I have both AVG and Malwarebytes on all our workstations but today one user got hit with "TROJAN CRYPTO" and now her files are encrypted and unuseable. Has anyone had this problem? Anyone have a solution?
AVG and malware bytes are both good products and stop the majority of "bad" things finding you. but it doesn't stop the users from finding and clicking things themselves, and as you are probably aware new variants come out everyday which are undetectable on day 0!
You can try the link below to help you, this contains some information that will help guide you create something personalised to your specifications
In my experience they like to come through email and office macro's. We have taken steps to disable macro's in office and a few other things in email. Certainly isn't 100% but nothing is.
What you need is an extended protection that more or less block all applications first and white list them after they are verified. McAfee use something called Extended protection and Panda have AD360. They work in a similar way. By using a protection like this you are actually blocking most of the unknown malware that is started....
I would recommend Webroot. They made a Kaseya module. Easy to deploy and remove without rebooting the machine. Has an own web console for none Kaseya clients, does not stress out the machine and most of all we have hardly any ransomware anymore (no AV is 100%).
I'm using it now in full for a year and i'm very happy and can sleep much beter nowadays.
And yes i'm have experienced the AV stress from the past (don't mention names) and no i'm not a sales guy from Webroot.
Webroot,Mcafee,AVG...Junk all of them...Been using ESET for years. Catches current variants of crypto every time. ERAC makes managing ESET a breeze. People gripe about version 6 but it's not bad at all.
Try KAV. It's awesome. :-)
the combo of KAV and KAM has been flawless for us so far. Minus the random issues of kav modules =)
I was being sarcastic! KAV has been a nightmare and there's another KAV update coming out shortly for Windows 10 Redstone 2 which will add to the fun!
Everybody has their preferences, but it's really knowing a product, learning it's ups and downs where you can make a difference. AV brand A, B and C can all do their job if you know what to do and how to set it up.
Cryptolockers will allways be a challenge, because they keep changing and adapting. If your favorite AV thinks of a neat way to block some miserable software today, chances are tomorrow the miserable software boys and girls will think of a smart way to work around it (making you miserable as well).
Just because I continue to see people reference this post... One of the products I recommend to other IT admins is Cylance. It's not definition based so you're not waiting for it to play catch up with trends. Also, a good web filter and email filter service will scrub a LOT... like %90 something percent of attacks. At the end of the day, just make sure you have a good backup solution (The new Cloud Backup feature makes this fairly easy now)