Client has been using CSS for over a year.
Got his email credentials hijacked.
Ran malwarebytes on the device and after 8 minutes it found over 500 malware, trojan and PUPs.
scan still running.
So CSS was pretty much worthless.
Hi @smartcloud
CCS and it’s Containment technology blocks the execution of the malware at anytime, even if the malware is not identified as a malicious file or process. The data-at-rest which may contain some malicious content does not mean it will infect a computer with CCS installed, actually that’s the strength of our solution.
Other vendor solutions rely only on detection (either signature, machine learning or other methods), and zero day malware cannot be prevented 100% with a detection technology. But they can identify some malicious content for the data-at-rest as I mentioned. Please check independent testing organizations (i.e https://www.av-test.org/en/antivirus/home-windows/) for latest results on how good the products can actually protect their customers. We are able to fully protect the endpoints, as I see Malwarebytes fails miserably there.
Please provide us more information about this endpoint, I’ll check and write here why these 500 malware,trojan and pups are not detected by CCS. I expect either the scan is not scheduled or these folders are not included or something similar.
In the post above, I figured out that I shared the result for consumer products. Here is the result for business results: https://www.av-test.org/en/antivirus/business-windows-client/. Still same/perfect protection from our product. I cannot even see the other vendor…
How can action taken be unknown but its successful?
Malware namePathAction takenAction statusScan identification numberDate
| Generic.Trojan.C@6@1 |
C:\ProgramData\Comodo\Cis empscrpt\C_powershell.exe_38365D28AC77F47C834A9551CD942DA5970EADC5.ps1
sm2EC6.tmp\inetc.dll |
Hello @smartcloud, Can you please share full logs from that machine? After detailed logs we can share a proper information about which action was logged as “Unknown”.
Kind Regards,
Zeynep.
Hello @smartcloud , Please email us your contact information to support@itarian.com or call us in the following number 8774223865 as we need to collect some logs.
Kind Regards,
Tommy
I am curious to know the results and findings from support about this issue, and hope that those results can be posted here in detail.
there was a post by @smartcloud on this thread in which he was asking about the ‘unknown’ processes. I figured out it was unapproved (because of the content that is automatically classified as spam/malicious probably), and I approved it now. There, you can see the processes are blocked by Containment.
Thank you.