cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 4

Shamoon 2018 Protection

Jump to solution

 

I need protection against Shamoon new variant 2018. How do I block based on hash if I have VSE?

Or is there a new signature to prevent this threat?

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middl...

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Shamoon 2018 Protection

Jump to solution

@avilt There is no need to integrate blocking based on hash additionally to DAT content, as that type of functionality is integrated into the content based on known threats. For more information about this threat, Indication of Compromise, and mitigation instructions, you can reference the Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon), PD25630

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Shamoon 2018 Protection

Jump to solution

@avilt There is no need to integrate blocking based on hash additionally to DAT content, as that type of functionality is integrated into the content based on known threats. For more information about this threat, Indication of Compromise, and mitigation instructions, you can reference the Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon), PD25630

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

Highlighted
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Shamoon 2018 Protection

Jump to solution

This advisory was issued in June 2018 and the new vvariant of Shamoon is released this month Dec 2018.

How do I proect my system from this variant?

How do we achieve hash based blocking in VSE?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Shamoon 2018 Protection

Jump to solution

VSE does not have a feature for hash based blocking. This can be achieved with ENS. Based on known hashes I've received from other customers, I can confirm we have coverage. You can also refer to this Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon)PD25630

You can also raise a MALWARE service request with us to check for detection but we would ask you to provide a list of hashes / IoC or samples to check against.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community