mrmut
asked on
Locking down email client
Client recently had Cryptolocker breach. The delivery was the usual path, attachment -> word macro -> shell script -> trojan -> cryptolocker -> crap.
So, they asked me to lock some email clients on POS machines.
How to do it? And what to do?
To just disable attachments?
What do you do?
Thanks
So, they asked me to lock some email clients on POS machines.
How to do it? And what to do?
To just disable attachments?
What do you do?
Thanks
ASKER
Thanks.
I would like to lock out Thunderbird.
Here are answers to your Qs:
Which mail server do your clients connect to?
SSL servers
Does your ISP offer email scanning?
Yes, and compromised emails are deleted automatically. However, that is not enough, as sometimes Viruses pass.
Have you looked at enterprise email handling which allows both scanning and flexibility about what can be downloaded?
Unfortunately, too expensive.
Do the clients machines have appropriate malware/virus scanner?
Yes. BitDefender Endpoint Protection, cloud based. It is a solid solution.
However, we got a CryptoLocker breach with all of the protection we utilize.
I would like to lock out Thunderbird.
Here are answers to your Qs:
Which mail server do your clients connect to?
SSL servers
Does your ISP offer email scanning?
Yes, and compromised emails are deleted automatically. However, that is not enough, as sometimes Viruses pass.
Have you looked at enterprise email handling which allows both scanning and flexibility about what can be downloaded?
Unfortunately, too expensive.
Do the clients machines have appropriate malware/virus scanner?
Yes. BitDefender Endpoint Protection, cloud based. It is a solid solution.
However, we got a CryptoLocker breach with all of the protection we utilize.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
use this MX record level spam filtering https://www.openprovider.co.uk/spam-filter/ it is not expensive & very effecctive
SEP with the correct settings, IPX, SONAR, etc will do it and Malwarebytes Anti-Ransomware (MBARW) although still in Beta, is a proven solution.
You amy also want to look at create a local or group policy that prevents programs from executing from the %appdata% folder. This is a bit of a pita, as some OutLook plugins, and GoToMeeting run from there, but it can be a useful weapon in this battle.
Cryptoprevent from FoolishIT does much of this for you. Just check what it is doing.
Check my two articles and btan's article about ransomware.
https://www.experts-exchange.com/articles/20879/Ransomware-is-rampant-don't-be-caught-out.html
https://www.experts-exchange.com/articles/18086/Ransomware-Prevention-is-the-only-solution.html
https://www.experts-exchange.com//articles/21199/Ransomware-Beware.html
Check my two articles and btan's article about ransomware.
https://www.experts-exchange.com/articles/20879/Ransomware-is-rampant-don't-be-caught-out.html
https://www.experts-exchange.com/articles/18086/Ransomware-Prevention-is-the-only-solution.html
https://www.experts-exchange.com//articles/21199/Ransomware-Beware.html
addictive tips
Which mail server do your clients connect to?
Does your ISP offer email scanning?
Have you looked at enterprise email handling which allows both scanning and flexibility about what can be downloaded?
Do the clients machines have appropriate malware/virus scanner?