You are here: Blog Block Cryptolocker on Exchange 2013

Block Cryptolocker on Exchange 2013

-log into your EXCHANGE ADMIN CENTER (EAC) with an Admin account.
-click on the Admin in the upper right hand corner.
-select Exchange.
-go to Mail Flow on the left.
-make sure you are on Rules.
-click the + (to Create New Rule).
-name it Block EXE.
-in the Apply this rule if... drop down select Any attachment's content includes...
-click the Enter words...
-type EXE
-hit the + (you should not see EXE where the Enter words... was).
-(if you want to add other extensions like BAT, MSI, CMD and so on, you can just click in that same spot).
-in the Do the following... drop down selected Reject the message with the explanation...
-type in: Executable content not allowed. 
-leave the Audit this rule with severity level: checked drop down as is (Not specified).
-choose a mode for this rule: radio button should be on Enforce.
-now hit Save

Now add a second rule. This time when setting up the rule in mail flow, you need to:

-click on 'more options' (at the bottom of the rule).
-go back to 'apply this rule if' (at the top)
-select 'any attachment' then 'has executable content'.

Maybe I'll add a video here. Contact me if you really want one.

Contact Dak Networks

Please contact us at the following.