Skip to main content
I have a client that has been infected by different versions of malware 3 times. The virus successfully has encrypted personal and network files 3 times. No alerts from webroot nor any detection in a deep scan. Kind of embarrassing for us. Using recommended defaults with hyristics turned up. Why is webroot ineffective vs this type of virus? Isn't this the number one biggest threat these days, in terms of severely after infection. We are a partner and don't want to have to shop around yet again. 
Does the network environment at this client rely solely on endpoint security for malware prevention? No one solution stops everything, which is why a layered security strategy is vital to preventing infections internally.

 

As a direct response to the advent of Ransomware over the past 3 years, I moved my small business clients from depending solely on desktop anti-virus to adding a business class firewall with subscription security services, and making all Windows users Standard users without the ability to install applications. While this sort of strategy is standard in large business, it is costly for very small businesses such as my clients. A brief explanation of Ransomeware malware sold every one of them on making the investment, and limiting rights of network users. Malware infection rates have dropped to zero over the last two years.

 

These days no single solution is 100% effective, and should not be relied on solely for protection in a business situation unless there is tolerance for regular infections.
Agreed, we have a sophos utm, and a 3rd party service scans the email before it hits the server. This is not an isolated incident. It's happened 3 times. Malware bytes found it after the damage had been done. Just checking here to see if webroot has anything to say.

 

You buy antivirus to protect the client. When it doesn't happen some of the blame must rest on the endpoint protection don't you think?  In my clients eyes it's been 0 percent effective. 

 

Every layer is taking heat on this one. I singled out webroot here because I don't care if a pop-up malware gets through, with these infections it's real data loss. 

 

 

Thanks for the tip on the local admin rights, it may be time to revisit that. 

 

 
I can state from experience, before installing UTM firewalls, limiting the local user rights caused a significant reduction in malware on the workstations with my clients.

 

Your situation with this client is disconcerting. I've had excellent results with the multi-pronged approach to security from outside threats. If there were other elements that could be added within reasonable cost and practical impact, I would be pushing them. 

 

If it weren't criminal, the engineering behind ransomeware would be considered ingenious. As long as there is money to be had, this kind of stuff is just going to get worse and harder to prevent

Reply