techworksincPhadley, do you have the service name for Windows Defender? I tried adding 'MSASCUI' but I'm still getting thousands of false positives from the Protection Violation E-mails when Defender is running it's scans. What's odd is that although the file doesnt exist it says it blocked in C:\Users\AppData\xxx.exe or whatever the filen name and path are... Why does it think they are there when they don't even exist?
techworksincAlso, I have been futzing around with attempting to block the spyware/viruses that are randomly generated. Most notably, I have found that one is always XXXXtssd.exe where the XXXX is random and the 'tssd' is always at the end. Does anyone know of a way to block this because this is the only virus/spyware to get through lately and I have no feasible way to block it and it's a rought one. Taking over hosts, proxy settings, system32 entries...the workds. Any help would be greatly appreciated.
PhadleyThe ones that are worse are the {randomnumber}.exe, we still get clients that get them no matter how much we educate them, and are interested in anyway to block them.
PhadleyWe just received an infection that uses %temp% as its path. Will app blocker utilize Windows variables? It seems that this one is installing at %temp%\gpresult.exe