Jump to content

ESET's HIPS against CryptoLocker


Recommended Posts

  • ESET Insiders

Hi Team,

 

 

After several days (weeks?) of testing "ESET HIPS against CryptoLocker" I can confirm that I sure would recommend it, at least regarding the part that it does not interfere with legitimate applications.

 

This is the resulting page when "something" (an .EXE) tries to execute itself from %AppData%:

 

 

 

(see attached image 01)

     

 

 

So, HIPS will ask customer for action, and also an "automatic" exception rule can be added from within alert window (as this example for some Java's module):

 

 

(see attached image 02)

 

 

The original rule (named "CryptoLocker") looks like this:

 

 

 

(see attached image 03)

 

 

 

Rule asks me whenever an EXE tries to execute. At the start, I was not sure whether subfolders will be included in rule, but this proves they are.

The only "problem" is that I did not manage to create generic rule (using %AppData% variabla) – I had to enter full path.

 

So, from my point of view – I will give this rule a go :-)

 

 

Tomo

 

post-39-0-29502900-1389880244_thumb.jpg

post-39-0-07055000-1389880249_thumb.jpg

post-39-0-44483500-1389880254_thumb.jpg

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...