Our enterprise is experiencing an ongoing outbreak of "TROJ_FAKEAV.SM10". While our antivirus program seems to...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
always clean or quarantine the files in question, they keep popping up, and have been for several weeks now. I have researched this and can't find a way to stop these infections from occurring. (For example, there is not one specific patch that claims to block this threat.) Do you have any specific ideas on how to deal with a Trojan for which there are noeffective antivirus signatures?
Patches typically don’t directly block malware from executing, but they may stop malware from completely taking over a computer. You need to stop the malware from initially running on your systems to prevent the infections. You may want to re-evaluate your remediation procedures to determine if they can remove Trojan malware effectively. Are you rebuilding systems after they get infected and keeping the operating system and all applications patched? Are you sure the systems are not infected with rootkits that are disabling your antimalware software, thus keeping it from detecting the malware with a Trojan signature and then allowing machines to be re-infected with a new variant? On some of your systems that get re-infected, you might want to try a different antimalware program or use different host-based security software to see if it's more successful.
If the host-based security controls have proven to be ineffective, you may want to explore network-based security controls for blocking malware. There are several different types of network appliances that can be used to block malware from infecting systems on your local network like a dedicated antimalware appliance, a Web proxy with antimalware functionality, or a firewall with antimalware functionality. These appliances add to defense-in-depth and help protect systems with less effective antimalware software or no antimalware software at all. The appliances can inspect HTTP/S, application-based protocol, or use other methods to block malware. If you do evaluate a network appliance, you may want to ensure the antimalware detection methods or engine is different than what is currently in use for maximum defense in depth, or that you understand how the network appliance will aid the effectiveness of the host-based defenses.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.