I am working on my incident response plan and one part of that is to blacklist a file on all clients. How do I do that in F-Secure Policy Manager? Can I do that? I read some older posts (from 2015) that said it could not be done which seems strange. I guess one way is to upload to F-Secure via their "Submit a sample" but if we talk about a malware outbreak (or similar) within my company I pretty much count seconds and Submit-a-sample usually takes hours to blacklist.
Any suggestions? I am thinking about this the wrong way perhaps.
Any input appreciated.
Please check the new Application Control feature possibilities in latest Policy Manager/Client Security 14 version. It may fit your requirements.
Interesting! I will look into that in more detail. A question about that: have anyone any experience with enabling this rule? And with experience I mean mainly bad experience, i.e. blocking legitimate things. Otherwize this seems like a nice control to have in place for stopping all the malicious Office documents. Thanks!
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de
Yes, I understand but regarding "and MS has disabled this feature by default since then." that is way to easy for users to cirumvent so I need a block for that. No legitimate use for starting powershell from Officedocument in my environment as far as I know. Is there ever I wonder?