Cryptolocker Prevention Kit 14

Post to Twitter Post to Facebook Post to StumbleUpon

The SMBKitchen Crew and Third Tier staff have put together a group materials that were published as part of our SMBKitchen Project and only available to subscribers. However because this virus is spreading so rapidly and is so serious we’ve decided to make these materials available to everyone.

The kit includes an article on cleaning up after infection but more importantly provides materials and instruction for deploying preventative block using software restriction policies. The articles provide instruction for installing them via GPO on domain computers and terminal servers, and non-domain joined machines too. We have also provide GPO settings that you can important into your environment.

We’ve zipped it up into a single file. Download it now

If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at

UPDATE: There have been two recent updates to the kit. These are found on our blog. Please be sure that you subscribe to our blog for continued information on this topic. and All future updates will be posted to our blog and this post may not be updated.

I can’t tell you how much time and money I’ve wasted on explaining my business to CPA’s. I recommend you don’t do that and instead hire Rayanne to Tech Your Books. She can solve problems and get your books setup so you can make money. She’s an MCSE and an Accounting professional. A rare combination that means she can Tech Your Books.

Leave a comment

Your email address will not be published. Required fields are marked *

WP-SpamFree by Pole Position Marketing

14 thoughts on “Cryptolocker Prevention Kit

  • Pingback: CryptoLocker: A Non-Technical Overview | Second Star Technologies

  • Pingback: Week of October 28: GA of Windows Server/System Center (and getting started) and new RDP clients for iOS, Android, and OSX - Server and Cloud Partner and Customer Solutions Team Blog - Site Home - TechNet Blogs

  • Pingback: Ransomware: Hello Critroni and Goodbye Cryptolocker « Calyptix Security Calyptix Security

  • Pingback: How to Move Computers in and out of a Group Policy |

  • Pingback: Exempting a Program from Software Restriction Policies |

  • frank clay

    Thanks for the kit, it saves a bit of time, however it would be nice if you could remove the shortcut from the policy – computer/pref/windows/shortcuts..thanks

  • Gabe

    If it’s good enough for SBS Diva, Susan Bradley, it’s good enough for me …

    “For those comfortable with Windows’ Group Policy and who have a domain controller on their network, Third Tier’s Cryptolocker Prevention Kit includes temp file–location blocking that works across networks. I use it in my own firm and help put together CryptoLocker-resistant group policies.”

    • Third Tier

      Thanks for the link, Gabe. There are many updates to this too. Search for crypto in our blog for all of our recommendations and how-to’s on blocking these nasty ransomware

  • Michael

    Ok, so what gives with blocking say %AppData%\*.exe

    Reading the docs here

    It sounds like it should block for all subfolders as well….. but on my Windows 7 box it does not.

    If I add the additional

    Path: %AppData%\*\*.exe then it blocks one subfolder but thats it??

    P.s. I think there is a typo in the guide it has

    Path: %lAppData%\*\*.exe with an ‘I’ in front of the AppData

  • Michael

    Looks like you really want to just use


    This will block all sub folders as well as block all designated file types