Our enterprise is experiencing an ongoing outbreak of "TROJ_FAKEAV.SM10". While our antivirus program seems to...
always clean or quarantine the files in question, they keep popping up, and have been for several weeks now. I have researched this and can't find a way to stop these infections from occurring. (For example, there is not one specific patch that claims to block this threat.) Do you have any specific ideas on how to deal with a Trojan for which there are noeffective antivirus signatures?
Patches typically don’t directly block malware from executing, but they may stop malware from completely taking over a computer. You need to stop the malware from initially running on your systems to prevent the infections. You may want to re-evaluate your remediation procedures to determine if they can remove Trojan malware effectively. Are you rebuilding systems after they get infected and keeping the operating system and all applications patched? Are you sure the systems are not infected with rootkits that are disabling your antimalware software, thus keeping it from detecting the malware with a Trojan signature and then allowing machines to be re-infected with a new variant? On some of your systems that get re-infected, you might want to try a different antimalware program or use different host-based security software to see if it's more successful.
If the host-based security controls have proven to be ineffective, you may want to explore network-based security controls for blocking malware. There are several different types of network appliances that can be used to block malware from infecting systems on your local network like a dedicated antimalware appliance, a Web proxy with antimalware functionality, or a firewall with antimalware functionality. These appliances add to defense-in-depth and help protect systems with less effective antimalware software or no antimalware software at all. The appliances can inspect HTTP/S, application-based protocol, or use other methods to block malware. If you do evaluate a network appliance, you may want to ensure the antimalware detection methods or engine is different than what is currently in use for maximum defense in depth, or that you understand how the network appliance will aid the effectiveness of the host-based defenses.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.