Avoid CryptoLocker






 

 

Using CryptoPrevent by FoolishIT.com – Nick Shaw
How To Avoid the Cryptolocker Ransomware Manually
You need to be logged in as an administrator to open the Local Security Policy Editor.
The Local Security Policy will only be available in the Professional, Ultimate, and Enterprise editions of Windows 7.
The Local Security Policy is only available in the Pro and Enterprise editions of In Windows RT, 8, and 8.1.
So, what can we do to try and help prevent this from happening when we accidentally click on one of their malicious links:
Click on the Start button
Click on Control Panel
Click on Administrative Tools
Click on Local Security Policy
Right click on Software Restriction Policies in the list and click Add New
You will now see Additional Rules underneath Software Restriction Policies
Right click on Additional Rules and click on New Path Rule
Enter the following information:
Path: %AppData%\*.exe      
Security Level:   Disallowed    
Description: Don’t allow executables from AppData
Click Ok
Now do a second one for the sub-folders: (Right click on Additional Rules and click New Path Rule
Path: %AppData%\*\*.exe    
Security Level: Disallowed    
Description: Don’t allow executables from AppData
Click OK
Do the same thing for the following:  (Right click on Additional Rules and click New Path Rule
Path: %Temp%\Rar*\*.exe    
Security Level: Disallowed    
Description: Block executables run from archive attachments opened with WinRAR.Path: %Temp%\7z*\*.exe    
Security Level: Disallowed    
Description: Block executables run from archive attachments opened with 7zip.Path: %Temp%\wz*\*.exe    
Security Level: Disallowed    
Description: Block executables run from archive attachments opened with WinZip.Path: %Temp%\*.zip\*.exe
Security Level: Disallowed Description: Block executables run from archive attachments opened using Windows built-in Zip support.
You must RESTART your computer for these to take effect.
A disclaimer: This is not a 100% guarantee that this will prevent Cryptolocker from infecting your machine.
This should however cut the possibility a great deal. Who is to say what the attackers may try next.
GeGeek

admin

Owner and Creator of GeGeek

Leave a Reply

Your email address will not be published. Required fields are marked *