We are using SCCM with Forefront to protect our computers, does Microsoft have a fix or defense for this yet???
will this stop crypto?
- Edited by jamicon Friday, February 06, 2015 4:39 PM
Technology Tips and News
We are using SCCM with Forefront to protect our computers, does Microsoft have a fix or defense for this yet???
will this stop crypto?
Microsoft security products identify this under the "Crowti" threat family:
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCrowti
"Microsoft security software detects and removes this threat." (Of course, this depends on the definitions being updated with the latest malware traces.)
The only possible "fix" I've seen to decrypt files encrypted by this malware is this
but newer versions of the malware are likely to be using different encryption keys.
Here's some more info on Crowti/Cryptowall 3.0. You might want to consider enabling MAPS in endpoint protection if you aren't already using it.
http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx
We have systems affected that are windows and forefront up-to-date
it doesn't look like FEP is catching them