03-05-2015 05:45 PM
A customer is seeing infected word files with macro in their network. The firewall is not able to block this file because the macro keeps changing file hash, even with WildFire enabled.
Would Traps be able to detect and kill this file on the host without requiring any manual remediation?
03-06-2015 07:36 AM
Hello Emma,
It depends on the policy pushed to the client machine whether word process is protected or not.
If it is then yes, Traps will detect the exploit and won't display the file.
Regards,
Hari Yadavalli
03-07-2015 04:52 AM
Note that TRAPS works in a completely different way than current AV products. AV using signatures that are evaded by the technique you note. TRAPS watches the actual behavior against exploit behavior and stops the action or logs the activity.
Advanced Endpoint Protection Overview
03-10-2015 07:37 AM
As already said, if the macro is malicious (exploit vulnerabilty on the endpoint) then most probably Traps will stop it from happening. I made a short video to demo Traps preventing an endpoint from being exploited by a vuln. in Adobe Flash just to give an idea.
Traps - Advanced Endpoint Protection by Palo Alto Networks - YouTube
One of the key advantages of Traps is that it does not require any remediation after prevention, although the malicious files should get deleted/quarantined on the endpoint once a legacy AV solution has a signature....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
