will EMET block Cryptolocker?


  1. thomas1004
    Posts : 12
    windows 7 professional x64
       New #1

    will EMET block Cryptolocker?


    hello to all,

    I'm running Windows 7 Professional x64, Service Pack 1
    I have a third-party AV installed: Webroot SecureAnywhere v8.0.4.42
    EMET is v4.0.4913.26122

    I have EMET running for IE, Firefox and Microsoft Outlook.

    Will EMET be able to block the Cryptolocker malware?

    Thanks for your thoughts.
    Regards, Tom
      My Computer
    Quote Quote

  3. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #2

    EMET - probably not.


    EMET is an anti exploit kit. That means it protects against zero-day attacks focused on internet-facing applications that have been correctly configured in EMET by the user where a vulnerability exists but is yet to be patched by the software manufacturer or where the user has not applied the latest available patch.

    EMET does not stop a user from clicking on the password protected email attachment that will run the executable.

    CryptoLocker: Please Kindly Find Our New PO - F-Secure Weblog : News from the Lab

    CryptoLocker in action (Video):

    https://www.youtube.com/watch?v=Gz2kmmsMpMI

    You'll notice that following user action (clicks on file) a random named executable file runs and can be seen in Task manager. EMET is unlikely to prevent this.

    Personally I use software that will prompt a user for action (or block) if a digitally unsigned file attempts to run or when a digitally signed file attempts to run without the signature existing in the Trusted Certificate list.
    Attached Thumbnails Attached Thumbnails will EMET block Cryptolocker?-application-whitelisting.jpg   will EMET block Cryptolocker?-application-whitelisting-2.jpg  
    Last edited by Callender; 04 Dec 2013 at 21:48. Reason: Correct typo's.
      My Computer
    Quote Quote

  4. thomas1004
    Posts : 12
    windows 7 professional x64
    Thread Starter
       New #3

    Thanks for the response Callender. I'm already taking weekly backups with an external hard drive (which I disengage from my laptop when completed). Webroot forums claim that CryptoLocker is blocked, but I'll explore other options from your reply and from other posts on this forum. Thanks again.
    Tom
      My Computer
    Quote Quote

  6. RickeyRose
    Posts : 2
    Windows 7 Ultimate x64
       New #4

    I do not think so, last time i heard a kapersky report said none of antivirus present can settle this virus. Only decent anti-virus could prevent this virus infection.
    Another tough virus
      My Computer
    Quote Quote

  7. HAVOC
    Posts : 1,442
    Windows 7 Professional 64bit
       New #5

    thomas1004 said:
    hello to all,

    I'm running Windows 7 Professional x64, Service Pack 1
    I have a third-party AV installed: Webroot SecureAnywhere v8.0.4.42
    EMET is v4.0.4913.26122
    You forgot "I have cloned my HDD and have all important files backed up on separate storage media (not connected to the computer/network)."
      My Computer
    Quote Quote

  8. thomas1004
    Posts : 12
    windows 7 professional x64
    Thread Starter
       New #6

    Thanks Havoc, I am taking weekly data backups as well as
    System image backups to an external hard drive. I disconnect
    The xHD when it's finished. The ability of this malware to seek out
    Attached devices and networks makes this particularly nasty.
      My Computer
    Quote Quote

 

  Related Discussions
Why doesn't MS issue a patch or update to prevent Cryptolocker? Couldn't they provide a permanent solution along the lines of CryptoPrevent? Is the latter utility safe? - and any good? Apologies if this is old hat, couldn't find thsi specific query anywhere.
Ping DG, ftp block/httpd block
in Network & Sharing

Hello Guys, I find this to be quite embarrassing, having an issue like this that I can't figure out. Here's what I can't do. 1. Ping DG (Default Gateway) 2. Ping my IP (96.46.29.108) 3. Can't access my router via remote, even though its setup to allow it.
Cryptolocker protection
in System Security

Hello Folks. My periodical 'Computer Active' is advising the installation of this prevention kit: CryptoPrevent | Computer Technician - PC Repair Software |Foolish IT LLC Does anyone have any comments to make on this course of action?
More - Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 11:16.
Find Us