[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 510
  • Last Modified:

CryptoLocker Virus

There are some great tools available to help fight .exe's using group policy, according to ThirdTier (thank you) I followed their writeup which .exe's to block in GP to prevent CryptoLocker from taking over data, which are:

Path: %AppData%\*.exe
Path: %AppData%\*\*.exe
Path: %Temp%\Rar*\*.exe
Path: %Temp%\7z*\*.exe
Path: %Temp%\wz*\*.exe
Path: %Temp%\*.zip\*.exe

My question, I have allot of users using 3rd party apps, what is the best way to allow certain .exe's from executing without running risk of CryptoLocker or other .exe's that are hazardous.
0
WORKS2011
Asked:
WORKS2011
3 Solutions
 
Cliff GaliherCommented:
If you read all the stuff that comes with the Third Tier paper, the idea there is that it blocks all all executables in certain locations. Locations where executables wouldn't normally run anyways, such as from places where mail clients save attachments or web browsers store info.

Legitimate 3rd party programs usually install into the "program files" directory and in ciata/win7/win8, standard users don't have write access to this folder, so it is much more do it is to get socially engineered into launching fake code.

If you follow the third tier guidance, including not letting every user be an administrator, legit programs will work fine because they will exist in a path not listed above. This just blocks the "suspicious" locations where code would never normally run from.
0
 
Ram BalachandranCommented:
You can restrict access to application from execution using Software Restriction Policies
You select a path and deny access or select an application and much more

Have a look  - http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx
0
 
McKnifeCommented:
+1 for cgaliher. In addition: applocker offers logging. When blocking, it produces certain events in its own log. Since we can attach tasks to events (even deploy those tasks using group policy preferences), you can setup mails whenever anything is blocked. Not only interesting for cryptolocker awareness but more for applocker false-positives.
0
 
WORKS2011Austin Tech CompanyAuthor Commented:
Thank you for the great feedback, love EE!!! Specifically Spotify (yeah I know it's not business but I like to keep my clients happy) won't launch on several computers. I don't believe it installs itself in the Program Files folder rather it launches each time connects to the internet then closes out (uninstalls) after closing.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now