F-secure Policy Manager : Can I block a specific executable based on filename

Hello all,

Im struggling to block a specific executable named Emotiplus_skype.exe

This tiny thing replicates via Skype via all contacts, and installs a browser search engine hijacker. In addition to providing very nice smileys in skype

I am struggling to find how to block it FSPM wise. I have options to include extensions, exclude extensions, exclude files and folders based on path and filenames.... but I can't find any option to block a specific file based on filename (neither in manual, real time, or deepguard scanning options).

Anyone got a clue ?

In the meantime, I sent the file to the lab for analisys, just in case.

Find more posts tagged with

Comments

niepce

Thanks Tamas I've been able to make in untrusted in Deepguard using the sha1 hash. Until the next one !

etomcat

Hello,

I think SHA1 checksum banning works via Deepguard and the NIF module in FSAVCS. But of course if the file changes often, that won't help for long.

Yours Sincerely: Tamas Feher, Hungary.

Vad

Hello niepce,

Unfortunately, we don't have such possibility in current versions.

Best regards,

Vad