Endpoint Protection

 View Only

  • 1.  CryptoWall 3.0 Status

    Posted Jan 20, 2015 01:57 PM

    Can someone tell me if Symantec Enpoint Protection is aware of CryptoWall 3.0.



  • 2.  RE: CryptoWall 3.0 Status

    Posted Jan 20, 2015 02:00 PM

    Yes it can detect it with AV and IPS signatures:

    Signature Detections

    http://www.symantec.com/security_response/writeup.jsp?docid=2014-071611-5805-99

    http://www.symantec.com/security_response/writeup.jsp?docid=2014-050702-0428-99

    http://www.symantec.com/security_response/writeup.jsp?docid=2013-091122-3112-99

    http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27046

    Forum post

    https://www-secure.symantec.com/connect/forums/cryptolocker-are-we-safe

    Additional resources from Symantec

    http://www.symantec.com/business/support/index?page=content&id=TECH211589

    https://www-secure.symantec.com/connect/blogs/ransomcrypt-thriving-menace

    https://www-secure.symantec.com/connect/forums/new-article-ctb-locker-and-other-forms-crypto-malware



  • 3.  RE: CryptoWall 3.0 Status

    Posted Jan 21, 2015 12:58 AM

    Trojan.Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted.
    http://www.symantec.com/security_response/writeup.jsp?docid=2014-061923-2824-99

    Removal tool is avail here

    http://www.symantec.com/security_response/writeup.jsp?docid=2014-061923-2824-99&tabid=3

    Symhelp tool, you can run on the system to clean it

    Download the Symantec Help (SymHelp) diagnostic tool to detect Symantec product issues

    Article:TECH170752  |  Created: 2011-09-29  |  Updated: 2014-10-01  |  Article URL http://www.symantec.com/docs/TECH170752