|
10-29-2013, 07:41 PM | #1901 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
More stuff to block with software restriction policies to prevent CryptoLocker:
http://www.computerworld.com/s/artic...5&pageNumber=2 XP clients: Path Security Level Suggested Description %AppData%\*.exe Disallowed Prevent Cryptolocker executable from running in AppData* %AppData%\*\*.exe Disallowed Prevent virus payloads from executing in subfolders of AppData %UserProfile%\Local Settings\Temp\Rar*\*.exe Disallowed Prevent un-WinRARed executables in email attachments from running in the user space %UserProfile%\Local Settings\Temp\7z*\*.exe Disallowed Prevent un-7Ziped executables in email attachments from running in the user space %UserProfile%\Local Settings\Temp\wz*\*.exe Disallowed Prevent un-WinZIPed executables in email attachments from running in the user space %UserProfile%\Local Settings\Temp\*.zip\*.exe Disallowed Prevent unarchived executables in email attachments from running in the user space Vista and newer clients: Path Security Level Suggested Description %AppData%\*.exe Disallowed Prevent Cryptolocker executable from running in AppData* %AppData%\*\*.exe Disallowed Prevent virus payloads from executing in subfolders of AppData %LocalAppData%\Temp\Rar*\*.exe Disallowed Prevent un-WinRARed executables in email attachments from running in the user space %LocalAppData%\Temp\7z*\*.exe Disallowed Prevent un-7Ziped executables in email attachments from running in the user space %LocalAppData%\Temp\wz*\*.exe Disallowed Prevent un-WinZIPed executables in email attachments from running in the user space %LocalAppData%\Temp\*.zip\*.exe ---------- Post added at 02:41 PM ---------- Previous post was at 02:32 PM ---------- While we're at it, how about software restriction policies for other stuff? Years ago I put a bunch into an identical function in Sophos Enterprise Console. Conduit, for example...
__________________
|
10-29-2013, 07:55 PM | #1902 |
♪♫Boogie Woogie King♫♪
Join Date: Feb 2009
Location: Jurrjah
Posts: 12,568
|
What are y'all doing about XP being end of life come April?
__________________
|
10-29-2013, 08:16 PM | #1903 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
I'm not doing shit since I'm a server guy but the techs have already made lists of machines in their various departments. Then they work with the departments to decide which to retire, which to replace, which are worth upgrading.
Is a mess lol
__________________
|
10-29-2013, 08:24 PM | #1904 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
More CryptoLocker SRPs:
http://www.bleepingcomputer.com/viru...re-information I'm not worried about XP EOL. XP machines aren't going to suddenly quit. Threats will still need to get past the same defenses we already have before they get a chance to take advantage of a new flaw that remains unpatched.
__________________
|
10-29-2013, 10:28 PM | #1905 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
Well the main IT peeps here block them on the network a little while after EOL since they will no longer be patched (unless you pay MS I think lol fts)
__________________
|
10-30-2013, 07:00 AM | #1906 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
__________________
|
10-30-2013, 11:35 AM | #1907 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
__________________
|
10-30-2013, 02:06 PM | #1908 |
♪♫Boogie Woogie King♫♪
Join Date: Feb 2009
Location: Jurrjah
Posts: 12,568
|
I think we're going to pay the yearly subscription fee to MS that allows us to upgrade any box to W7 or 8, and also any new Server OS's that come out.
I think its 1500/yr or so for W7/8, Server, Office, Microsoft Forefront and for addt'l $$$ can have Exchange.
__________________
|
10-30-2013, 03:58 PM | #1909 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
So, my software restriction policies may be insufficient. This just ran:
AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9S91UFMI\JavaSetup7u45[1].exe It wasn't unexpected that it would try to run; I told IE to download and run it. I did expect it to fail, but I see the folder is deeper than the path wildcards I used. Has CryptoLocker been run from a browser like that, or from any other deeper path in AppData?
__________________
|
10-30-2013, 04:00 PM | #1910 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
Not sure, I thought the appdataa\*\* would cover allthepaths. I guess not
__________________
|
10-30-2013, 04:09 PM | #1911 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
That particular path would need AppData\*\*\*\*\*\*\*\*.exe, and there'd need to be a different level for Firefox, another for Chrome...not worried aboot Opera, I'm probably the only Opera user here.
__________________
|
10-30-2013, 04:56 PM | #1912 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
put -r in there so it's recursive
like opening cmd and typing ls
__________________
|
10-30-2013, 05:37 PM | #1913 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
ls works fine for me when I open a cmd prompt. My path includes CygWin.
__________________
|
10-30-2013, 05:44 PM | #1914 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
i haz cygwin at home
but when I go to a random person's machine and open cmd to do something I end up typing ls or the wrong \ at least once
__________________
|
10-30-2013, 06:02 PM | #1915 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
For some years I was network-pushing CygWin in the default domain policy so we could ssh in.
So, just now I had to leave my lunch on my desk and go fix a problem. Problem I expected was projector not set to computer input. Problem I found was some jerk unplugged the VGA cable from the computer.
__________________
|
10-30-2013, 06:07 PM | #1916 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
__________________
|
11-07-2013, 11:46 PM | #1917 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
__________________
|
11-08-2013, 01:59 AM | #1918 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
__________________
|
11-09-2013, 02:19 PM | #1919 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
__________________
|
11-13-2013, 04:43 PM | #1921 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
Could be worse.
I just got emailed some screenshots. Were they pasted in the email? No. Were they attached to the email? No. They were pasted in a spreadsheet file that was attached to the email.
__________________
|
11-13-2013, 04:48 PM | #1922 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
I get that all the time... they always paste them into an excel or Word file. It's ratard.
__________________
|
11-13-2013, 04:56 PM | #1923 |
Bovinus Administratus
Join Date: Feb 2009
Location: Greener pastures
Posts: 32,377
|
I get Word all the time. I've become numb to that. Excel, though....not so much.
__________________
|
11-13-2013, 04:58 PM | #1924 |
Join Date: Feb 2009
Location: Hoenn
Posts: 85,082
|
rofl yeah the excel ones are definitely more rare (and annoying)
__________________
|
11-13-2013, 06:20 PM | #1925 | |
C-E-Z★ bitch
|
Who the fuck thinks of pasting pics in excel
__________________
Quote:
|
|
Bookmarks |
Tags |
big floppy donkey dick, chance is gay, i play mw2 on pc, information technology, it sekz, iz no it gai, nerds |
Currently Active Users Viewing This Thread: 13 (0 members and 13 guests) | |
|
|