3 Replies Latest reply on Nov 21, 2014 9:56 AM by zeke423

    Trying to block **\*.scr for Cryptolocker rule




      I am trying to configure a user defined access protection rule to block **\*.scr files as per the Cryptolocker message that went out last month. So far I have been able to make the appropriate exe exceptions but I am running into a problem with a number of events that don't show an exe as the process name. Example is below:


      Threat Source Process Name:C:\Windows\system32\Bubbles.scr


      I have tried to exclude the .scr in the access protection rule but not being an exe it did not seem to have any impact. I would like to eventually select the "Block" check box for this rule. Has anyone else seen this or have any solution for it?


      Thanks in advance!