7 Replies Latest reply on Nov 25, 2013 9:09 AM by Don_Martin

    Urgent Help with Access Protection Policy exclusions

    MMixer

      We have recently had two machines caught with the cryptolocker bug

      I have followed a number of examples on how to try and block this  (Orc 4.5 and AV 8.8 )

       

      The only method I have found that works is to use on the access protection  > user defind rule of  **\*AppData*\**\*.exe

      Which works and on Win 7 covers all areas under AppData

       

      But trying to get some exclusions to known exe's I cant get anything to work

      ie Dropbox

      C:\Users\username\AppData\Roaming\Dropbox\bin\Dropbox.exe

       

      I have tried

      **\Dropbox.exe 

      Tried **\*AppData*\**\Dropbox.exe  

      **\*AppData*\Roaming\Dropbox\bin\Dropbox.exe

      I cant seem to find any why of exclusing some exe

       

      Does anyone know what I have done wrong

       

      There was another example from a mcafee document but I couldnt get this to work when tested ?

      %UserProfile%\AppData\Roaming\*.exe

      I would like to cover more then just roaming area but I couldnt get mcafee to accept the %userprofile% Variable