alonig1
asked on
Crypto Locker
What do I need to get for an office environment to keep in clean from viruses such as Crypto locker and other malware that encrypts the files.
So even if a workstation receives an email an try's to open it , it won't let him.
I firewall with filtering, this office has an AV installed on the server and on the client and still all of the computer got infected.
So even if a workstation receives an email an try's to open it , it won't let him.
I firewall with filtering, this office has an AV installed on the server and on the client and still all of the computer got infected.
ASKER
So those firewalls with AV that filters every packet won't help?
They help a lot. Might filter 99% of the nasties out.
Until malicious software has been discovered, sent to the AV provider, analysed, and new patterns created and distributed, it cannot be detected. This might take a week or more.
Until malicious software has been discovered, sent to the AV provider, analysed, and new patterns created and distributed, it cannot be detected. This might take a week or more.
ASKER
There is no 100% but 99% is sure something that can help.
Which product would you recommend ?
Which product would you recommend ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If cryptolocker has taught us one thing, then it is that relying on AV can cause a lot of trouble.
Look at the concept of application whitelisting as in Applocker https://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx or its predecessor, Software restriction policies https://technet.microsoft.com/en-us/library/hh831534.aspx
In short: only what you put on a list will run. Nothing else, no virus, network wide.
Look at the concept of application whitelisting as in Applocker https://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx or its predecessor, Software restriction policies https://technet.microsoft.com/en-us/library/hh831534.aspx
In short: only what you put on a list will run. Nothing else, no virus, network wide.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You still need backups, so in the event of an attack, a restore can be done.