Getting MD5/SHA2 hashes of AV Defender detections would greatly aid our SOC team in threat correlation. As of right now we have no method to perform deeper analysis other than removing the relevant files. Other than implementing a centralized sandbox, getting hashes is the next best thing to help us connect the dots.
Rather than the old passive alerting option that next to no-one uses, how about going an active route and actually prevent the disallows applications from running? Competitor RMM's have had these abilities for years. Let's take it a step further and use self healing to allow optional removal of specific detected software as well. And then if you can also add-in owner verification ala policypak least priviledge manager, ...more »
Bitdefender has been touting their product for a while. A/V A/M are absolute necessities for Macs these days. I have seen topics open on this since 2013.
I think it is time to get this in place.
The Logic Card "MAV: Viruses on the rise" arrived a month late. The data plot indicates the campaign peaked the end of October rendering an end of November notification unhelpful.
Given the mercurial nature of "malware campaigns" propagation trends need to be reported as soon as the indicators are statistically significant.
Currently a new subdomain will be Allowed, even if the parent or root domain is Blocked. I am seeing infections get past Web Protection because hackers have figured this out, and are daily creating new subdomains to bypass products like Web Protection. Please add the following as a default setting:
Block any request to an Uncategorized Subdomain if the root domain is blocked in any Web Security Category.
When a threat is found via Active Protection or Quick Scan, it would be nice to have an option to automatically trigger a deep scan. Since the GFI program already recommends a deep scan once a threat is detected, why not allow options to automate that process ?
We had a close call with CryptoLocker yesterday, as mentioned in the news lately. The threat is opened by the client via email. : http://www.smh.com.au/it-pro/security-it/fake-speeding-fines-make-cryptolocker-lock-up-australian-files-20141030-11egcy.html Should GFI Cloud be able to prevent this ransomware? And stop it, or at least detect it? Or is there another product we should have to assist in threats like this? ...more »
I know you can currently select multiple items in the quarantine list and delete from the dashboard but this will save people alot of time going through each item in the list.