Came across the Eset Endpoint tech paper for configuring HIPS and firewall for ransomware: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&ved=0ahUKEwjy4Of4t9DPAhUFWD4KHeQlBM8QFghdMAU&url=http://www.nod32.com.hr/Portals/66/PDF/anti-ransomware-techbrief_en.pdf&usg=AFQjCNHN_-B-UcNEaldEAOXbtRNbA78xNg Never occurred to me to add firewall rules to block all network traffic for cscript, wscript, and powershell. The 16 bit support exe, ntvdm.exe, doesn't exist anymore in Win 10. None of these processes should be dialing out. I assume most firewall rules running in interactive mode will trigger on outbound execution for these exe's but you never know with ransomware.
I just block everything outbound that is not whitelisted, using built-in firewall. Since I don't have many programs installed that need to access net, it's not hard to set it up.
here is an article you might like. this example is how to set up Regsvr32 from windows fw. http://www.bleepingcomputer.com/new...nstall-ransomware-through-jscript-installers/
Yes exactly, no need to make special rules. It's very simple, if you're not on the white-list, you're not allowed to run, or to make outbound connections. This also goes for system applications.