0 Replies Latest reply on Dec 17, 2015 8:39 AM by lee@dovehousehospice

    Cryptolocker rule triggering false positives

    lee@dovehousehospice

      I am creating the rules shown in Protecting against Cryptolocker & Cryptowall and all seems fine barring rule#8 regarding the scr files.

       

      There are lots of events being triggered by SVCHOST.EXE and is to do with general windows screensavers.

       

      Source Process Name: C:\WINDOWS\SYSTEM32\SVCHOST.EXE

       

      Target File Name: C:\Windows\System32\Mystify.scr

       

      I cannot see anyway of allowing this through other than whitelisting SVCHOST.EXE which I dont really want to do.

       

      Any suggestions??

       

      Thanks

       

      Lee