F-secure Policy Manager : Can I block a specific executable based on filename

Hello all,

 

Im struggling to block a specific executable named Emotiplus_skype.exe

This tiny thing replicates via Skype via all contacts, and installs a browser search engine hijacker. In addition to providing very nice smileys in skype :)

 

I am struggling to find how to block it FSPM wise. I have options to include extensions, exclude extensions, exclude files and folders based on path and filenames.... but I can't find any option to block a specific file based on filename (neither in manual, real time, or deepguard scanning options).

 

Anyone got a clue ?

 

In the meantime, I sent the file to the lab for analisys, just in case.

Accepted Answer

Comments

  • etomcatetomcat Posts: 1,319 Superuser

    Hello,

     

    I think SHA1 checksum banning works via Deepguard and the NIF module in FSAVCS. But of course if the file changes often, that won't help for long.

     

    Yours Sincerely: Tamas Feher, Hungary.

    niepce
  • niepceniepce Posts: 20
    Thanks Tamas I've been able to make in untrusted in Deepguard using the sha1 hash. Until the next one !
This discussion has been closed.