cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1210
Views
5
Helpful
5
Replies
Michael Cole
Beginner

Unnamed malware/encrypted file detection

While perusing some Ironport reports I noticed 'unnamed malware' with the transactions monitored...  can anyone provide more detail/explanation for this?  Is it really malware?  If it is, why is it monitored, instead of blocked?  Or is this a false positive?

 

Side note - the 'Support Portal Malware Details' link at the bottom of the report references http://www.ironport.com/malwaredetails, which redirects to a Cisco Acquisitions page, which isn't exactly useful.

 

 

Thanks,

 

Mike C

1 ACCEPTED SOLUTION

Accepted Solutions

On the WSA look under: Web Security Manager - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

On the SMA look under Web - Configuration Master - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

enjoy :-)

View solution in original post

5 REPLIES 5
akilgore
Cisco Employee

Hi Mike,

The "Unknown" or "Unnamed" categories are typically the result of one of the following:

(1) Samples that return an 'unscannable' verdict from the engine.

(2) New malware samples that do not yet have a defined signature, but do flag on heiristic detection methods, may initially flag as unknown or unnamed.

Samples that flag under these categories will either be blocked or allowed, depending on your policy settings.

Thanks for the response - where would this setting be, on the S370 or M170 (management device)?  Asking because I don't recall seeing an option anywhere as to how to drop this particular traffic (if unknown.)

 

Thanks!

On the WSA look under: Web Security Manager - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

On the SMA look under Web - Configuration Master - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

enjoy :-)

View solution in original post

Perfect, many thanks!

 

Mike C

ramsymartin15984
Beginner

Take a example of DearCry Ransomware, this nasty ransomware exploits bugs in software installed in computer, or network sever exploits to install the ransomware program in your computer. Once they gain access to your computer, they will start encrypting all files stored in computer and demands ransom payment for decryption keys/software. For more details, visit 'How to Remove DearCry Ransomware: restore encrypted files'.

However, one possible ways to recover locked files by any ransomware programs is to restore them from strong backup. You should make sure that you have backup of your all damaged or lost files on some external storage, or on cloud storage. You can also try powerful data recovery software for this purpose, and you can get this tool by visiting the post through link.

Create
Recognize Your Peers
Content for Community-Ad