This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

Retired Member
Not applicable

‎03-05-2015 05:45 PM

A customer is seeing infected word files with macro in their network. The firewall is not able to block this file because the macro keeps changing file hash, even with WildFire enabled.

Would Traps be able to detect and kill this file on the host without requiring any manual remediation?

0 Likes Likes
3 REPLIES 3

hyadavalli
L5 Sessionator

‎03-06-2015 07:36 AM

Hello Emma,

It depends on the policy pushed to the client machine whether word process is protected or not.

If it is then yes, Traps will detect the exploit and won't display the file.

Regards,

Hari Yadavalli

0 Likes Likes

pulukas
L7 Applicator

‎03-07-2015 04:52 AM

Note that TRAPS works in a completely different way than current AV products.  AV using signatures that are evaded by the technique you note.  TRAPS watches the actual behavior against exploit behavior and stops the action or logs the activity.

Advanced Endpoint Protection Overview

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

gafrol
L4 Transporter

‎03-10-2015 07:37 AM

As already said, if the macro is malicious (exploit vulnerabilty on the endpoint) then most probably Traps will stop it from happening. I made a short video to demo Traps preventing an endpoint from being exploited by a vuln. in Adobe Flash just to give an idea.

Traps - Advanced Endpoint Protection by Palo Alto Networks - YouTube

One of the key advantages of Traps is that it does not require any remediation after prevention, although the malicious files should get deleted/quarantined on the endpoint once a legacy AV solution has a signature....

0 Likes Likes
  • 2446 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks