Hi Team,
We have an application and device control policy in place to block *.Zepto, *.Crypto, *.Cerber.
We have tested the policy manually by trying to create a file with the mentioned extensions. Symantec AV client is killing the process as its recognizing the file extensions that should not be allowed to execute.
However, this is not working in real scenario. We had Ransomware infections eventhough this policy is active on the machines. Ransomware is abl to change the file extensions to *.Zepto, *.Crypto, *.Cerber.
I suspect the application policy is not effectively working when the actual attack happens. It is somehow bypassing Symantec AV application policy and changing the file extensions after encrypting.
Would request the development team to work on the product design and help in tackling ransomware attacks.
Thanks and regards
Srihari Avula