Endpoint Protection

I am inquiring if someone can tell me what versions of Symantec are capable of detecting, blocking, and removing CryptoLocker.  We currently are running 11.0.6005.562 and 11.0.7.000.975 on most compuers.  We have upgraded about 25% of our machines to 12.1.3001.165.

Symantec all version are detects CryptoLocker virus

Check mithun comments on attached thread

https://www-secure.symantec.com/connect/forums/cryptolocker-are-we-safe#comment-9330651

In theory, any of the SEP client versions will detect and remove a CryptLocker variant (depending upon the defs on the client) using the AV Component.

In addition to AV, the below blog suggests IPS blocks how CryptLocker grabs the public key in order to do the encrytion:

https://www-secure.symantec.com/connect/blogs/ransomcrypt-thriving-menace

This hopefully means that even if you get hit by an unknown variant of Cryptlocker, it cannot execute its payload.

Not to mention the A&DC policy to block executable files from launching if they are in the usual cyptlocker location:

https://www-secure.symantec.com/connect/forums/cryptolocker-and-adc-policies

Thanks for the replies.  We haven't been hit, but wanted to verify that we're ok on v11 until we've upgraded to v12.  We are deploying the IPS too. 

 

This new article may be of interest to followers of this thread:

Recovering Ransomlocked Files Using Built-In Windows Tools
https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools