cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
avilt
Not applicable
Report Inappropriate Content
Message 1 of 4

Shamoon 2018 Protection

Jump to solution

 

I need protection against Shamoon new variant 2018. How do I block based on hash if I have VSE?

Or is there a new signature to prevent this threat?

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middl...

1 Solution

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Shamoon 2018 Protection

Jump to solution

@avilt There is no need to integrate blocking based on hash additionally to DAT content, as that type of functionality is integrated into the content based on known threats. For more information about this threat, Indication of Compromise, and mitigation instructions, you can reference the Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon), PD25630

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

3 Replies
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Shamoon 2018 Protection

Jump to solution

@avilt There is no need to integrate blocking based on hash additionally to DAT content, as that type of functionality is integrated into the content based on known threats. For more information about this threat, Indication of Compromise, and mitigation instructions, you can reference the Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon), PD25630

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

avilt
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: Shamoon 2018 Protection

Jump to solution

This advisory was issued in June 2018 and the new vvariant of Shamoon is released this month Dec 2018.

How do I proect my system from this variant?

How do we achieve hash based blocking in VSE?

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Shamoon 2018 Protection

Jump to solution

VSE does not have a feature for hash based blocking. This can be achieved with ENS. Based on known hashes I've received from other customers, I can confirm we have coverage. You can also refer to this Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon)PD25630

You can also raise a MALWARE service request with us to check for detection but we would ask you to provide a list of hashes / IoC or samples to check against.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.