cancel
Showing results for 
Search instead for 
Did you mean: 
ascoyne
Level 10
Report Inappropriate Content
Message 1 of 5

Exception to cover all files

I looking at creating a new rule to block access from an .exe in the AppData folder to any file (this is to stop CrytoLocker from encrypting any files).

I have created this rule, but I am unsure of the wildcard of **.*.

Will it - a) Work? and b) Cause an massive overhead on the scan engine?

Untitled.png

4 Replies

Re: Exception to cover all files

Hi there,

I thin the rule which you looking for is the one below. The one you have created it will not work.

Sense títol.jpg

You need to include all processes (*) and then block the path in the path C:\**\AppData\**\*.exe

It will not cause an massive overhead on the scan engine

Please, test this and let me know

Best regards,

Jose Maria

ascoyne
Level 10
Report Inappropriate Content
Message 3 of 5

Re: Exception to cover all files

Thanks for the quick reply.

I already have created a rule to Block the EXE running from AppData folder.

Untitled.png

I was looking at blocking CrytoLocker from encrypting files

Untitled.png

Re: Exception to cover all files

I think instead of **.doc put only single * which will include all files.

**.doc = *

Re: Exception to cover all files

Hi there,

Then create the rules like this for the office files (the files most commun are affected cryptolocker)

Sense títol.jpg

Sense títol2.jpg

.....

In process to include you need to add all process (*) and then file or folder to block is where you put the condition.

Please, let me know if Works.

Best regards,

Jose Maria