Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2252
Views
0
Helpful
3
Replies

Ransomware Question

Saeedullah Khan
Level 1
Level 1

‎12-13-2016 01:04 AM - edited ‎02-20-2020 09:02 PM

Hi Guys,

Can anyone confirm, is AMP can stop spam emails micro enabled (ransomware) attachments or we need to also buy the SPAM license?

Waiting for your prompt reply.

Labels:
0 Helpful
3 Replies 3

David Janulik
Cisco Employee
Cisco Employee

‎12-13-2016 01:19 AM

Hi Khan,

AMP checks files with following extensions.

  • MSEXE
  • PDF
  • MSCAB
  • MSOLE2
  • ZIP
  • ELF
  • MACHO
  • MACHO_UNIBIN
  • SWF
  • JAVA

 Unsupported File Types

 

Windows Connector currently does not scan ELF, JAVA, xar(pkg), MACHO, MACHO_UNIBIN, or ASCII.

The file disposition will be checked against cloud. To reduce spam, you should probably look for Email security appliance (ESA) product.

David

Cyber security escalation engineer
0 Helpful

Saeedullah Khan
Level 1
Level 1
In response to David Janulik

‎12-13-2016 01:33 AM

Thanks for your reply.

Actually, spam received ".docm, .xlsm" extension files and when opened the file, they encrypted the mostly word/excel files.

Can AMP will control this issue?

Saeed

0 Helpful

David Janulik
Cisco Employee
Cisco Employee
In response to Saeedullah Khan

‎12-13-2016 01:46 AM

Can you open a support case? We can check the file disposition convicted at the time you opened it. From your side do the file trajectory investigation. This should help you to track down executed actions from it.

David

Cyber security escalation engineer
0 Helpful
Customers Also Viewed These Support Documents