Steps to block creation of certain file extensions in OfficeScan

sunhux
sunhux used Ask the Experts™
on
I've seen an ex-colleague blocking file extensions from being created using a feature in McAfee
(can't recall the name).

Can someone provide the steps to do this in Trendmicro Officescan's management console?
What's this feature called in Officescan?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Purpose is to mitigate against ransomwares which we felt is quite effective
Top Expert 2016

Commented:
to be truly effective you'd have to block a lot of extensions (blacklist) or create a whitelist of extensions( shorter list)

Another method is to use how ransomware works against itself. Since ransomware tends to work alphabetically. So we create a honeypot and then block any file access that tries to rename or otherwise modify these files

https://blog.savagesec.com/minimizing-ransomware-risk-with-fsrm-847d70f6212b
Technical Designer
Commented:
For ransomware they have settings which you may like to enable, but make sure that you test before implementing. Below is the article from TrendMicro you may follow to accomplish the same.

https://success.trendmicro.com/solution/1111377-enabling-the-ransomware-protection-feature-in-officescan-osce

For denying creating some extension, this could be in Outbreak prevention, wherein you have to specify what files extensions are allowed to be modify, rest all would be blocked. See the article below for details:
http://docs.trendmicro.com/all/ent/officescan/v10.6/en-us/osce_10.6_sp3_olh/outbreaks_prevent_deny_write.html

Thanks,
Sudeep

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial