4 Replies Latest reply on Mar 23, 2012 8:58 AM by radiomoskau

    Is there a Signature for Fake AV downloads?

      Hi there!

       

      I'm running a M-3050 Sensor with the newest sig-set at our perimeter to the internet in IDS-Mode (on SPAN-Ports).

      We've recently had some trouble with fake antivirus downloads to some of our clients. While our Antivirus-Guys are trying to catch these programs on the client, I was hoping there might be signatures to capture those fake-av downloads while they are happening.

      I've already activated GTI File Reputation option.

       

      Do you guys have any suggestions as how this is possible?

       

      Thanks!

      Roman