F-secure Policy Manager : Can I block a specific executable based on filename

niepce

Hello all,

 

Im struggling to block a specific executable named Emotiplus_skype.exe

This tiny thing replicates via Skype via all contacts, and installs a browser search engine hijacker. In addition to providing very nice smileys in skype

 

I am struggling to find how to block it FSPM wise. I have options to include extensions, exclude extensions, exclude files and folders based on path and filenames.... but I can't find any option to block a specific file based on filename (neither in manual, real time, or deepguard scanning options).

 

Anyone got a clue ?

 

In the meantime, I sent the file to the lab for analisys, just in case.

Vad

Hello niepce,

 

Unfortunately, we don't have such possibility in current versions.

 

Best regards,

Vad

etomcat

Hello,

 

I think SHA1 checksum banning works via Deepguard and the NIF module in FSAVCS. But of course if the file changes often, that won't help for long.

 

Yours Sincerely: Tamas Feher, Hungary.

niepce

Thanks Tamas I've been able to make in untrusted in Deepguard using the sha1 hash. Until the next one !