ESET Insiders PodrskaNORT 17 Posted January 16, 2014 ESET Insiders Share Posted January 16, 2014 Hi Team, After several days (weeks?) of testing "ESET HIPS against CryptoLocker" I can confirm that I sure would recommend it, at least regarding the part that it does not interfere with legitimate applications. This is the resulting page when "something" (an .EXE) tries to execute itself from %AppData%: (see attached image 01) So, HIPS will ask customer for action, and also an "automatic" exception rule can be added from within alert window (as this example for some Java's module): (see attached image 02) The original rule (named "CryptoLocker") looks like this: (see attached image 03) Rule asks me whenever an EXE tries to execute. At the start, I was not sure whether subfolders will be included in rule, but this proves they are. The only "problem" is that I did not manage to create generic rule (using %AppData% variabla) – I had to enter full path. So, from my point of view – I will give this rule a go :-) Tomo Link to comment Share on other sites More sharing options...
Recommended Posts