10-25-2017 01:13 PM - edited 03-08-2019 07:27 PM
Hi Support team,
Could you please let us know, how can I check whether the Rabbit Ransomware updated in ESA or not?
Do I need to check for Outbreak filters or Anti-Virus?
Many thanks!
10-25-2017 07:09 PM
AMP (Advanced Malware Protection) and Sophos anti-virus on ESA should be blocking all known variants of Bad Rabbit ransomware.
Please go through following article for more information:
https://community.sophos.com/kb/en-us/127730
https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/
http://blog.talosintelligence.com/2017/10/bad-rabbit.html
Regards,
Libin Varghese
10-26-2017 04:57 AM
Hi Libin,
Thanks for your information.
We have enabled SOPHOS anti-virus on our ESA, but not AMP.
Is there any impact on our users as we are not using AMP regarding this threat?
Many thanks!
10-31-2017 07:07 AM
Adding AMP as an additional layer of scanning would definitely be helpful.
Do note that AMP performs dynamic analysis of the attachment as it is received while Sophos uses IDE rules pushed to the appliance to determine malicious content.
Both scanning engines and completely different ways of functioning and recommendation would always be to use both to stay protected against unknown variants of the threat.
Regards,
Libin Varghese
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide