cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Trying to block **\*.scr for Cryptolocker rule

Hello,

I am trying to configure a user defined access protection rule to block **\*.scr files as per the Cryptolocker message that went out last month. So far I have been able to make the appropriate exe exceptions but I am running into a problem with a number of events that don't show an exe as the process name. Example is below:

Threat Source Process Name:C:\Windows\system32\Bubbles.scr

I have tried to exclude the .scr in the access protection rule but not being an exe it did not seem to have any impact. I would like to eventually select the "Block" check box for this rule. Has anyone else seen this or have any solution for it?

Thanks in advance!

3 Replies
Highlighted

Re: Trying to block **\*.scr for Cryptolocker rule

Hi,

Try to create a new user define rule, choose file and folder and typee **\.scr and then block What you want to block when writing..... Then you block only for that rule.

My advice would be to test this rule in a single Machine chosing only report mode to see the impact and if the impact is the one that you want then implement the blocking mode.

Best regards,

Jose Maria

Highlighted

Re: Trying to block **\*.scr for Cryptolocker rule

I do have this rule setup on a few machines in report mode so that I am not affecting anything. My rule is shown below:

AP Rule For Scr.PNG

Looking at the events in reporting mode is what is showing the .scr as the process name and I cannot fully implement the block on this rule until I am sure that production systems will not be affected.

Thanks!

Highlighted

Re: Trying to block **\*.scr for Cryptolocker rule

I am not sure if this is the correct way to fix it but I uninstalled and reinstalled the VSE software. After that the appropriate exe's were being reported back in the Threat Source Process Name field.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community