For new emerging Ransomware, Trend Micro DDI is capable of detecting known Ransomware with the default settings and employing the sandbox behavior analysis techniques to defend against new variants.
The following configurations on DDI will help increase the Ransomware detection rate:
DDI supports the new widget of "Threats at a Glance" to show Ransomware detections with direct links to its detailed information.
Click image to enlarge
Click image to enlargeYou need to install DDI 3.8 SP2 hotfix 1203 or higher to display Ransomware detections in the new widget of "Threats at a Glance" and on Ransomware detection samples.
- Update and configure the file submission rules to submit files to the Sandbox. For the steps, refer to KB article: Updated default File Submission Rules for Virtual Analyzer in Deep Discovery Inspector (DDI) 3.8 Service Pack 5 (SP5).
Check the Sandboxes and ensure the following:
- Make sure the Sandboxes have internet connection.
- Make sure the Sandboxes have Java installed and Office with macro enabled.
- Use Control Manager (TMCM) with Connected Threat Defense in order to share Suspicious Objects with other Trend Micro products.