Axoft 0 Posted July 14, 2016 Share Posted July 14, 2016 Hi! There's a new ransomware with .wsf extension, i have ERA 6 and ESET Bussiness deployed in 150 workstations, i need to block that file extension. How can i achieve that? Thanks in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted July 14, 2016 Administrators Share Posted July 14, 2016 You can block attachments by extension on a mail server running ESET Mail Security. On clients you can disable Windows Script Host as per the instructions at https://technet.microsoft.com/en-us/library/ee198684.aspx or create a HIPS rule that will block execution of C:\Windows\System32\wscript.exe. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted July 14, 2016 ESET Staff Share Posted July 14, 2016 HIPS rule that will block execution of C:\Windows\System32\wscript.exe. I would add also cscript.exe mostly located side-by-side with wscript.exe in multiple system locations (i.e. also in c:\Windows\SysWOW64\). Link to comment Share on other sites More sharing options...
Recommended Posts