Trend last week, quietly released and update for WFBS 9.0 to help prevent infections from Cryptolocker and the other various ransomware
You can get the download from here http://files.trendmicro.com/products/wfbs/WFBS-90-SP1-WIN-EN-CriticalPatch-B2532.exe
Once you download and install this on your WFBS Console, it will pretty quickly deploy to the agents on each machine.
You need to configure via the WFBS console to enable these new features.
Firstly you need to ensure that you have behaviour monitoring enabled, and then below that you need to ensure that you enable the new Ransomware Protection features as highlighted below.
There’s two sections to the new addition. The first option works to intercept calls to encrypt the files during the encryption process. The second blocks execution of exe files in the common locations that the ransomeware writers put them. Ensure that you save your changes and allow time for the client to update.
Bill Leeman says
Thanks for posting this Wayne. Have you deployed it at your sites yet? If so, have you encountered any issues with the implementation of this? We have multiple sites with Trend and I’d like to roll this out, but just wanted to see if there were any “gotcha’s” I need to be aware of. Thanks!
Wayne Small says
Bill, sorry for not responding sooner. Yes – we’ve deployed this at a few sites. We’ve had to white list a few non compliant apps, but it’s working fine and has helped reduce infections