In our environment, we are utilizing McAfee ePO 5.3.2 to manage over 2,000 systems running VirusScan 8.8i. On occasion, we see RansomWare infect several systems. Over the last few days, we saw a new strain of Cerber.
In McAfee VirusScan 8.8i, I know that we could leverage the Access Protection rules. We did that to help block Wannacry. Since, there are so many variations and types of RansomWare, I would like to know what other people are using to protect against the majority of strains.
I am trying to avoid hundreds of AP rules but just want a few rules that would prevent the majority of RansomWare.
Since they attack in different ways, there isn't a single configuration for ransomware. A guide for configuring protection for each can be found here:
Since Ransomware mainly propogates via email, at least at the time of writing this, you might want to consider looking at your configuration on your email protection. If you keep seeing patient zero hit with ransomware that was an attached office document with macros, perhaps limit those from being delivered unless they're from a trusted source.