Recently we got the news that Scarab Ransomware from the link https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware
So we decided to create User-defined rules under access protection policies.There is one registry path
uSjBVNE = "%Application Data%\sevnz.exe which we need to block in VSE policy.I just wanted to know what is the best possible rule we can create for blocking the registry as mentioned in the link to avoid the impact of Scarab Ransomware.
Any answer will be highly appreciated..
I'm not going to advise which actual rules to create... however....
You could do worse than look at McAfee's ransomware guide:
It has rules for different ransomware types, which includes application protection rules for blocking certain registry or file/folder creation/executions.
Whilst the link you gave indicates a specific executable name, its worth considering that there are likely to be versions of this that generate the executable with a random name, rather than one specific. This will be something to consider when you create you rules.
If you want specific details for what rules to create for Scarab, I think your best bet would be to log a request with Support.