We are using SCCM with Forefront to protect our computers, does Microsoft have a fix or defense for this yet???
will this stop crypto?
- Edited by jamicon 19 hours 7 minutes ago
Technology Tips and News
We are using SCCM with Forefront to protect our computers, does Microsoft have a fix or defense for this yet???
will this stop crypto?
Microsoft security products identify this under the "Crowti" threat family:
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCrowti
"Microsoft security software detects and removes this threat." (Of course, this depends on the definitions being updated with the latest malware traces.)
The only possible "fix" I've seen to decrypt files encrypted by this malware is this
but newer versions of the malware are likely to be using different encryption keys.
Here's some more info on Crowti/Cryptowall 3.0. You might want to consider enabling MAPS in endpoint protection if you aren't already using it.
http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx
We have systems affected that are windows and forefront up-to-date
it doesn't look like FEP is catching them
We have systems affected that are windows and forefront up-to-date
it doesn't look like FEP is catching them
It shouldn't be like that, if you have sample of these malwares which won't be detected by FEP, then submit them to:
https://www.microsoft.com/security/portal/submission/submit.aspx