Benjamin Moore & Co. Information Technology

Computer Endpoint Virus / Malware Protection Policy Version 2.4 (11/30/12)

Internal Use Only Page 1 of 3

Scope This policy provides information for Benjamin Moore & Co. employees on the procedures regarding Computer Endpoint Virus / Malware Protection. Computer Endpoint protection is the process in which the Company provides protection from computer viruses, worms, spyware, adware and rootkits (“virus”). This policy outlines how various viruses and malware can infect Benjamin Moore & Co.'s MS Windows based computer devices, the steps the Company takes to prevent and/or minimize infections, and how employees should respond to a virus / malware issue if they suspect one has infected their computing device. Policy This policy applies to all regular and temporary, part-time and full-time employees, consultants, contractors, interns or others authorized to use computer devices connected to the Company’s internal network, (collectively “Employees”). It is the responsibility of every Benjamin Moore & Co. employee that uses Company computing equipment to take reasonable measures to protect their computing device from virus infections. Background Viruses can enter Benjamin Moore & Co.'s network, computer devices and servers in a variety of ways:

E-mail - Most viruses are sent as e-mail attachments. These attachments could be working documents or spreadsheets, or they could be merely viruses disguised as pictures, jokes, etc. These attachments may have been knowingly sent by someone wanting to infect Benjamin Moore & Co.'s network or by someone who does not know the attachment contains a virus. However, once some viruses are opened, they automatically e-mail themselves, and the sender may not know his or her computer is infected. USB Memory Sticks, CDs, DVDs or other removable media - Viruses can spread via various types of storage media. As with e-mail attachments, a virus can hide within a legitimate document or spreadsheet or simply be disguised as another type of file. Software downloaded from the Internet - Downloading software via the Internet can be a source of infection. As with other types of transmissions, the virus can hide within a legitimate document, spreadsheet, or other type of file. Instant messaging attachments - Although less common than e-mail attachments, viruses are taking advantage of instant messaging software. These attachments work the same as e-mail viruses, but they are transmitted via instant messaging software. FTP / Cloud sites - Downloading software via FTP sites or via a Cloud sharing site such as Dropbox, Amazon or Google, can be a source of infection. As with other types of transmissions, the virus can hide within a legitimate document, spreadsheet, or other type of file. DNS Changer – Process in which a computing device is infected with a virus and the system’s browser request is intercepted. The target domain request is then rerouted to servers under the control of the cybercriminals.

Internal Use Only Computer Endpoint Virus / Malware Protection Policy Version 2.4 (11/30/12) Page 2 of 3

Process (all Employees) Even though all Internet e-mail traffic is scanned for viruses and every attempt is made to scan all files on the Company’s servers and workstations, the possibility still exists that a new or well-hidden virus could find its way to an Employee’s workstation, and if not properly handled, could infect Benjamin Moore & Co.'s computer devices. As stated, it is the responsibility of all Employees to take reasonable steps to prevent virus outbreaks. Use the following guidelines to help minimize the risk of infection: • Do not open e-mail attachments that are unrecognizable. • Never open an e-mail or instant messaging attachment from an unknown or suspicious source. • Never download freeware or shareware from the Internet without the express permission of your

Manager and/or the IT department. • Employees should not forward virus-warning messages. However, on occasion, computer users will

distribute virus warnings that are actually virus hoaxes. These warnings are typically harmless. in any event, forwarding such messages unnecessarily increases network traffic.

• If a file you receive contains macros that you are unsure about, disable the macros. These are more common when using the Microsoft Office suite of products.

• When using a USB Memory Device, be aware that as you access a file the Antivirus software on your system will automatically scan the file you are trying to open. If a virus is found the Antivirus software will attempt to repair the file. If this is unsuccessful, the file will be quarantined to your local hard drive.

- If you receive or encounter a suspicious file or e-mail attachment, do not open it. Call Benjamin

Moore & Co.'s IT Call Center at 973-252-2700 and then notify the IT Call Center technician that you have received a suspicious file. The technician will assist you in troubleshooting and resolving the virus issue.

