This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cryptowall 3.0 Prevention

Hello,

I just got hit with Cryptowall 3.0 on Friday and SEP on the infected workstation didn't prevent the attack until it started to detect help_decrypt.txt .png .html files. The endpoint client was up-to-date so I'm not sure why this happened. Wasn't Sophos AV suppose to prevent such malware behaviour from fully executing? Did anyone encounter the same thing?

FYI, Cryptowall managed to delete my shadow copy but luckily I do have backups.

Edit - After reading replies, yes I do use Sophos UTM as well. All the workstations uses Sophos Endpoint Protection.

This thread was automatically locked due to age.

Parents

0 William Warren over 9 years ago

It bypasses the web proxy which means it bypasses the antivirus and the application control and the content control it's all handled by the same cloud look up System on the web proxy uses but you bypass the other two antivirus is that the web proxy uses everything else is still intact like IPS ATP to a degree but it bypasses the web proxy

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 9 years ago

It bypasses the web proxy which means it bypasses the antivirus and the application control and the content control it's all handled by the same cloud look up System on the web proxy uses but you bypass the other two antivirus is that the web proxy uses everything else is still intact like IPS ATP to a degree but it bypasses the web proxy

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data