Skip to main content
Customer Support Customer Support

WSA fails KnowBe4 Ransim ransomware simulation test

O
Fresh Face
  • Olaf
  • Fresh Face
  • 1 reply
We have run the KnowBe4 Ransim v1.1 simulation and found that WSA has trouble protecting against this quite useful ransomware test simulation. This is an updated version of the test that did pass according to previous Webroot testers.
Previous older version of the Ransim test is mentioned here:
https://community.webroot.com/t5/Product-Questions/Knowbe4-RanSim-Ransomware-Simulator/td-p/273428
 
We have enabled PUA detection on a copy of the Recommended Default Policy in Endpoint Protection console and checked the policy was updated on the Win7 endpoint.
 
Any other recomendations?
 

    Ssherjj
    1 person likes this
    • Ssherjj
      Ssherjj

    2 replies

    browell
    Forum|alt.badge.img+7
    • browellOpenText Employee
    • OpenText Employee
    • 48 replies
    • November 3, 2017
    It's being blocked now during the install process so I can't verify what happened in your test.  My guess is that it was doing just enough "Safe" stuff that it wasn't triggering our hueristics.  
     
    During your test, did you notice if the process was untrusted or being monitored by the Webroot agent?  If so, then that's the journaling part of the journaling and rollback feature.  So, it could be that during the test, your fake test files were being stored safely in the Webroot journal.  Then when it was detected as bad (as it is now) then those files would be rolled back.  
     
    Hope that helps.
    J
    B
    2 people like this
    O
    Fresh Face
    • Olaf
    • Author
    • Fresh Face
    • 1 reply
    • November 12, 2017
    Previous Webroot tests using this tool have produced a good result with all 5 tests passed. (screenshot below)
    If there is no way to get a "passed" result to show to our clients is there another tool that can show the efficacy of Webroot? (Eicar test is too simple)
    Thanks
     

    J
    1 person likes this

    Reply


    Terms & Conditions