Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 2603 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion attack via Windows Vulnerability

Gary Kong

Hi, 

 

May I know do SOPHOS End Point Protection provide the features to detect and prevent the intrusion attack via Windows vulnerability such as MS17-010?

I did the MS17-010 attack on vulnerable machine successfully, but SOPHOS detect nothing unless i clicking on Scan button and then the following result is shown:

"Troj/MeterMem-A detected in Memory"

 

 

The followings are details for SOPHOS Product subscribed: 

Core Agent: 2.3.0

Endpoint Advanced: 10.8.3.441

Sophos Intercept X: 2.0.14

 

 

Cheers,

Gary



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to SaschaParis1

    Hi SaschaParis1,

     

    Yes, APC Prevention is enabled. 

     

     

    Besides that, the features below are all enabled:

    • Live Protection
    • Real-time Scanning - Local Files and Network Shares
    • Real-time Scanning - Internet
    • Remediation
    • Runtime Protection

     

    Cheers,

    Gary

  • 0 in reply to Gary Kong

    Hi Gary,

    As Sascha correctly pointed out, APC Violation is quite robust in mitigating a remote exploitation attempt using EternalBlue. You're getting a Troj/Meter-M detection which can only happen in the later stages of attack i.e. APC Violation should've acted first! We fired MeterM to counter the Metepreter shell which we don't let establish in the first place if Intercept X is correctly configured and all protection levels are functional! :)

    Please feel free to DM me with all the details and I'll be happy to fill in the gaps. 

    Thanks,

    Vikas

Unfiltered HTML