cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

MAZE threat

Jump to solution
McAfee_Labs_Threat_Advisory_Maze.pdf Have you got more details about the ENS 10.6.1 Access Protection User-defined-rules - i have add hash md5 foe blocking it, but what actions in the sub-rube ?
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: MAZE threat

Jump to solution

Hi @User49274534,

Thank you for your response. For this particular Advisory, You are covered with just the DAT. You are correct about the extensions and hence AP rules may not be necessary here!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: MAZE threat

Jump to solution

Hi @User49274534,

Thank you for your post! Kindly please share the pdf with us so that we can look into the same for you and advise accordingly. Are there any specific extensions recommended to be blocked?

Apologies I do not have access to a document by that name AFAIK.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Highlighted

Re: MAZE threat

Jump to solution

The .pdf Threat advisory can be found at the link :

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/92000/KB92415/en_US/McA...

 

No information about what should be add in subrule of a user defined rule  (ENS 10.6.1 category access protection) while md5 hash is provided.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: MAZE threat

Jump to solution

Hi @User49274534,

Thank you for your kind response.

The hash identified from the PDF is:

BD9838D84FD77205011E8B0C2BD711E0 - detected by us as: Ransomware-GWI!BD9838D84FD7

The Characteristics and Symptoms section based on which usually we build AP rules are not usable in this case for the same. This ransomware generated random extensions and hence a custom AP rule will be of minimal to no use here. This particular variant is covered by us!

I sincerely hope this information helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Highlighted

Re: MAZE threat

Jump to solution

Thanks for your reply,

I have yet thought random extensions will be very difficult for me to create a subrule, thanks for confirming this.

I have last V2 DAT & V3 DAT AMcore to protect my organization.

My request was intended to increase & optimize protection.

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: MAZE threat

Jump to solution

Hi @User49274534,

Thank you for your response. For this particular Advisory, You are covered with just the DAT. You are correct about the extensions and hence AP rules may not be necessary here!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community