Our enterprise is experiencing an ongoing outbreak of "TROJ_FAKEAV.SM10". While our antivirus program seems to always clean or quarantine the files in question, they keep popping up, and have been for several weeks now. I have researched this and can't find a way to stop these infections from occurring. (For example, there is not one specific patch that claims to block this threat.) Do you have any specific ideas on how to deal with a Trojan for which there are noeffective antivirus signatures?
Patches typically don’t directly block malware from executing, but they may stop malware from completely taking over a computer. You need to stop the malware from initially running on your systems to prevent the infections. You may want to re-evaluate your remediation procedures to determine if they can remove Trojan malware effectively. Are you rebuilding systems after they get infected and keeping the operating system and all applications patched? Are you sure the systems are not infected with rootkits that are disabling your antimalware software, thus keeping it from detecting the malware with a Trojan signature and then allowing machines to be re-infected with a new variant? On some of your systems that get re-infected, you might want to try a different antimalware program or use different host-based security software to see if it's more successful.
If the host-based security controls have proven to be ineffective, you may want to explore network-based security controls for blocking malware. There are several different types of network appliances that can be used to block malware from infecting systems on your local network like a dedicated antimalware appliance, a Web proxy with antimalware functionality, or a firewall with antimalware functionality. These appliances add to defense-in-depth and help protect systems with less effective antimalware software or no antimalware software at all. The appliances can inspect HTTP/S, application-based protocol, or use other methods to block malware. If you do evaluate a network appliance, you may want to ensure the antimalware detection methods or engine is different than what is currently in use for maximum defense in depth, or that you understand how the network appliance will aid the effectiveness of the host-based defenses.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.