Skip to main content
I believe we do protect against this attack vector, but I'll double check with our threat team to be sure.
We do have the ability to add detection for this type of malware as needed. However, this is not very widespread and we are not currently detecting many variants of it as they are non-PE. Fortunately, most malware using this technique will attempt to download additional executable components, which will be detected and removed by WSA in most cases.

Reply