search

nexxai / CryptoBlocker

A script to deploy File Server Resource Manager and associated scripts to block infected users
GNU General Public License v2.0
200 stars 73 forks source link

Reducing the amount of blocks of unique email addresses #86

Open Rooven-tech opened 4 years ago

Rooven-tech commented 4 years ago

I seen many new filters added for *.id-blah.[blah.blah@emaildomain.com].blah can we create a master code such as '.id-.[@].' and '.id[-].[@].*'.

SparkyzCodez commented 4 years ago

Take a look at my new PowerShell script to manage your FSRM file screens. More to your issue, I also use an extended JSON file that holds regex for substring and whole string matches. Use my Python script with the optimization flag to apply them. That's how I summarize all those nearly the same file specs. After summarization I usually shave about 300 to 400 file specs out of my filter list without losing any protection. I also have a Python script that reads that JSON file and searches all your drives for matching files. That way you can make allowances for false poz matches. I hope you'll take a look and get involved. https://github.com/SparkyzCodez/FSRM-Anti-ransomware