Protection Advice

Hi guys, I have a client who got hit with “Trojan.emotet”, all my endpoint have the antivirus installed. Is there a best practice way to protect system folders or best practice to configure the antivirus to protect against this type of attacks.

Did you have auto containment enabled?

Hello @rudym12 ,

Please use 3-rd level profile as a template. Emotet uses windows services. So “terminate and disable” or “quarantine and disable” action should be set for Monitor Autoruns and in scan profiles. 3-rd will cover and protect you from Emotet.

Kind regards,