Answer the question
In order to leave comments, you need to log in
How to add a rule to group policy?
In general, the question is, at work they caught a virus that encrypts all working files on your computer and the treatment is useless. They were infected because Received a zip file in the mail.
The question is how is it possible through group policies or what other options to prohibit the opening of zip or rar archives on the network.
Thanks in advance!
Answer the question
In order to leave comments, you need to log in
What does online mean?
Be specific about not downloading, or opening from the %temp% folder, or not opening from any folders at all.
If via HTTP, you can catch these requests on a firewall or router. Mail clients are configured separately (work with attachments).
Windows - You can change the association of a file extension with another program.
An enterprise-level antivirus can open and scan archives from mail if they do not have a password and are not split into parts.
the solution is worse than the problem, damn it.
The key to the real solution to the problem is mentioned in part in the previous answer: this is the prohibition of running applications that are not launched from "program files", "program files (x86)", "Windows"
Your virus, most likely (as in the case of my remote office) , this is a js script in the archive that downloads the files of the encryptor to a certain temporary folder and is not detected by the antivirus.
(I also write scripts on poweshell that download files and, sometimes, run them - it’s not all the same to detect such a completely harmless functionality). Accordingly, if the user does not have write permissions to windows, program files, then this virus will not be able to harm.
I also had such a problem, I solved it by deploying squid on centos in conjunction with sams and through it I already blocked zip exe rar for users
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question