Our enterprise is experiencing an ongoing outbreak of "TROJ_FAKEAV.SM10". While our antivirus program seems to...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
always clean or quarantine the files in question, they keep popping up, and have been for several weeks now. I have researched this and can't find a way to stop these infections from occurring. (For example, there is not one specific patch that claims to block this threat.) Do you have any specific ideas on how to deal with a Trojan for which there are noeffective antivirus signatures?
Patches typically don’t directly block malware from executing, but they may stop malware from completely taking over a computer. You need to stop the malware from initially running on your systems to prevent the infections. You may want to re-evaluate your remediation procedures to determine if they can remove Trojan malware effectively. Are you rebuilding systems after they get infected and keeping the operating system and all applications patched? Are you sure the systems are not infected with rootkits that are disabling your antimalware software, thus keeping it from detecting the malware with a Trojan signature and then allowing machines to be re-infected with a new variant? On some of your systems that get re-infected, you might want to try a different antimalware program or use different host-based security software to see if it's more successful.
If the host-based security controls have proven to be ineffective, you may want to explore network-based security controls for blocking malware. There are several different types of network appliances that can be used to block malware from infecting systems on your local network like a dedicated antimalware appliance, a Web proxy with antimalware functionality, or a firewall with antimalware functionality. These appliances add to defense-in-depth and help protect systems with less effective antimalware software or no antimalware software at all. The appliances can inspect HTTP/S, application-based protocol, or use other methods to block malware. If you do evaluate a network appliance, you may want to ensure the antimalware detection methods or engine is different than what is currently in use for maximum defense in depth, or that you understand how the network appliance will aid the effectiveness of the host-based defenses.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Malware is increasingly using DNS tunnels to aid in data exfiltration. Expert Nick Lewis explains how the attacks work and how best to defend against...continue reading
Researchers warned about the rise of a new cross-site scripting flaw involving same-origin policy. Expert Nick Lewis explains the vulnerability and ...continue reading
Malware authors are adopting software wrapping to hide malicious code and avoid detection. Expert Nick Lewis explains how to defend against the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.