Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Ransomware Protection feature in Deep Discovery Email Inspector (DDEI)

    • Updated:
    • 7 Jun 2016
    • Product/Version:
    • Deep Discovery Email Inspector 2.0
    • Deep Discovery Email Inspector 2.1
    • Deep Discovery Email Inspector 2.5
    • Platform:
    • CentOS 5.4 64-bit
Summary

Ransomware may spread via email by either attaching itself directly to the email or pasting malicious URLs on the email body.

Details
Public

For known Ransomware that is defined in the pattern file, DDEI can detect it as a normal virus.

Ransomware could be an exe file, script file or macro in a document.

For unknown Ransomware or malicious URL, the Administrator should submit the executable file and Office file to the Virtual Analyzer.

Improve Unknown Ransomware Detections

  1. Go to AdministrationScanning / Analysis > Virtual Analyzer Images and make sure that the Virtual Analyzer is ready.
  2. Go to AdministrationScanning / AnalysisVirtual Analyzer Settings. 
  3. On the Files section, select Highly suspicious files and specified file types (forced analysis)
  4. Under "File types", choose OFFICE and WIN_EXE* then click Add to add them to the "File types to force analyze" list.

    Click image to enlarge.

  5. Save the changes.

Improve Ransomware Detections Visibility

From build 1336, DDEI 2.5 contains an enhancement for ransomware detections visibility. If your DDEI 2.5 build is lower than 1336, you can install Hot Fix Build 1336 or above package to get the feature.

Follow these steps to apply Hot Fix Build 1336 and learn how to use the new visibility features.

  1. Download Hot Fix Build 1336. Please refer to the Readme for details of this hot fix.
  2. Apply this hot fix via the DDEI management console under Administration > Product Updates > Hot Fixes / Patches.
  3. After applying the hot fix, go to Management console > Dashboard > Threat Monitoring and you can check the Ransomware detections from  the Advanced Threat Indicators widget:

    Check the Ransomware detections

    Click image to enlarge.

  4. The Administrator can click the number to check the detailed detection logs:

    Click the number for detailed detection logs

    Click image to enlarge.

Improve Unknown Ransomware Detections

  1. Go to AdministrationScanning / Analysis > External Integration and make sure that the Virtual Analyzer setting is correct and working.
  2. Go to AdministrationScanning / Analysis > Settings.
  3. Select Windows executables*, Scripts and Office with Marcos into the "Always analyze" list by clicking the ">" (greater than) sign found in the middle of the file types lists.

    Click image to enlarge.

  4. Save the changes.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
1114159
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.