Moved to Malware Discussion > Corporate User Assistance > Discussions
Sorry, I moved this back to HIP as you'll get faster answers to those specific questions here.
1 of 1 people found this helpful
It looks like they are trying to make a defense in depth strategy here. Different Cryptolocker versions behave differently and this tool cannot block the kind of things that would make such a signature high fidelity. Turning these rules on is more like a chemo therapy approach.
Depending on your intended level of administration for each rule, turning any of these on in block mode could be a bad time for you. You'll spend a lot of time whitelisting application that these rules would end up blocking. They cast a wide net. If your network is small enough and has a uniform set of systems, this may be a good approach though.