Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Sandstorm does not recognize Locky?

I'm wondering, why Sandstorm does not recognize and block Locky.

Yesterday a E-Mail passed the UTM, with attached, containing *.js scripts.

The ZIP was not encrypted and for my unterstanding Sandstorm should have analyzed this file and blocked it, as the *.js are very suspicious, as the arey downloading the Locky payload.

On our Exchange Server, the E-Mail was detected by Trendmicro Scanmail for Exchange as JS_LOCKY.KF

Parents Reply Children