This content has been updated since the original publication. You can find all of our updated protection techniques in our Ransomware Prevention Kit. http://www.thirdtier.net/ransomware-prevention-kit/
In our Cyptolocker Prevention Kit (http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit/), we implement Software Restriction Policies. Those policies generally don’t interfere with normal PC operation but can prevent some applications from installing properly. Additionally some older applications may run their .exe files from the blocked locations.
Previously we offered a way to temporarily exempt a computer from the policy (http://www.thirdtier.net/2013/10/how-to-move-computers-in-and-out-of-a-group-policy/). This works great for one time computer setup or larger installation routines. But if you find that you have a repetitive task that requires you to move computers in and out of the policy you may be better off exempting the .exe from the policy. A good explanation of how to do this has been provided at http://avosec.com. I’ve copied it here for you.
How to allow specific applications to run when using Software Restriction Policies
If you use Software Restriction Policies, or CryptoPrevent, to block CryptoLocker you may find that some legitimate applications no longer run. This is because some companies mistakenly install their applications under a user’s profile rather than in the Program Files folder where they belong. Due to this, the Software Restriction Policies will prevent those applications from running.
Thankfully, when Microsoft designed Software Restriction Policies they made it so a Path Rule that specifies a program is allowed to run overrides any path rules that may block it. Therefore, if a Software Restriction Policy is blocking a legitimate program, you will need to use the manual steps given above to add a Path Rule that allows the program to run. To do this you will need to create a Path Rule for a particular program’s executable and set the Security Level to Unrestricted instead of Disallowed as shown in the image below.
Once you add these Unrestricted Path Rules, the specified applications will be allowed to run again.
If you find this kind of material useful considering joining the SMBKitchen Project. You can find out more about us at http://www.thirdtier.net