Hi,
Thank you for posting in Symantec community.
Can you configure a gateway to block incoming .zip files and .scr extensions but exlude your domain. If feasible this can be a workaround to keep away virus attachments.
This can be a good example: http://www-10.lotus.com/ldd/nd6forum.nsf/e5f5333619f2996885256a220009508f/4e8051d45200d5c885256e4d006f0ada?OpenDocument
I think you can do through GPO as well.
Also, the key to dealing with crypto-type malware is prevention and planning. While it is assumed you have antivirus and IPS protection in place, the criminals using crypto-malware are constantly updating code to avoid detection by these systems. Since the damage these threats do is often irreversible, taking additional steps to protect yourself is advised.
Preventive Measures
- Do not follow unsolicited web links in email messages or submit any information to webpages in links.
- Use caution when opening email attachments.
- Keep operating systems and software, including anti-virus, up-to-date with the latest patches.
- Perform regular backups of all systems/data to avoid serious consequences should your system fall under attack.
Please do locate the file which cased the damage and submit it to Security Response for analysis. It will most likely be a .scr or .exe in %TEMP%. If you have opened any suspicious mail attachments lately, please submit that file. This will not help you recover your files, but it will prevent future admins from suffering the same grief.
Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions
If want to know how SEP handles email attachment, check this article:
About SEP Auto-Protect and email scanning
http://www.symantec.com/docs/TECH95093