Does anyone have a suggestion for a file monitoring program or a group policy that would identify when Cryptowall or Cryptolocker (or any of the new variants) is encrypting files on a network drive and actively block that PC from writing to the server? Based on my research it is almost impossible to stop cryptowall/locker if a user activates it but there has to be a way to minimize the damage on the network drives. I have had 2 clients infected with cryptowall/locker this week and no one seems to have a good solution for preventing it. I have implemented software restriction policies but that will be marginally effective at best since I can't restrict all executables in the appdata folder. One person recommended locking down the outbound ports on the firewall but both of the networks that were infected already had the firewall locked down to the minimum required outbound ports. Any help would be appreciated.