Click an image to open the ESET Knowledgebase article for anti-ransomware best practices and additional product configurations:
Using the default Antispam rules, incoming emails are already being filtered on the mail server itself. This ensures that the attachment containing the malicious dropper will not be delivered in the mailbox of the end-user, and the ransomware is not able to execute. To further help prevent ransomware malware on your Microsoft Exchange server, create the following rules in the latest ESET Mail Security for Microsoft Exchange Server, or create and apply an ESET PROTECT Policy.
Click Enter multiple values and type the following file names, pressing Return or Enter on your keyboard after each one:
Click Add under Action type, and in the Type drop-down menu, select your preferred action. In this example, we have selected Quarantine message. Click OK → OK.
Select the check box next to Dangerous executable file attachments and click Edit.
Select the entry under Condition type and click Edit.
The following executable file attachments are processed—if your network environment requires the use of any of these file formats, you can modify which file formats are blocked. Most businesses may want to deselect the .exe and .msi file formats.
The ESET PROTECT Policy for ESET Mail Security for Microsoft Exchange Server with additional Antispam settings to protect against ransomware malware (file coder) can be downloaded and imported from the link below. The ESET PROTECT Policy is available only for the latest version of ESET products. Compatibility with earlier versions cannot be guaranteed.
Download the Additional Ransomware Protection ESET PROTECT Policy.
Open the ESET PROTECT or ESET PROTECT Cloud Web Console. In the ESET PROTECT Web Console main menu, click Policies.
The following is an example of the "Ransomware dropper" policy filtering a ransomware dropper, along with a corresponding mail quarantine report: