Technology Tips and News
Hi!
One of our customers was hit by CryptoWall 3.0 RamsonWare Virus. Her computer was "protected" by Microsoft Endpoint Protection which had allowed some CryptoWall instances to be executed and some were blocked. We don't know why's this. Most of execute attempts was bloced but damage did happen.
However, my question is: Would EMET be able to block this kind viruses?
Regards,
Centero Oy
Teemu Tiainen
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
It will help, depending upon how the computer initially became infected with its first malware or malware downloader. Typically, malicious software infection on a clean user's workstation starts using one of two methods.
1. The user is tricked into installing or running the malware application
- for instance the user receives an email attachment with the malware in a .zip file pretending to be from a bank
- for instance a web ad popup falsely tells the user they have a virus and to download/run the malware to fix it
+ EMET doesn't block users from installing software, that is a job for antivirus/antimalware software along with user training, whitelisting, web/email filtering, etc.
2. A good but vulnerable application already installed on the user's workstation reads in bad data that corrupts the application's memory and runs malware
- for instance a user with an older version of Flash goes to a web page that sends the web browser's Flash player bad data, which corrupts the computer's memory and starts an exploit.
+EMET will typically block this. Of course it is still good to do the other protections above, as ways around EMET are occasionally discovered but not typically tried by malware.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier