Dear all. today we got virus like wannacry that encrypt entire files on computers. it was sent as .pdf file. inside pdf there is a link that download js file. that file cause computer encryption. when we scanned on virustotal most of antivirus found it as VIRUS. the question is that why cisco esa antivirus not able to catch it?
There could be some variable factors but I would suggest to have a TAC case opened to have it looked into more deeply. The Sophos engine + definition we run on the Cisco ESAs is a bit different from the Sophos Appliance/Endpoints results which you may see in virustotal.
However as #Mat has also shared, was AMP also used at the time of this file scan?
If the sample was marked clean by Sophos - it may be required to have that sample to be analyzed further as well on Cisco's end to find out what happened.
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...