MSP N-central

Submitted by (@systemd.mfsen)

Hash detected threats in AV Defender Security Event Service FAIL

Getting MD5/SHA2 hashes of AV Defender detections would greatly aid our SOC team in threat correlation. As of right now we have no method to perform deeper analysis other than removing the relevant files. Other than implementing a centralized sandbox, getting hashes is the next best thing to help us connect the dots.

MSP N-central

Submitted by (@prejay)

Active Application Compliance

Rather than the old passive alerting option that next to no-one uses, how about going an active route and actually prevent the disallows applications from running? Competitor RMM's have had these abilities for years. Let's take it a step further and use self healing to allow optional removal of specific detected software as well. And then if you can also add-in owner verification ala policypak least priviledge manager, ...more »

LOGICcards

Submitted by (@chasvircio)

Malware Advice is not timely and therefor not helpful

The Logic Card "MAV: Viruses on the rise" arrived a month late. The data plot indicates the campaign peaked the end of October rendering an end of November notification unhelpful.

Given the mercurial nature of "malware campaigns" propagation trends need to be reported as soon as the indicators are statistically significant.

Voting

14 votes

MSP Remote Monitoring & Management

Submitted by (@accentlogic)

Web Protection Block Uncategorized subdomain of malware domains

Currently a new subdomain will be Allowed, even if the parent or root domain is Blocked. I am seeing infections get past Web Protection because hackers have figured this out, and are daily creating new subdomains to bypass products like Web Protection. Please add the following as a default setting:

 

Block any request to an Uncategorized Subdomain if the root domain is blocked in any Web Security Category.

ControlNow

Submitted by

GFI Cloud - CryptoLocker

We had a close call with CryptoLocker yesterday, as mentioned in the news lately. The threat is opened by the client via email. : http://www.smh.com.au/it-pro/security-it/fake-speeding-fines-make-cryptolocker-lock-up-australian-files-20141030-11egcy.html Should GFI Cloud be able to prevent this ransomware? And stop it, or at least detect it? Or is there another product we should have to assist in threats like this? ...more »