This forum is closed. Thank you for your contributions.

Remove From My Forums

At what date was Endpoint able to detect and Quarantine Ardamax Keylogger?

Question
0

Sign in to vote

My log shows that this file was quarantined by Endpoint Protection on 6/20/12

I'm fairly certain the file was downloaded on or about 5/16/12 so my questions are;

When downloading a file to the system with Endpoint real-time protection running, does it matter what client is being used to download the file? uTorrent, Firefox, etc?

If it does not matter what client is used, was FEP unable to detect this threat until recently? Can someone tell me when the definition update went out that was capable of detecting this particular keylogger? Is there some way for me to research that?

Monday, June 25, 2012 6:56 PM

Answers

0

Sign in to vote
Hi,

You can check out the Malware Encyclopedia, found here: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Ardamax%20Keylogger

Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Marked as answer by Rick TanModerator Tuesday, June 26, 2012 8:41 AM
Monday, June 25, 2012 7:02 PM
0

Sign in to vote
Hi,

It should detect it as soon as it is downloaded, of course based on your settings..

Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Marked as answer by Rick TanModerator Tuesday, June 26, 2012 8:42 AM
Monday, June 25, 2012 8:17 PM

All replies

0

Sign in to vote
Hi,

You can check out the Malware Encyclopedia, found here: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Ardamax%20Keylogger

Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Marked as answer by Rick TanModerator Tuesday, June 26, 2012 8:41 AM
Monday, June 25, 2012 7:02 PM
0

Sign in to vote

Thank you for the quick reply Jorgen!

That seems to answer the question of how long ago Endpoint was capable of detecting this keylogger. But I'm still left wondering at what point it would have, in other words; would Endpoint detect it as soon as it finished downloading assuming "Real-Time" was enabled, or would it detect it upon activation?

Monday, June 25, 2012 7:59 PM
0

Sign in to vote
Hi,

It should detect it as soon as it is downloaded, of course based on your settings..

Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
- Marked as answer by Rick TanModerator Tuesday, June 26, 2012 8:42 AM
Monday, June 25, 2012 8:17 PM