cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ellipwk
Level 8
Report Inappropriate Content
Message 1 of 7
‎11-28-2019 01:16 PM

RYUK Trying to find out if there any policy or normal AMCore Dat protect system?

RYUK Trying to find out if there any policy or normal AMCore Dat protect system? Click through link on McAfee web site and ther no information. Boss asked this question. Is there an option to search the “signatures” that will show us Mcafee is prepared? Like this RYUK ransomware for instance
0 Kudos
Reply
6 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 7
‎11-29-2019 12:19 AM

Re: RYUK Trying to find out if there any policy or normal AMCore Dat protect system?

Hi @ellipwk 

Our AMCORE Content already has coverage for it, however to confirm it's the variant you are specifically asking about, we would need an IOC or samples from yourself.

We do have a threat advisory for Ryuk as well but we've since migrated some of our documents to another platform and right now I can't find the right link. I'll update this thread later once re-discovered 🙂

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 7
‎11-29-2019 07:01 AM

Re: RYUK Trying to find out if there any policy or normal AMCore Dat protect system?

This is the KB I wanted to share with you: KB91844
0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 4 of 7
‎11-29-2019 12:42 AM

Re: RYUK Trying to find out if there any policy or normal AMCore Dat protect system?

Hi @ellipwk,

Thank you for your post! Adding to @chealey 's response:

Have you had a chance to review this?

https://www.mcafee.com/enterprise/en-us/threat-center/threat-landscape-dashboard/ransomware-details....

Why cannot McAfee confirm coverage based on Malware Name and why do we need a sample or Hash value?

It is very important to note that each malware under one name can have multiple variants comprising multiple files that perform different attacks at different levels. Hence, coverage need to be confirmed using specific hashes and samples.

I hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Reply
ycarrion
Level 8
Report Inappropriate Content
Message 5 of 7
‎11-29-2019 06:49 AM

Re: RYUK Trying to find out if there any policy or normal AMCore Dat protect system?

Is there any department that is working to identify variants of home threat ransomeware? since they are many and all need coverage

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 6 of 7
‎11-29-2019 06:54 AM

Re: RYUK Trying to find out if there any policy or normal AMCore Dat protect system?

Hi @ycarrion 

Our labs team are very proactive and are constantly reviewing new variants of any Malware seen. We don't just sit back and twirl our thumbs until a customer submits a sample 🙂

When customers ask us to confirm coverage, it is crucial that we get the IOC or sample they are referring to so that we can fully confirm our detection of that specific variant. Otherwise we'd just be making a very generic statement and that is of no use to anyone.

Apart from this, we have other teams who work on adding new content to other areas of the product i.e. the TIE rules for ATP or EP Content for ENS. All of these rules catch other types of intrusions and threats that can't be easily detected by content quite as easily.

Reply
Daveb3d
MVP
Report Inappropriate Content
Message 7 of 7
‎11-29-2019 07:22 AM

Re: RYUK Trying to find out if there any policy or normal AMCore Dat protect system?

Do you havew ATP installed? 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC