cancel
Showing results for 
Search instead for 
Did you mean: 
avilt
Level 8
Report Inappropriate Content
Message 1 of 4

Shamoon 2018 Protection

Jump to solution

 

I need protection against Shamoon new variant 2018. How do I block based on hash if I have VSE?

Or is there a new signature to prevent this threat?

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middl...

1 Solution

Accepted Solutions
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Shamoon 2018 Protection

Jump to solution

@avilt There is no need to integrate blocking based on hash additionally to DAT content, as that type of functionality is integrated into the content based on known threats. For more information about this threat, Indication of Compromise, and mitigation instructions, you can reference the Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon), PD25630

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

3 Replies
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Shamoon 2018 Protection

Jump to solution

@avilt There is no need to integrate blocking based on hash additionally to DAT content, as that type of functionality is integrated into the content based on known threats. For more information about this threat, Indication of Compromise, and mitigation instructions, you can reference the Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon), PD25630

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

View solution in original post

avilt
Level 8
Report Inappropriate Content
Message 3 of 4

Re: Shamoon 2018 Protection

Jump to solution

This advisory was issued in June 2018 and the new vvariant of Shamoon is released this month Dec 2018.

How do I proect my system from this variant?

How do we achieve hash based blocking in VSE?

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Shamoon 2018 Protection

Jump to solution

VSE does not have a feature for hash based blocking. This can be achieved with ENS. Based on known hashes I've received from other customers, I can confirm we have coverage. You can also refer to this Threat Advisory for Trojan-Wiper (aka DistTrack aka Shamoon)PD25630

You can also raise a MALWARE service request with us to check for detection but we would ask you to provide a list of hashes / IoC or samples to check against.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community