Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoPrevent vs Cryptolocker - few SRP questions


  • Please log in to reply
3 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:18 AM

Posted 13 February 2014 - 09:28 PM

I read Grinler's masterpiece
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
I tried understanding a bit about SRP from M$ links, don't understand most of it, added few rules which work, as do the exlusions.

But all this education makes me ask about things such as:
1. if a firewall always asks or just blocks by default any new .exe or any changed .exe if I'm not watching, is CryptoPrevent really needed?
2. in XP-Pro, using gpedit.msc, under SRP, we're supposed to block .exe in the two main locations mentioned. What about .bat or .vbs or .vbe, .js, and other such files that can execute?
3. what about other locations where this scumware might push its .exe into?
4. if there is more than one user, need to repeat all rules for every user?
5. XP-home has no gpedit.msc, so how can people make manual rules and/or where CryptoPrevent would put the settings?

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 AM

Posted 21 February 2014 - 08:01 AM


CryptoPrevent can be used to lock down any Windows OS to prevent infection by the Cryptolocker ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. This allows it to stop other malicious files in addition to Crypotolocker. You can also use Command Line Parameters and manually whitelist individual items or automatically whitelist all .exe files currently found in the locations that would be blocked. The changes can be reversed by re-running the tool and selecting Undo, then rebooting. The free version of CryptoPrevent permits manually checking for updates. CryptoPrevent Premium (a one-time charge) keeps CryptoPrevent up-to-date automatically with free updates for life and can be used on all your home computers. CryptoPrevent's home page explains the User Interface, Prevention Methodology, Whitelisting, Scripting and includes a section on Questions and Answers.

You may also want to check out HitmanPro.Alert with CryptoGuard. There is an entire topic devoted to HitmanPro.Alert with CryptoGuard with questions any answers by an Authorized SurfRight Rep.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:18 AM

Posted 23 February 2014 - 12:30 AM

Thank you. I will follow up in their QandA.

I'm not sure I can do it correctly manually, so may have to get that program. It's just that I so hate piling up too much security while what I have seems good, that I thought a thorough investigation up front is in order :)



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 AM

Posted 23 February 2014 - 08:32 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users