Endpoint Protection

Hello,

i have a risk detected whit Trend and i want to know the name that symantec use for the same risk .

is there any way to know that ?

Exemple of Trend detections:

Thank you for your answers.

Kind regards

Symantec may use a different naming convention so there is no way to tell without a submission.

Submit it to Symantec:

https://www.symantec.com/security-center/submit-virus-samples

Also, submit to Virustotal:

https://www.virustotal.com/

Thank you Brian,

i dont have a sample to submit, i already checked in virustoital whit the hash but nos results :(

Kind regards

can you post the hash value?

For Symantec to identify the name and detection, submission will be required.

What is the hash value of the file?

SHA1 : DDC2D148F586AA3414418FDEAFD97B09CAD3353C

MD5 : E596C6C0DD7CDB4FC2BFBCDEF634E5FF

Unfortunately, I don't see this hash on any of the online hash lookups. How new is this file?

:(

The detection is from today 

other detection (also from today)

Virus name: VAN_DROPPER.UMXX;VAN_RANSOMWARE.UMXX

SHA1: 32D3AF539A7373ECD962686D24763B20CE3302B7
MD5 : 1C6B4B4DC7A31807EBA56A22CE22D8A3

do you think that i could open a case for this mater ?

It won't hurt to try. They'll likely need the file as a sample though. SEP does have detections for ransomware (both AV and IPS) so this may be brand new. 

Did this file execute on one of your machines with all SEP components enabled? None of the components triggered a detection?

Hi anekkab,

Different vendors have different names for threats.  The names you list sound similar to JS.Downloader-leading-to-Ransomware. New individual samples of that nature are released into the wild constantly in large number.  A sample, from public hash submission or the file itself, would be necessary to see how Symantec would detect it.

Does Symantec Detect This: An Illustrated Guide to Public Hash Submission
https://www-secure.symantec.com/connect/articles/does-symantec-detect-illustrated-guide-public-hash-submission

Here are some resources about how to keep from being hit by that sort of threat:

Support Perspective: W97M.Downloader Battle Plan
https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan
 

Hardening Your Environment Against Ransomware
https://www.symantec.com/connect/articles/hardening-your-environment-against-ransomware
 

Please do keep this thread up-to-date with your progress!

Dear Anekkab

The Trend Micro malware names VAN_DROPPER.UMXX, VAN_MALWARE.UMXX, VAN_BOT.UMXX, VAN_RANSOMWARE.UMXX are all created by the Trend Micro Virtual Analyzer when it analyses the files. Basically it is the name given to files with specific behaviour when the file is unknown to Trend Micro.

In this case it doesn't make sense to try and match the names with other antimalware companies. You have to wait for a Trend Micro signature detection for that.

Hi anekkab,

Just a ping to see if your question has now been answered?  The thread is still marked "needs solution."

Hello all,

I opend a ticket on mysymantec.com and they confirmed that they needed a sample to be analyzed.

I downloaded some quanrantined files but nothing

Hi anekkab,

That looks correct to me - .eml files are not malicious in themselves.  The attachments they carry can be.  Links in them can be, but .eml alone is not malware.

Be sure that you have a good mail security solution in place to block malicious messages with malware attachments and links! 

Support Perspective: W97M.Downloader Battle Plan
https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan