Endpoint Protection

 View Only

  • 1.  Application and Device Control policy for LOCKY and Cryptolocker

    Posted Jun 01, 2016 02:15 PM

    hi everyone,

     

    Good day

     

    can someone share a polciy for ADC for locky and cryptolocker, that i can export to my SEPM 12.1.6MP3. or some can share a step by step guide for ADC polci creation for locky and cryptolocaker ransomware.

     

    thanks



  • 2.  RE: Application and Device Control policy for LOCKY and Cryptolocker

    Posted Jun 01, 2016 02:20 PM

    Good ones here:

    https://www-secure.symantec.com/connect/articles/how-harden-cryptolocker-file-encoding-attempts-sepm-application-control

    https://www-secure.symantec.com/connect/articles/detecting-cryptolocker-activity-symantec-endpoint-protection

    https://www-secure.symantec.com/connect/articles/strengthening-anti-virus-security-prevent-ransom-ware-derivative-trojancryptolocker-family-

    and here:

    https://www-secure.symantec.com/connect/articles/ac-and-hi-policy-help-ransomware



  • 3.  RE: Application and Device Control policy for LOCKY and Cryptolocker

    Trusted Advisor
    Posted Jun 01, 2016 09:37 PM

    Hello,

    You may like to check this Thread with similar issue and solution - 

    Cryptolocker and ADC policies

    https://www-secure.symantec.com/connect/forums/cryptolocker-and-adc-policies

    Regards,



  • 4.  RE: Application and Device Control policy for LOCKY and Cryptolocker

    Posted Jun 02, 2016 02:30 AM

    One more policy from here

     

    https://www.symantec.com/connect/articles/first-response-cryptolocker-ransomcrypt-encryptor



  • 5.  RE: Application and Device Control policy for LOCKY and Cryptolocker

    Posted Jun 28, 2016 11:49 AM

    Hello xxx-SYMANTECuser,

    Just a note that ADC is a good extra line of defense, but not a guaranteed solution against ransomware.  Defense in depth, mail server security with well thought-out policies, use of all SEP components, user education, patched browsers and plugs, tests that your organization will be able to recovery from any manner of disaster.... that is the sure way to reduce the risk of business disruption.

    Hope this helps!

    Mick