- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-17-2013 04:37 PM
Does any one knows if this has been detected and addresed by PAN, just trying to stay informed, could not find it in the latest virus definitios update
Thanks
Luis Cabrera
09-17-2013 05:42 PM
Hello,
At this time, only antivirus signatures for PE viruses (executables) are in the threat vault, aside from the vulnerability and anti-spyware signatures. I have checked with www.virustotal.com, the virus information is available there. So, I would expect to be available with the PAN antivirus database as well. If PAN is unable to detect the virus through it, you can open a ticket with us and we will address into the next AV database.
Thanks
09-17-2013 05:56 PM
Thanks for the replay, I checked vt.com as well and went throught the release notes for the lates av definitions on the PAN device, i could not mach the name that is why I posted here, just to make sure, at this point i guess we just have to hope for the best
Luis
09-17-2013 06:09 PM
Yes Luis, Hope for the best.
Just an advice, can you make sure packet captures are enabled for the Antivirus Security Profile? It will take a packet capture of the threat, if affected by any virus ( i.e. crilock.a (CRYPTOLOCKER HIJACK) .
Have a nice day.!!!
Thanks
09-18-2013 03:34 PM
Hello,
This is currently in the pipeline, we're working on covering this threat in the upcoming AV releases.
Thanks,
Aditi
10-15-2013 02:15 AM
Is this virus detected now?
What is the name of the signature?
Jo Christian
10-15-2013 04:50 AM
To answer my own question..
Seems like it's called: Trojan-Ransom/Win32.blocker.shk
Jo Christian
11-18-2013 11:42 AM
How do I confirm my PA is actively scanning traffic for this threat? I need to report this to my security team so they know we have safeguards in place for it.
11-18-2013 11:51 AM
Hello Mario,
Threat vault shows that we have 7 signatures for crilock - one of them is crilock.a
Thanks and regards,
Kunal Adak
11-18-2013 12:00 PM
Kadak,
Thanks for the quick response! I've seen this in the vault. I am just wondering where I can see a list of these signatures on the firewall? Perhaps there is a release note showing these signatures listed so we we know they are covered? The current release notes for anti-virus 1147-1601 and 1146-1600 don't show these signatures listed (these are the current databases we have on our firewall).
Thanks!
11-18-2013 12:11 PM
I think I found what I am looking for. Clicking on the magnifying glass next to signature shows the release the signature was included in. This should work by comparing it to our current version. Thanks a ton!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!