Increase protection from Ransomware threats in HES by following this guide.
To increase protection from Ransomware threats in HES:
- Enable IP reputation setting. For the procedure, refer to this KB article: Configuring the IP Reputation settings to block spam on Hosted Email Security (HES).
- Make sure Spam and Phish inbound policy is enabled. This includes WRS, new born URL handling and TLSH. Follow the instructions on Troubleshooting guide for spam mails not filtered by Hosted Email Security (HES).
- Block file types commonly used by Ransomware. To do this, refer to this KB article: Blocking attachments using the Attachment True File Type criteria in Hosted Email Security (HES).
- Enable macro file scanning.
HES now supports Deep Discovery Analyzer as a Service (DDAaaS). It is a cloud-based web service that acts as an external analyzer.
Enabling this feature will help detect macro embedded files. It identifies suspicious files, sends them to the sandbox and then takes an action.
To integrate HES with DDAaaS:
- Log in to HES management console.
- Go to Inbound Protection > Policy and select Virus Rule.
- Go to Scanning Criteria > Malware or Malicious Code.
Under Specify advanced settings, tick the Enable Advance Threat Scan Engine and Perform advanced analysis to identify threats. Then tick Include macro scanning during advanced analysis.
Click image to enlarge.
- Click Save.
HES can perform advanced analysis on samples in a closed environment to identify suspicious objects that traditional scanning may not detect. When enabled, HES delays the delivery of the messages until the advanced analysis completes, which may take up to 30 minutes.