Showing results for 
Search instead for 
Did you mean: 

Trying to block **\*.scr for Cryptolocker rule


I am trying to configure a user defined access protection rule to block **\*.scr files as per the Cryptolocker message that went out last month. So far I have been able to make the appropriate exe exceptions but I am running into a problem with a number of events that don't show an exe as the process name. Example is below:

Threat Source Process Name:C:\Windows\system32\Bubbles.scr

I have tried to exclude the .scr in the access protection rule but not being an exe it did not seem to have any impact. I would like to eventually select the "Block" check box for this rule. Has anyone else seen this or have any solution for it?

Thanks in advance!

3 Replies

Re: Trying to block **\*.scr for Cryptolocker rule


Try to create a new user define rule, choose file and folder and typee **\.scr and then block What you want to block when writing..... Then you block only for that rule.

My advice would be to test this rule in a single Machine chosing only report mode to see the impact and if the impact is the one that you want then implement the blocking mode.

Best regards,

Jose Maria

Re: Trying to block **\*.scr for Cryptolocker rule

I do have this rule setup on a few machines in report mode so that I am not affecting anything. My rule is shown below:

AP Rule For Scr.PNG

Looking at the events in reporting mode is what is showing the .scr as the process name and I cannot fully implement the block on this rule until I am sure that production systems will not be affected.


Re: Trying to block **\*.scr for Cryptolocker rule

I am not sure if this is the correct way to fix it but I uninstalled and reinstalled the VSE software. After that the appropriate exe's were being reported back in the Threat Source Process Name field.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community