CryptoProtect is not doing this by Remote (anything.) It's just one of many reasons I see what you described.

There are tomes about how such happens such as http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/ and the links there.

As written I don't agree with more firewalls. It's more of an issue where your users click or run something they shouldn't have.
Bob