PDA

View Full Version : CryptoPrevent vs Cryptolocker - few SRP questions



JuniorKingston
08-01-2015,
I read Grinler's masterpiece
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
I tried understanding a bit about SRP from M$ links, don't understand most of it, added few rules which work, as do the exlusions.

But all this education makes me ask about things such as:
1. if a firewall always asks or just blocks by default any new .exe or any changed .exe if I'm not watching, is CryptoPrevent really needed?
2. in XP-Pro, using gpedit.msc, under SRP, we're supposed to block .exe in the two main locations mentioned. What about .bat or .vbs or .vbe, .js, and other such files that can execute?
3. what about other locations where this scumware might push its .exe into?
4. if there is more than one user, need to repeat all rules for every user?
5. XP-home has no gpedit.msc, so how can people make manual rules and/or where CryptoPrevent would put the settings?

JustinShell
08-03-2015,
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) can be used to lock down any Windows OS to prevent infection by the Cryptolocker ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. This allows it to stop other malicious files in addition to Crypotolocker. You can also use Command Line Parameters and manually whitelist individual items or automatically whitelist all .exe files currently found in the locations that would be blocked. The changes can be reversed by re-running the tool and selecting Undo, then rebooting. The free version of CryptoPrevent permits manually checking for updates. CryptoPrevent Premium (a one-time charge) keeps CryptoPrevent up-to-date automatically with free updates for life and can be used on all your home computers. CryptoPrevent's home page explains the User Interface, Prevention Methodology, Whitelisting, Scripting and includes a section on Questions and Answers.

jtubbs13791
08-04-2015,
Thank you. I will follow up in their QandA.
I'm not sure I can do it correctly manually, so may have to get that program. It's just that I so hate piling up too much security while what I have seems good, that I thought a thorough investigation up front is in order http://www.bleepingcomputer.com/forums/public/style_emoticons/default/smile.png

kemalturgay
08-06-2015,
You're welcome.