Jump to content

How to block .WSF extension


Axoft
 Share

Recommended Posts

Hi!

 

There's a new ransomware with .wsf extension, i have ERA 6 and ESET Bussiness deployed in 150 workstations, i need to block that file extension.

 

How can i achieve that?

 

Thanks in advance!

Link to comment
Share on other sites

  • Administrators

You can block attachments by extension on a mail server running ESET Mail Security. On clients you can disable Windows Script Host as per the instructions at https://technet.microsoft.com/en-us/library/ee198684.aspx or create a HIPS rule that will block execution of C:\Windows\System32\wscript.exe.

Link to comment
Share on other sites

  • ESET Staff

HIPS rule that will block execution of C:\Windows\System32\wscript.exe.

 

I would add also cscript.exe mostly located side-by-side with wscript.exe in multiple system locations (i.e. also in c:\Windows\SysWOW64\).

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...