What rules would you like to be added?

On October 29, 2013, in Security, by


Amy blogged about some updates to the CryptoLocker tool kit.  I’ll be adding some some additional exemptions and rules as well based on some of the stuff I’ve seen posted on the web, but is there any specific items you’d like added to the list?

Up next in the SMBKitchen docs will be an article on application whitelisting as well as one on how to manage “updates” using Office 2013 click to run.


4 Responses to What rules would you like to be added?

  1. Hugh O'Donnell says:

    I had to add the following for FoxIt Reader’s Updater:
    %localAppData%\temp\foxit reader updater.exe

    I tried %localAppData%\*\foxit reader updater.exe… but that didn’t work.

  2. John Murdoch says:

    Hi Susan

    The Java updater runs from %localappdata%\temp and of course the filename for the executable changes with each incremental update.

    I suspect that adding a rule for
    should cover for future updates, but won’t be able to confirm until the next Java update comes out (so probably won’t have to wait too long!)


  3. bradley says:

    Others have tried a wildcard, it won’t work on exceptions. You have to specifically list the version number. ๐Ÿ™

  4. John Murdoch says:

    Yet another reason to add to the list of why we all hate Java! ๐Ÿ™‚