I was posting from my phone in a hurry, DYAC. Software Restriction, not proper pixies.
Susan, I haven't seen an executable run in any location that has been blocked by SRP. IF you have a very narrow whitelist, it helps a lot. On Fri, Jul 3, 2015 at 2:02 PM, Jonathan Link <[email protected]> wrote: > You can also use proper pixies to restrict where software can run. I've > blocked the user profile folder and added an exception for the desktop and > a couple of other places that I can't recall. Users have to move downloaded > apps to ther desktop to install. I haven't had a Cryptowall infection in 2 > years. > > On Friday, July 3, 2015, Susan Bradley <[email protected]> wrote: > >> It changes so fast that as soon as they do the bad guys code up >> something new. >> >> there's no silver bullet here. >> >> Silverlight/flash/java. Use it,patch it or lose it. >> >> Web filtering at the firewall. If your firewall doesn't provide web >> filtering/UTM options it's time to upgrade. Home users look at OpenDNS >> (yes even now that Cisco is buying them) >> >> Filter attachments/zips. >> >> Least priv/non admin. >> >> Block the app location (yes this impacts firefox and office installs) >> Google foolishit for non domain or cryptolocker group policy toolkit >> >> Education to your users that that email you got isn't a legit email. >> >> On 7/3/2015 10:09 AM, David McSpadden wrote: >> >> Quick, anyone know of a VirusScanning software that is catching >> CryptoWall 3.0 yet? >> >> >> >> >> >> *David McSpadden* >> >> Systems Administrator >> >> Indiana Members Credit Union >> >> P: 317.554.8190 | F: 317.554.8106 >> >> [image: Description: imcu email icon] <http://imcu.com/> [image: >> Description: facebook email icon] >> <https://www.facebook.com/IndianaMembersCU> [image: Description: >> twitter email icon] <https://twitter.com/IndMembersCU> >> >> >> >> [image: Description: email logo] >> >> [image: mcp2] >> >> >> >> This e-mail and any files transmitted with it are property of Indiana >> Members Credit Union, are confidential, and are intended solely for the use >> of the individual or entity to whom this e-mail is addressed. If you are >> not one of the named recipient(s) or otherwise have reason to believe that >> you have received this message in error, please notify the sender and >> delete this message immediately from your computer. Any other use, >> retention, dissemination, forwarding, printing, or copying of this email is >> strictly prohibited. >> >> Please consider the environment before printing this email. >> >> >>
