Hi guys, I have a client who got hit with “Trojan.emotet”, all my endpoint have the antivirus installed. Is there a best practice way to protect system folders or best practice to configure the antivirus to protect against this type of attacks.
Thanks
Did you have auto containment enabled?
Hello @rudym12 ,
Please use 3-rd level profile as a template. Emotet uses windows services. So “terminate and disable” or “quarantine and disable” action should be set for Monitor Autoruns and in scan profiles. 3-rd will cover and protect you from Emotet.
Kind regards,
Zeynep.