Axoft 0 Posted July 14, 2016 Posted July 14, 2016 Hi! There's a new ransomware with .wsf extension, i have ERA 6 and ESET Bussiness deployed in 150 workstations, i need to block that file extension. How can i achieve that? Thanks in advance!
Administrators Marcos 5,468 Posted July 14, 2016 Administrators Posted July 14, 2016 You can block attachments by extension on a mail server running ESET Mail Security. On clients you can disable Windows Script Host as per the instructions at https://technet.microsoft.com/en-us/library/ee198684.aspx or create a HIPS rule that will block execution of C:\Windows\System32\wscript.exe.
ESET Staff MartinK 384 Posted July 14, 2016 ESET Staff Posted July 14, 2016 HIPS rule that will block execution of C:\Windows\System32\wscript.exe. I would add also cscript.exe mostly located side-by-side with wscript.exe in multiple system locations (i.e. also in c:\Windows\SysWOW64\).
Recommended Posts