1. Open the ESET PROTECT or ESET PROTECT Cloud Web Console. In the Quick Links drop-down menu, click Create New Policy….

   If you are using ESET Mail Security for Microsoft Exchange Server without remote management, open the main program window of your ESET Windows product and press the F5 key to access Advanced setup. Proceed to step 3.

2. Click Settings and in the Select product… drop-down menu, select ‪ESET Mail Security for Microsoft Exchange (V6+)‬.

3. Click Server → Rules. Under Mail Transport Protection, click Edit next to Rules.

4. Click Add to create a rule to quarantine common ransomware droppers.

5. Type Ransomware droppers into the Name field.
6. Under the Condition type section, click Add.

7. From the Type drop-down menu, select Attachment name and click Add.

8. Click Enter multiple values and type the following file names, pressing Return or Enter on your keyboard after each one:
   • *.js
   • *.hta
   • *.doc
   • *.docm
   • *.xls
   • *.xlsm
   • *.ppt
   • *.pptm
   • *.vbs
   • *.bat
   • *.wsf
   • *.7z
   • *.zip
   • *.rar

9. Click OK → OK.
10. Click Add under Action type, and in the Type drop-down menu, select your preferred action. In this example, we have selected Quarantine message. Click OK → OK.

11. Select the check box next to Dangerous executable file attachments and click Edit.

12. Select the entry under Condition type and click Edit.

13. Click the plus icon  to expand Executable files, select the check box next to each file type you want to allow in your system environment (selecting the check box will deselect the item from being deleted by the Action type that you chose in step 10 above) and then click OK→ OK.The following executable file attachments are processed—if your network environment requires the use of any of these file formats, you can modify which file formats are blocked. Most businesses may want to deselect the .exe and .msi file formats.
    • Windows Executable (*.exe, *.dll,* .sys*, *.drv; *.ocx, *.scr)
    • MS-DOS Executable (*.exe)
    • ELF Executable and Linkable format (e.g. Linux) (*.elf)
    • Adobe Flash (*.swf)
    • Java Class Bytecode (*.class)
    • Windows Installer Package (*.msi)
    • Apple OS X Universal binary executable
    • Apple OS X Mach-O binary executable
    • Android executable (*.dex)

14. In the Rules window, click Save. Expand Assign to assign the policy to a client or group; otherwise, click Finish in the New Policy – Settings screen. If assigned, your policy settings will be applied to the target groups or client computers when they check in to ESET PROTECT.

    If you are using ESET Mail Security for Microsoft Exchange Server without remote management, click OK→ OK.

Download and import the ESET PROTECT Policy

The ESET PROTECT Policy for ESET Mail Security for Microsoft Exchange Server with additional Antispam settings to protect against ransomware malware (file coder) can be downloaded and imported from the link below. The ESET PROTECT Policy is available only for the latest version of ESET products. Compatibility with earlier versions cannot be guaranteed.

1. Download the Additional Ransomware Protection ESET PROTECT Policy.
2. Open the ESET PROTECT or ESET PROTECT Cloud Web Console. In the ESET PROTECT Web Console main menu, click Policies.
3. Click Actions → Import….

4. Click Choose file to upload, select the downloaded policy, and click Import.

5. Assign the policy to a client or assign the policy to a group. Policy settings will be applied to the target groups or client computers when they check in to ESET PROTECT.

Ransomware dropper filtering example

The following is an example of the “Ransomware dropper” policy filtering a ransomware dropper, along with a corresponding mail quarantine report:

Figure 3-1

Figure 3-2