1.) I don't see (yet) any detected or overrides for .vbs files. How does Webroot keep us safe from these types of infection?
If it is not "scanning everything all the time" like conventional anti-virus, other than waiting for something to try to execute and then trying to block it how can it be as good or better than conventional AV? I'd feel save if something is looking inside the.gift horse as it is downloaded, to make sure its not a trojan, instead of finding out when the door is opened. Is this handled by the option to "Scan on create and saved programs? ARe all files scanned or just executables?
2.) With the way that Cryptolocker is mutating, thousands of strands changing daily, is the only way to really be protected is to lock down the computers and dissallow any and all exe's and dll's that are not on the allowed list?
End users should not be permitted to install / execute any type of application, however the concept is met with resistance with SMB clients who can't live without their coupon printers and screen savers......
Page 1 / 1
We will protect against Word/Excel macros or .vbs files - either blocking known bad ones or journaling unknown ones until a determination can be made.
For Cryptolocker there's a good explanation that one of our threat researchers did today on reddit:
https://www.reddit.com/r/sysadmin/comments/3f1y5i/ama_the_sequal_we_are_webroot_and_we_are_here_to/ctkjcoa
basically the latest threats involve process hollowing of known good executables. We're about to release a patch to catch those, but in the meantime this KB article gives you some good guidelines on locking down your environment to help minimize the chances of ransomware hitting you:
https://community.webroot.com/t5/Webroot-Education/Best-practices-for-securing-your-environment-against/ta-p/191172
For Cryptolocker there's a good explanation that one of our threat researchers did today on reddit:
https://www.reddit.com/r/sysadmin/comments/3f1y5i/ama_the_sequal_we_are_webroot_and_we_are_here_to/ctkjcoa
basically the latest threats involve process hollowing of known good executables. We're about to release a patch to catch those, but in the meantime this KB article gives you some good guidelines on locking down your environment to help minimize the chances of ransomware hitting you:
https://community.webroot.com/t5/Webroot-Education/Best-practices-for-securing-your-environment-against/ta-p/191172
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.