search

nexxai / CryptoBlocker

A script to deploy File Server Resource Manager and associated scripts to block infected users
GNU General Public License v2.0
200 stars 73 forks source link

[Question] What is blocking this file? #29

Closed mx8s closed 6 years ago

mx8s commented 6 years ago

Hi,

Every now and then, CryptoBlocker is blocking some files which belong to our legimate Deltacopy backup process. An example is this: User NT AUTHORITY\SYSTEM attempted to save Q:\xxxx\xxxx\xxxx\xxxx\xxxx\.354.index.423.nDDEXx to Q:\ on the xxxx server. This file is in the "CryptoBlockerGroup1" file group, which is not permitted on the server. What exactly is causing CryptoBlocker to block this? Because unless I'm overlooking something, I couldn't find any part of .354.index.423.nDDEXx in the block list (unless it does partial matches?).

Rooven-tech commented 6 years ago

It is .exx that is blocking it

mx8s commented 6 years ago

Ah ofcourse. Thanks! ;)