{
    "authors": [
        "Various"
    ],
    "label": "Preventive Measure",
    "uuid": "1a8e55eb-a0ff-425b-80e0-30df866f8f65",
    "values": [
        {
            "code": "Backup and Restore Process",
            "description": "Make sure to have adequate backup processes on place and frequently test a restore of these backups.(Schr\u00f6dinger's backup - it is both existent and non-existent until you've tried a restore",
            "importance": 0,
            "uuid": "5f942376-ea5b-4b23-9c26-81d3aeba7fb4"
        },
        {
            "code": "Block Macros",
            "description": "Disable macros in Office files downloaded from the Internet. This can be configured to work in two different modes:A.) Open downloaded documents in 'Protected View'B.) Open downloaded documents and block all macros",
            "importance": 0,
            "uuid": "79563662-8d92-4fd1-929a-9b8926a62685"
        },
        {
            "code": "Disable WSH",
            "description": "Disable Windows Script Host",
            "importance": 0,
            "uuid": "e6df1619-f8b3-476c-b5cf-22b4c9e9dd7f"
        },
        {
            "code": "Filter Attachments Level 1",
            "description": "Filter the following attachments on your mail gateway:.ade, .adp, .ani, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .ht, .hta, .inf, .ins, .isp, .jar, .job, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .ocx, .pcd, .ps1, .reg, .scr, .sct, .shs, .svg, .url, .vb, .vbe, .vbs, .wbk, .wsc, .ws, .wsf, .wsh, .exe, .pif, .pub",
            "importance": 0,
            "uuid": "7055b72b-b113-4f93-8387-e6f58ce5fc92"
        },
        {
            "code": "Filter Attachments Level 2",
            "description": "Filter the following attachments on your mail gateway:(Filter expression of Level 1 plus) .doc, .xls, .rtf, .docm, .xlsm, .pptm",
            "importance": 0,
            "uuid": "8c9bbbf5-a321-4eb1-8c03-a399a9687687"
        },
        {
            "code": "Restrict program execution",
            "description": "Block all program executions from the %LocalAppData% and %AppData% folder",
            "importance": 0,
            "uuid": "6a234b1d-8e86-49c4-91d6-cc3be3d04f74"
        },
        {
            "code": "Show File Extensions",
            "description": "Set the registry key \"HideFileExt\" to 0 in order to show all file extensions, even of known file types. This helps avoiding cloaking tricks that use double extensions. (e.g. \"not_a_virus.pdf.exe\")",
            "importance": 0,
            "uuid": "5b911d46-66c8-4180-ab97-663a0868264e"
        },
        {
            "code": "Enforce UAC Prompt",
            "description": "Enforce administrative users to confirm an action that requires elevated rights",
            "importance": 0,
            "uuid": "3f8c55db-611e-4831-b624-f9cbdc3b0e11"
        },
        {
            "code": "Remove Admin Privileges",
            "description": "Remove and restrict administrative rights whenever possible. Malware can only modify files that users have write access to.",
            "importance": 0,
            "uuid": "168f94d3-4ffc-4ea6-8f2e-8ba699f0fef6"
        },
        {
            "code": "Restrict Workstation Communication",
            "description": "Activate the Windows Firewall to restrict workstation to workstation communication",
            "importance": 0,
            "uuid": "fb25c345-0cee-4ae7-ab31-c1c801cde1c2"
        },
        {
            "code": "Sandboxing Email Input",
            "description": "Using sandbox that opens email attachments and removes attachments based on behavior analysis",
            "importance": 0,
            "uuid": "7960740f-71a5-42db-8a1a-1c7ccbf83349"
        },
        {
            "code": "Execution Prevention",
            "description": "Software that allows to control the execution of processes - sometimes integrated in Antivirus softwareFree: AntiHook, ProcessGuard, System Safety Monitor",
            "importance": 0,
            "uuid": "bfda0c9e-1303-4861-b028-e0506dd8861c"
        },
        {
            "code": "Change Default \"Open With\" to Notepad",
            "description": "Force extensions primarily used for infections to open up in Notepad rather than Windows Script Host or Internet Explorer",
            "importance": 0,
            "uuid": "3b7bc1b2-e04f-4492-b3b1-87bb6701635b"
        },
        {
            "code": "File Screening",
            "description": "Server-side file screening with the help of File Server Resource Manager",
            "importance": 0,
            "uuid": "79769940-7cd2-4aaa-80da-b90c0372b898"
        },
        {
            "code": "Restrict program execution #2",
            "description": "Block program executions (AppLocker)",
            "importance": 0,
            "uuid": "feb6cddb-4182-4515-94dc-0eadffcdc098"
        },
        {
            "code": "EMET",
            "description": "Detect and block exploitation techniques",
            "importance": 0,
            "uuid": "5f0a749f-88f2-4e6e-8fd8-46307f8439f6"
        },
        {
            "code": "Sysmon",
            "description": "Detect Ransomware in an early stage with new Sysmon 5 File/Registry monitoring",
            "importance": 0,
            "uuid": "1b1e5664-4250-459b-adbb-f0b33f64bf7e"
        },
        {
            "code": "Blacklist-phone-numbers",
            "description": "Filter the numbers at phone routing level including PABX",
            "importance": 0,
            "uuid": "123e20c5-8f44-4de5-a183-6890788e5a81"
        },
        {
            "code": "ACL",
            "description": "Restrict access to shares users should not be allowed to write to",
            "importance": 0,
            "uuid": "3e7a7fb5-8db2-4033-8f4f-d76721819765"
        }
    ],
    "version": 3
}