5 Replies Latest reply on Feb 23, 2016 6:51 AM by Don_Martin

    Threat Advisories on W97M and Locky

    Daniel_S

      Hey guys,

       

      yet another question regarding the two currently released TAs:

      McAfee wants us to add some specific folders to the Access-Protection-Rules.

      For Example for the W97M:

      Processes to include: * - so all are included

      File or foldername to block: c:\users\user\appdata\roaming\*.exe - think this won´t word as "user" is not specific. So i chose to user *\appdata\roaming\*.exe

      I selected "Files being executed" and "New files being created".

       

      BUT: Nothing is happening. I can create new files *.exe inside the roaming-folder as i like. I also tested the other solution from McAfee - nothing.

      The same applied to the locky-TA. I ended up to not specify a folder here but say disallow all programs to create files with *.locky.

       

      It this a known problem or am I missing something?

       

      Regards

      Dan