Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2252
Views
5
Helpful
5
Replies

Unnamed malware/encrypted file detection

Go to solution
Michael Cole
Level 1
Level 1

‎08-27-2014 11:46 AM

While perusing some Ironport reports I noticed 'unnamed malware' with the transactions monitored...  can anyone provide more detail/explanation for this?  Is it really malware?  If it is, why is it monitored, instead of blocked?  Or is this a false positive?

 

Side note - the 'Support Portal Malware Details' link at the bottom of the report references http://www.ironport.com/malwaredetails, which redirects to a Cisco Acquisitions page, which isn't exactly useful.

 

 

Thanks,

 

Mike C

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mikkel Christensen
Level 1
Level 1
In response to Michael Cole

‎09-16-2014 05:14 AM

On the WSA look under: Web Security Manager - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

On the SMA look under Web - Configuration Master - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

enjoy :-)

View solution in original post

5 Replies 5

Go to solution
akilgore
Cisco Employee
Cisco Employee

‎09-08-2014 01:31 PM

Hi Mike,

The "Unknown" or "Unnamed" categories are typically the result of one of the following:

(1) Samples that return an 'unscannable' verdict from the engine.

(2) New malware samples that do not yet have a defined signature, but do flag on heiristic detection methods, may initially flag as unknown or unnamed.

Samples that flag under these categories will either be blocked or allowed, depending on your policy settings.

0 Helpful

Go to solution
Michael Cole
Level 1
Level 1
In response to akilgore

‎09-08-2014 02:03 PM

Thanks for the response - where would this setting be, on the S370 or M170 (management device)?  Asking because I don't recall seeing an option anywhere as to how to drop this particular traffic (if unknown.)

 

Thanks!

0 Helpful

Go to solution
Mikkel Christensen
Level 1
Level 1
In response to Michael Cole

‎09-16-2014 05:14 AM

On the WSA look under: Web Security Manager - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

On the SMA look under Web - Configuration Master - Access Policies - Click on "Web Reputation and Anti-Malware Filtering" policy. Her you set how to monitor or block the different malware categories and at the buttom "other categories"

enjoy :-)

Go to solution
Michael Cole
Level 1
Level 1
In response to Mikkel Christensen

‎09-24-2014 08:36 AM

Perfect, many thanks!

 

Mike C

0 Helpful

Go to solution
ramsymartin15984
Level 1
Level 1

‎03-14-2021 11:46 PM

Take a example of DearCry Ransomware, this nasty ransomware exploits bugs in software installed in computer, or network sever exploits to install the ransomware program in your computer. Once they gain access to your computer, they will start encrypting all files stored in computer and demands ransom payment for decryption keys/software. For more details, visit 'How to Remove DearCry Ransomware: restore encrypted files'.

However, one possible ways to recover locked files by any ransomware programs is to restore them from strong backup. You should make sure that you have backup of your all damaged or lost files on some external storage, or on cloud storage. You can also try powerful data recovery software for this purpose, and you can get this tool by visiting the post through link.

0 Helpful
Customers Also Viewed These Support Documents
li.common.scroll-to.top