This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Testing InterceptX 2.0 against Barkly malware simulation

I enabled the new InterceptX Threat Management features this morning in the Central Console. On my testing endpoint, I ran Barkly's credential theft simulator: stackhackr.barkly.com/challenge/e54e0eda-9716-4239-bb47-8f0f4b9ff117

I was disappointed that InterceptX did not flag or stop the test. (It did stop the ransomware test successfully.)

I'm interested to learn if anyone else in the community can reproduce these results, or hopefully get better results.

- JAS

This thread was automatically locked due to age.

Parents

LRB over 6 years ago

There's a new "whats new" update this morning that indicates the "Active Adversary" (which includes cred theft) haven't been enabled yet, but should be soon. I thought they were already enabled, but guess not. You can turn them on manually now though or wait for Sophos to roll them out.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

LRB over 6 years ago

There's a new "whats new" update this morning that indicates the "Active Adversary" (which includes cred theft) haven't been enabled yet, but should be soon. I thought they were already enabled, but guess not. You can turn them on manually now though or wait for Sophos to roll them out.
Cancel
Vote Up 0 Vote Down

Cancel

Children

JoeStern over 6 years ago in reply to LRB

This is how my policy is configured. I tried it applied to both my test user and my test machine.

The Barkly test simulates accessing the credentials stored in LSASS.
Cancel
Vote Up 0 Vote Down

Cancel
LRB over 6 years ago in reply to JoeStern

Never mind me then :/
Cancel
Vote Up 0 Vote Down

Cancel