For known Ransomware that is defined in the pattern file, DDEI can detect it as a normal virus.
Ransomware could be an exe file, script file or macro in a document.
For unknown Ransomware or malicious URL, the Administrator should submit the executable file and Office file to the Virtual Analyzer.
Improve Unknown Ransomware Detections
- Go to Administration > Scanning / Analysis > Virtual Analyzer Images and make sure that the Virtual Analyzer is ready.
- Go to Administration > Scanning / Analysis > Virtual Analyzer Settings.
- On the Files section, select Highly suspicious files and specified file types (forced analysis).
-
Under "File types", choose OFFICE and WIN_EXE* then click Add to add them to the "File types to force analyze" list.
Click image to enlarge.
- Save the changes.
Improve Ransomware Detections Visibility
From build 1336, DDEI 2.5 contains an enhancement for ransomware detections visibility. If your DDEI 2.5 build is lower than 1336, you can install Hot Fix Build 1336 or above package to get the feature.
Follow these steps to apply Hot Fix Build 1336 and learn how to use the new visibility features.
- Download Hot Fix Build 1336. Please refer to the Readme for details of this hot fix.
- Apply this hot fix via the DDEI management console under Administration > Product Updates > Hot Fixes / Patches.
-
After applying the hot fix, go to Management console > Dashboard > Threat Monitoring and you can check the Ransomware detections from the Advanced Threat Indicators widget:
Click image to enlarge.
-
The Administrator can click the number to check the detailed detection logs:
Click image to enlarge.
Improve Unknown Ransomware Detections
- Go to Administration > Scanning / Analysis > External Integration and make sure that the Virtual Analyzer setting is correct and working.
- Go to Administration > Scanning / Analysis > Settings.
-
Select Windows executables*, Scripts and Office with Marcos into the "Always analyze" list by clicking the ">" (greater than) sign found in the middle of the file types lists.
Click image to enlarge.
- Save the changes.
-
Go to Management console > Dashboard > Threat Monitoring and you can check the Ransomware detections from the Advanced Threat Indicators widget:
Click image to enlarge.
-
The Administrator can click the number to check the detailed detection logs:
Click image to enlarge.
Improve Unknown Ransomware Detections
- Go to Administration > Scanning / Analysis > External Integration and make sure that the Virtual Analyzer setting is correct and working.
- Go to Administration > Scanning / Analysis > Settings.
-
Select Windows executables*, Scripts and Office with Marcos into the "Always analyze" list by clicking the ">" (greater than) sign found in the middle of the file types lists.
Click image to enlarge.
- Save the changes.
-
Go to Management console > Dashboard > Threat Monitoring and you can check the Ransomware detections from the Advanced Threat Indicators widget:
Click image to enlarge.
-
The Administrator can click the number to check the detailed detection logs:
Click image to enlarge.
Improve Unknown Ransomware Detections
- Go to Administration > Scanning / Analysis > External Integration and make sure that the Virtual Analyzer setting is correct and working.
- Go to Administration > Scanning / Analysis > Settings.
-
Select Windows executables*, Scripts and Office with Marcos into the "Always analyze" list by clicking the ">" (greater than) sign found in the middle of the file types lists.
Click image to enlarge.
- Save the changes.