Endpoint Protection Small Business Edition

 View Only
  • 1.  SEP not blocking suspicious file

    Posted Aug 20, 2015 09:23 AM

    Hi,

    I'm using SEP 12 and the SEP not detec and block a malicious file.

    VirusTotal

    https://www.virustotal.com/pt/file/b3582d126cec6e3c1150ee47fc03945d5bcc2dfece8bff441104799d18e446a4/analysis/1440073821/

    It's possible to configure SEPM to detect and block this specific file using hash md5?

     

    Thanks

    Guilherme



  • 2.  RE: SEP not blocking suspicious file

    Posted Aug 20, 2015 12:54 PM

    It is but you need to do some manual work to set it up. See my article here:

    How to utilize SEP 12.1 for Incident Response - PART 1



  • 3.  RE: SEP not blocking suspicious file

    Posted Aug 20, 2015 03:31 PM

    I can't execute this file because it's malicious.



  • 4.  RE: SEP not blocking suspicious file

    Posted Aug 20, 2015 03:33 PM

    The only other option is to use an application and device control policy to block the file execution. Using ADC, you can block via the hash.