How do I blacklist a file (any type of file) in F-Secure Client Security Premium

Scholar

How do I blacklist a file (any type of file) in F-Secure Client Security Premium

Hi.

 

I am working on my incident response plan and one part of that is to blacklist a file on all clients. How do I do that in F-Secure Policy  Manager? Can I do that? I read some older posts (from 2015) that said it could not be done which seems strange. I guess one way is to upload to F-Secure via their "Submit a sample" but if we talk about a malware outbreak (or similar) within my company I pretty much count seconds and Submit-a-sample usually takes hours to blacklist. 

 

Any suggestions? I am thinking about this the wrong way perhaps. 

Any input appreciated. 

Thanks,

JW

4 REPLIES 4
F-Secure
F-Secure

Re: How do I blacklist a file (any type of file) in F-Secure Client Security Premium

Hello JohnWick,

 

Please check the new Application Control feature possibilities in latest Policy Manager/Client Security 14 version. It may fit your requirements.

 

Best regards,

Vad

Scholar

Re: How do I blacklist a file (any type of file) in F-Secure Client Security Premium

Interesting! I will look into that in more detail. A question about that: have anyone any experience with enabling this rule? And with experience I mean mainly bad experience, i.e. blocking legitimate things. Otherwize this seems like a nice control to have in place for stopping all the malicious Office documents. Thanks!

 

fdsa.PNG

Superuser

Re: How do I blacklist a file (any type of file) in F-Secure Client Security Premium

"is it blocking legitimate things" is the wrong understanding of the module. It is simply disabling the "feature" to start a powershell script from Office. There is no "good" or "bad" evaluation.

IMHO it was a very bad idea to give Office the power to create and launch scripts, and MS has disabled this feature by default since then. Even macros are no longer enabled by default. There are better ways to organize a workflow then to use a Word-document.

So, if you think that starting a powershell script from office is a good idea and you want to use it, then "yes, it will be blocking legitimate things"

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: How do I blacklist a file (any type of file) in F-Secure Client Security Premium

Yes, I understand but regarding "and MS has disabled this feature by default since then." that is way to easy for users to cirumvent so I need a block for that. No legitimate use for starting powershell from Officedocument in my environment as far as I know. Is there ever I wonder?

 

/JW