The IT department, however, makes no guarantees as to whether an infected file can be totally cleaned and will not allow the infected file to be used on Benjamin Moore & Co. computers. In the event a user’s company issued computing device is rendered inoperable due the infection, the IT department will re-image the device. IT will make reasonable effort to restore the Employees data files during the re-image process. Process (IT internal) Benjamin Moore & Co. IT has in place a multi layer, centrally managed antivirus strategy for MS Windows based servers, laptops, and desktops. Scanning Internet Traffic - All Internet traffic coming into and going out of our network must pass through Company servers and other network devices. Only specific types of network traffic are allowed beyond the Company’s exterior firewalls. Non-email traffic is scanned using Symantec Endpoint Edition Software. E-mail messages that originate outside of the Company network must pass through the boundary email security service provider’s system before they are allowed to enter the Company network. The service provider’s system utilizes MacAfee Antivirus. Outbound E-mail messages that originate inside of the Benjamin Moore & Co. network must pass through the boundary email security service provider’s system before they are allowed to enter the Company network. The service provider’s system utilizes MacAfee Antivirus. In the event issues are detected such as viruses, suspicious e-mail and /or unwanted attachments these items are routed to an isolated storage device and viruses are quarantined.

Internal Use Only Computer Endpoint Virus / Malware Protection Policy Version 2.4 (11/30/12) Page 3 of 3

Operating Email Server AntiVirus Software – Symantec for Microsoft Exchange runs on each Benjamin Moore Email server as an added layer of protection. Symantec scans every internal and external email attachment prior to sending the email on to its destination. If it finds something suspicious, Symantec attempts to clean the attachment. If it cannot, Symantec quarantines the file or files and automatically notifies the sender, the IT Call Center, and the Antivirus System Administrator. The Antivirus System Administrator will then delete the file from the quarantine area. Running server and workstation AntiVirus software - All Windows based servers run Symantec EndPoint Edition software. This software scans the file-sharing data stores, looking for suspicious code. Symantec Antivirus software is also installed on all organization workstations. This software scans all data written to or read from a workstation's hard drive. If it finds something suspicious, Symantec attempts to clean the file. If it can’t clean the file, Symantec quarantines the file on the workstation and automatically alerts the user, the IT Call Center, and the Antivirus System Administrator. The Antivirus System Administrator will then delete the file from the quarantine area. Routinely Updating Virus Definitions – On a semiweekly and/or on demand schedule, an Antivirus management server automatically retrieves updated definition files from www.symantec.com and pushes the updates to parent servers at each location which in turn pushes updates out to the managed workstations. These definition files allow the software to detect new viruses. If a new virus definition file is available, the virus scanning software is automatically updated and the system administrator is informed. When client workstations are started, the virus protection program automatically checks in with a Benjamin Moore & Co. server on the network for updates. Workstations will also check every 4 hours for updates. If an update exists, the workstation program will download and install the update automatically. Monthly Scans – Employees’ workstations scans are run on the 15th day of each month at 12 noon. The Monthly scan process for Retail Employees’ workstations occurs on the 5th day of each month at 4:00 am. User Notification - The IT staff will notify Employees of credible virus threats via e-mail, broadcast messages or other practical means. Apple OS Based Devices Benjamin Moore & Co. currently handles Apple OS based devices on a case by case basis. The IT department, however, makes no guarantees as to whether an infected device can be totally cleaned and will not allow the infected system to be used on the Benjamin Moore & Co. corporate network. In the event an Employee’s company issued computing device is rendered inoperable due to a virus, the IT department will re-image the device. IT will make reasonable effort to restore the Employees data files during the re-image process. Mobile Devices Benjamin Moore & Co. is currently reviewing options for supporting mobile devices with antivirus software. At this time antivirus software is not installed on company issued mobile devices. In the event of a virus, mitigation is handled via the Mobile Device Management tools currently in place. This process allows the containment of corporate email information to limit exposure. Review This policy will be reviewed for accuracy and updates on an annual basis.