Does Managed Antivirus (Bitdefender Engine) offer protection against emerging CryptoLocker threats?

Bitdefender provided the following response to this question which encompasses not only the remediation action to take one CrytoLocker is detected, but also steps to prevent the device becoming infected in the first place.

First we would like to point out that CryptoLocker is not unique at all in how it propagates. A lot of malware has been distributed via attachments for a dozen years, and certain torrents have been seeding malware for ages. So we’re certainly not talking about a new or unique threat here.

Obviously the infected email should be first addressed at the mail server, meaning the mail server should scan received email for malware/phishing and the end user should not receive the infected e-mail in the first place.

However in case the mail server protection fails, or is not available for some reason, the Remote Management solution still protects the end user through multiple layers:

1. The first layer is Web Protection, available from the Remote Management Dashboard.

The rest of the items mentioned are specific to the Managed Antivirus: Bitdefender engine offering….

2. The second layer is Active Protection. Before the executable file is started, it has to be written on disk and run. In case of attachment when a user clicks on a file, it does not start “directly from Outlook” – it is in fact written into the temporary directory and starts from there, either directly or passed as argument to an appropriate program such as Microsoft Word. The on-access module would be triggered when a file is opened (either because the system wants to memory-map the executable image into memory, or because Microsoft Word wants to read the document). Once triggered, the on-access module scans the file for malware with our standard engine, and if any malware is found, the file is blocked, meaning it cannot be started, or Microsoft Word cannot load the document, therefore preventing an infection.

3. In a rare case when a malware threat is completely new or was modified to pass the engine, and a new detection isn’t available yet, the file would be scanned and allowed to start. In this case the Behavioral Scanning gets into the game, analyzing the running program behavior and comparing it with the set of heuristic rules of what the file is allowed to do. If the file’s behavior is found malicious, the process is killed automatically, even though it was not detected by the engine.

So as you see, we’re using multiple layer protection even on the endpoint itself. And while no security solution guarantees 100% protection, Bitdefender does provide a much better detection level comparing to other vendors, as confirmed by the latest AV-Test results Bitdefender averages a 100% detection rate on 0-day malware collections, with the industry average 98%.

Please note that AV-Test is a trusted third-party organization with good reputation, it is trusted by many security professionals and which is not affiliated with Bitdefender or any other anti-malware vendor.

Follow by Email

Leave a Reply

Your email address will not be published. Required fields are marked *