Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Preventing Ransomware on Deep Discovery Inspector (DDI)

    • Updated:
    • 13 Sep 2016
    • Product/Version:
    • Deep Discovery Inspector 3.8
    • Platform:
    • N/A N/A
Summary

For new emerging Ransomware, Trend Micro DDI is capable of detecting known Ransomware with the default settings and employing the sandbox behavior analysis techniques to defend against new variants.

Details
Public

The following configurations on DDI will help increase the Ransomware detection rate:

  1. DDI supports the new widget of "Threats at a Glance" to show Ransomware detections with direct links to its detailed information.

    Threats at a Glance widget

    Click image to enlarge

    DDI Dashboard

    Click image to enlarge

     
    You need to install DDI 3.8 SP2 hotfix 1203 or higher to display Ransomware detections in the  new widget of "Threats at a Glance" and on Ransomware detection samples.
  2. Access the DDI Admin WebUI, https://<DDI_IP>, then configure the following file submission rules under Administration > Virtual Analyzer > File Submission Rules, to submit files to the Sandbox:

    CriteriaAction
    Known malwareDo not submit files
    No detection type AND CHM / Jar / Java Applet / LNK / WIN_EXESubmit files
    No detection type AND HTTP AND *.vbs / *.vbe / *.ps1 / *.hta / *.wsfSubmit files
    No detection type AND SMTP AND *.vbs / *.vbe / *.ps1 / *.hta / *.wsf / *.js / *.jseSubmit files
    No detection type AND SMTP AND SWFSubmit files
    Rule : 28 / 29 / 40 / 52Do not submit files
    Heuristic detections / Highly Suspicious filesSubmit files

    File Submission Rules

    Click image to enlarge

     
    Before sending more files to the sandbox, you might need to add more storage capacity.
  3. Check the Sandboxes and ensure the following:

    • Make sure the Sandboxes have internet connection.
    • Make sure the Sandboxes have Java installed and Office with macro enabled.
  4. Use Control Manager (TMCM) with Connected Threat Defense in order to share Suspicious Objects with other Trend Micro products.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1114179
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.