[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

how to block advanced pc shield in sonicwall

Posted on 2011-09-29
1
Medium Priority
?
580 Views
Last Modified: 2013-11-16
Hi
I am using sonicwall nsa2400 in company, recently one of my user who accidentally hit the ok button when the faked antivirus software pop up when the user browsing a website, my sonicwall has antispyware and content filtering subscription but still not able to detect it, how come?  And how can i block such kind of faked antivirus software and spyware?

Thanks!
0
Comment
Question by:KANEWONG
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 13

Accepted Solution

by:
khairil earned 2000 total points
ID: 36890295
Hi,

It is like chicken and egg thing. We have dual layer firewall (different brand) + antimalware installed, but still out of 10,000 there are 2 or 3 that feels they are more knowledgable than us so they decide to put additional av - which then found out to be fake.

How come?
The answer are:
1. Firewall and antimalware depends on signature, if they do not have it then they do not know it. Some have heuristic that be able to guess some of the files but still not all.
2. The install package have special way to pack the files, which makes antimalware/spyware useless because they cannot "see" what is the package.

You can blocked that file by file name or hash signature (if your firewall support that) but by experience, it is useless - the scammer always come out with new "version" that have different signature.

The best thing you can do it to have awareness programme to your users. If you have active directory and your user attach to it, you can use GPO to disallow user from running installer of that fakeware - you still can do this manually with more work. You also might want to impose some fine if user failed to comply with that - you better have published policy before doing that.

0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question