Views:

For unknown ransomware or malicious URL, an administrator may consider the following actions to enhance security:

Improve Ransomware Detections Visibility

From build 1579, IMSVA 9.0 contains an enhancement for ransomware detections visibility. If your IMSVA 9.0 build is lower than 1579, you can install Hot Fix Build 1579 or above package to get the feature. Follow these steps to apply Hot Fix Build 1579 and learn how to use the new visibility features.

  1. Download Hot Fix Build 1579. Please refer to the Readme for details of this hot fix.
  2. Apply this hot fix via the IMSVA web console under Administration > Updates > System & Applications.
  3. After applying the hot fix, clear your browser cache to avoid display issues on the newly added ransomware widget.
  4. Add the “Ransomware Detections” widget to dashboard (It is suggested to add it to the “Message Traffic” tab.):
    1. On the web console go to Dashboard > Message Traffic tab, and click Add Widgets on the right side of the screen.

      add widgets

    2. Type keywords to search for "Ransomware Detections". Select it, and click Add.
    3. The “Ransomware Detections” widget will appear on the “Message Traffic” tab.

      detections

  5. On the web console go to Logs > Query. “Ransomware” category is added to “Policy events” type. It also contains four sub categories: Virus Scan, Spam Detection, Web Reputation and Virtual Analyzer.

    category

Enable WRS

Refer to KB 1113896 for detailed information on enabling the WRS feature in IMSx.

Handling Macro Files

Macro virus is one of the most common types of file infections in Microsoft Office documents. Administrators may refer to KB 1113805 for macro file handling in IMSVA. For macro files, the most aggressive way is strip the macro directly from document (Option 1 for KB 1113805). If DDAn is integrated, it is suggested to take both option 2 and option 3 for handling macro files.

Handling Executable Files

Administrators can either block executable files directly (refer to KB 1099617) or submit executable files to DDAn for further analysis (refer to KB 1114122).

IMSVA 9.1 has already contains the feature, ransomware detections visibility.

Enable WRS

Refer to KB 1113896 for detailed information on enabling the WRS feature in IMSx.

Handling Macro Files

Macro virus is one of the most common types of file infections in Microsoft Office documents. Administrators may refer to KB 1113805 for macro file handling in IMSVA. For macro files, the most aggressive way is strip the macro directly from document (Option 1 for KB 1113805). If DDAn is integrated, it is suggested to take both option 2 and option 3 for handling macro files.

Handling Executable Files

Administrators can either block executable files directly (refer to KB 1099617) or submit executable files to DDAn for further analysis (refer to KB 1114122).

Improve Ransomware Detections Visibility

From build 1770, IMSS 7.1 Linux contains enhancements for ransomware detections visibility. If your IMSS 7.1 Linux build is lower than 1770, you can install Hot Fix Build 1770 or above package to get the feature. Follow these steps to apply Hot Fix Build 1770 and learn how to use the new visibility features. Please refer to the readme for details of this hot fix.

  1. Download Hot Fix Build 1770. You may refer to the readme file for detailed info.
  2. Apply this hot fix to IMSS 7.1.
  3. After applying, go to the IMSS 7.1 management console under Summary > Statistics. IMSS will show “Ransomware Detections” in this tab.

    statistics

  4. On the management console go to Logs > Query > Policy events. “Ransomware” category is added to “Policy events” type. It also contains three sub categories: Virus Scan, Spam Detection and Web Reputation:

    category

Enable WRS

Refer to KB 1113896 for detailed information on enabling the WRS feature in IMSx.

Handling Macro Files

Macro virus is one of the most common types of file infections in Microsoft Office documents. Administrators can refer to KB 1113805 for macro file handling in IMSS. For macro files, the most aggressive way is strip the macro directly from document (Option 1 for KB 1113805).

Handling Executable Files

Administrators may refer to KB 1099617 to block executable files directly.

Improve Ransomware Detections Visibility

From build 1353, IMSS 7.5 Windows contains enhancements for ransomware detections visibility. If your IMSS 7.5 Windows build is lower than 1353, you can install Hot Fix Build 1353 or above package to get the feature. Follow these steps to apply Hot Fix Build 1353 and learn how to use the new visibility features.

  1. Download Hot Fix Build 1353. You may refer to the Readme file for detailed information about this hot fix.
  2. Apply this hot fix to IMSS 7.5.
  3. After applying, go to the IMSS 7.5 management console under Summary > Statistics. IMSS will show “Ransomware Detections” in this tab.
  4. On the management console go to Logs > Query > Policy events. “Ransomware” category is now added to "Policy events” type. It also contains three sub categories: Virus Scan, Spam Detection, Web Reputation and Virtual Analyzer.

Enable WRS

Refer to KB 1113896 for detailed information on enabling the WRS feature in IMSx.

Handling Macro Files

Macro virus is one of the most common types of file infections in Microsoft Office documents. Administrators may refer to KB 1113805 for macro file handling in IMSS. For macro files, the most aggressive way is strip the macro directly from document (Option 1 for KB 1113805).

Handling Executable Files

Administrators may refer to KB 1099617 to block executable files directly.

Enable WRS

Refer to KB 1113896 for detailed information on enabling the WRS feature in IMSx.

Handling Macro Files

Macro virus is one of the most common types of file infections in Microsoft Office documents. Administrators can refer to KB 1113805 for macro file handling in IMSS. For macro files, the most aggressive way is strip the macro directly from document (Option 1 for KB 1113805).

Handling Executable Files

Administrators may refer to KB 1099617 to block executable files directly.