At what date was Endpoint able to detect and Quarantine Ardamax Keylogger?
-
25 июня 2012 г. 18:56
My log shows that this file was quarantined by Endpoint Protection on 6/20/12
I'm fairly certain the file was downloaded on or about 5/16/12 so my questions are;
When downloading a file to the system with Endpoint real-time protection running, does it matter what client is being used to download the file? uTorrent, Firefox, etc?
If it does not matter what client is used, was FEP unable to detect this threat until recently? Can someone tell me when the definition update went out that was capable of detecting this particular keylogger? Is there some way for me to research that?
Все ответы
-
25 июня 2012 г. 19:02
Hi,
You can check out the Malware Encyclopedia, found here: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Ardamax%20Keylogger
Regards,
Jörgen-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Помечено в качестве ответа Rick TanModerator 26 июня 2012 г. 8:41
-
25 июня 2012 г. 19:59
Thank you for the quick reply Jorgen!
That seems to answer the question of how long ago Endpoint was capable of detecting this keylogger. But I'm still left wondering at what point it would have, in other words; would Endpoint detect it as soon as it finished downloading assuming "Real-Time" was enabled, or would it detect it upon activation?
-
25 июня 2012 г. 20:17
Hi,
It should detect it as soon as it is downloaded, of course based on your settings..
Regards,
Jörgen-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Помечено в качестве ответа Rick TanModerator 26 июня 2012 г. 8:42
.png)
