Jump to content

Documents and EndPoint Protection


Recommended Posts

I had just submitted a malware sample of a new dropper for Emotet which was a DOC file. I was told that endpoint/mbam does not check any Word document files plus a host of other files. Is this true? 

 

That means MBAM will not target; JS, JSE,  PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Link to post
Share on other sites

I asked the OP to post here.  I know the referenced items are not detected with the malware signatures in the home version. Does endpoint protection.use the same malware signatures?

I know that it up to exploit and web protection to block accessing the payload.

Link to post
Share on other sites

Yes, it's true, at least for the scan engine/Malware Protection component which is based on signatures.  This is because file types such as media files, documents and scripts are essentially nothing more than text files, and they are just as easy for the bad guys to edit, encrypt and obfuscate in any number of ways, even automatically in order to generate a different payload each time it is sent out/downloaded.  It is for this reason that Malwarebytes instead focuses on using Exploit Protection to guard against such threats since exploits are what are used to infect users from such file types.  You can learn more about why Malwarebytes does things this way (as well as why it is a waste of time/effort/memory/space for the AV/AM products that do use signatures to target such files/threats) by reading the information found in this article.

Basically what it boils down to is that it is far more effective to detect such threats/attacks based on their behavior rather than the files they use in order to attempt to dump a payload on the user's system (which is typically the purpose of such exploits/file types, including in the case of ransomware).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.