Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

CrytoLocker - Supported versions of Symantect

Created: 28 Oct 2013 • Updated: 28 Oct 2013 | 4 comments
This issue has been solved. See solution.

I am inquiring if someone can tell me what versions of Symantec are capable of detecting, blocking, and removing CryptoLocker.  We currently are running 11.0.6005.562 and 11.0.7.000.975 on most compuers.  We have upgraded about 25% of our machines to 12.1.3001.165.

 

 

Operating Systems:

Comments 4 CommentsJump to latest comment

SMLatCST's picture

In theory, any of the SEP client versions will detect and remove a CryptLocker variant (depending upon the defs on the client) using the AV Component.

In addition to AV, the below blog suggests IPS blocks how CryptLocker grabs the public key in order to do the encrytion:

https://www-secure.symantec.com/connect/blogs/ransomcrypt-thriving-menace

This hopefully means that even if you get hit by an unknown variant of Cryptlocker, it cannot execute its payload.

Not to mention the A&DC policy to block executable files from launching if they are in the usual cyptlocker location:

https://www-secure.symantec.com/connect/forums/cryptolocker-and-adc-policies

SOLUTION
indianaHusker's picture

Thanks for the replies.  We haven't been hit, but wanted to verify that we're ok on v11 until we've upgraded to v12.  We are deploying the IPS too. 

 

Mick2009's picture

This new article may be of interest to followers of this thread:

 

Recovering Ransomlocked Files Using Built-In Windows Tools
https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

With thanks and best regards,

Mick