According to McAfee the extension blocking seems to prevent the encryption: https://kc.mcafee.com/corporate/index?p ... id=KB89335
"VirusScan Enterprise (VSE) and Endpoint Security (ENS) Access Protection Proactive Measures
NOTE: The VSE and ENS Access Protection rules will prevent creation of the .WNRY file. This rule prevents the encryption routine, which is where one will see encrypted files that contain a .WNCRYT, .WNCRY and/or .WCRY extension. By implementing the block against .WNRY, other blocks are not necessary for the encrypted file types."
At the end of the day it's about layers of protection. No one single defense strategy will suffice for WannaCry or any other future ransomware. I s'pose the question might be, why NOT use file screening?