How to manually create Software Restriction Policies to block TorrentLocker:
In order to manually create the Software Restriction Policies you need to be using Windows Professional or Windows Server. If you want to set these policies for a particular computer you can use the Local Security Policy Editor. If you wish to set these policies for the entire domain, then you need to use the Group Policy Editor. Unfortunately, if you are a Windows Home user, the Local Policy Editor is not available and you should use the CryptoPrevent tool instead to set these policies. To open the Local Security Policy editor, click on the Start button and type Local Security Policy and select the search result that appears. You can open the Group Policy Editor by typing Group Policy instead. In this guide we will use the Local Security Policy Editor in our examples.
Once you open the Local Security Policy Editor, you will see a screen similar to the one below.
If the Software Restriction Policies cause issues when trying to run legitimate applications, you should see this section on how to enable specific applications.
Below are a few Path Rules that are suggested you use to not only block the infections from running, but also to block attachments from being executed when opened in an e-mail client.
Block TorrentLocker executable in %AppData%
Path: %AppData%\*.exeBlock TorrentLocker executable in %LocalAppData%
Security Level: Disallowed
Description: Don't allow executables to run from %AppData%.
Path if using Windows XP: %UserProfile%\Local Settings\*.exeBlock Zbot executable in %AppData%
Path if using Windows Vista/7/8: %LocalAppData%\*.exe
Security Level: Disallowed
Description: Don't allow executables to run from %AppData%.
Path: %AppData%\*\*.exeBlock Zbot executable in %LocalAppData%
Security Level: Disallowed
Description: Don't allow executables to run from immediate subfolders of %AppData%.
Path if using Windows XP: %UserProfile%\Local Settings\*\*.exeBlock executables run from archive attachments opened with WinRAR:
Path if using Windows Vista/7/8: %LocalAppData%\*\*.exe
Security Level: Disallowed
Description: Don't allow executables to run from immediate subfolders of %AppData%.
Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exeBlock executables run from archive attachments opened with 7zip:
Path if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinRAR.
Path if using Windows XP: %UserProfile%\Local Settings\Temp\7z*\*.exeBlock executables run from archive attachments opened with WinZip:
Path if using Windows Vista/7/8: %LocalAppData%\Temp\7z*\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with 7zip.
Path if using Windows XP: %UserProfile%\Local Settings\Temp\wz*\*.exeBlock executables run from archive attachments opened using Windows built-in Zip support:
Path if using Windows Vista/7/8: %LocalAppData%\Temp\wz*\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened with WinZip.
Path if using Windows XP: %UserProfile%\Local Settings\Temp\*.zip\*.exe
Path if using Windows Vista/7/8: %LocalAppData%\Temp\*.zip\*.exe
Security Level: Disallowed
Description: Block executables run from archive attachments opened using Windows built-in Zip support.
You can see an event log entry and alert showing an executable being blocked:
How to allow specific applications to run when using Software Restriction Policies
If you use Software Restriction Policies, or CryptoPrevent, to block TorrentLocker you may find that some legitimate applications no longer run. This is because some companies mistakenly install their applications under a user's profile rather than in the Program Files folder where they belong. Due to this, the Software Restriction Policies will prevent those applications from running.
Thankfully, when Microsoft designed Software Restriction Policies they made it so a Path Rule that specifies a program is allowed to run overrides any path rules that may block it. Therefore, if a Software Restriction Policy is blocking a legitimate program, you will need to use the manual steps given above to add a Path Rule that allows the program to run. To do this you will need to create a Path Rule for a particular program's executable and set the Security Level to Unrestricted instead of Disallowed as shown in the image below.
Good Day I Am So Happy I Found Your Website, I
ตอบลบFound You By Mistake, While I Was Searching On Aol For
Something Else, Anyhow I Am Here Now And Would Just Like To Say Many Thanks For
A Remarkable Post And An All Round Entertaining Blog
I Don’t Have Time To Read It, All At The Moment But I Have BookMarked It
And Also Added In Your RSS Feeds, So When I Have Time I Will Be Back To Read More,
Please Do Keep Up The Fantastic Job. You can also check; err_internet_disconnected