Endpoint Protection

Hi Chaps,

                 Just some general information really. We are starting to have a big crack down (excuse the unintententional pun!) for certain files on peoples machines. One of the files we are targeting is called Keygen.exe and as you all know is usually used to create serial nos. used to illegally activate software. It is not a big problem but there are users who try to push the envelope... Anyway I have noticed that SEP does not always detect these keygens, but some it does and I think those have other more maliceous stuff hidden in them. How would any of you tackle this problem. You have to remember that there are applications out there also in use here that are actually quite innocently using the exe's in them named kegen. Or if you did a wild card it *keygen*.exe there are other apps that have the 'keygen' string in their name.

Cheers

PaulC

Get the hash of the file you want to block and use application control to stop it or the application to monitor feature.

Brian,

          Does Application to Monitor support wildcards e.g. *keygen*.exe ??

PaulC

No.

You'd need to enter in 'keygen.exe' for the app name to be monitored. It will start to be detected multiple times. You will need to select the correct one (based on hash) and select it. Only that particular one that matches the hash will be blocked.

In either case (ADC or app to monitor) you need to know the hash.

The use of wildcards is very limited in SEP. It has been asked for for a long time now.

Many thanks Brian, again :)

cheers

PaulC

Welcome :)