course if the file changes often, that won't help for long.

     

    Yours Sincerely: Tamas Feher, Hungary.

  • niepce
    niepce Posts: 20 Security Scout
    Thanks Tamas I've been able to make in untrusted in Deepguard using the sha1 hash. Until the next one !
This discussion has been closed.

Categories