Ransomware Infections Reported Worldwide WannaCry

Forum|Forum|9 years ago
May 13, 2017
1 reply
12316 views

Greetings to you

I would like to know how mach forticlient take to update their AV database!? now there as new ransomware called [size="3"]WannaCry hitting computers ! did forticlient update their AV signature ? to detect this attack ? [/size]

Best answer by ede_pfau

Yes. FortuGuard reported this in a blog post dated May 12, 2017:

http://blog.fortinet.com/2017/05/12/protecting-your-organization-from-the-wcry-ransomware

Fortinet has published an IPS signature as well as an AV signature update to fight this virus.

BTW, this was the first hit on Google with "FortiGuard wannacry".

ede_pfauAnswer

SuperUser

Yes. FortuGuard reported this in a blog post dated May 12, 2017:

http://blog.fortinet.com/2017/05/12/protecting-your-organization-from-the-wcry-ransomware

Fortinet has published an IPS signature as well as an AV signature update to fight this virus.

BTW, this was the first hit on Google with "FortiGuard wannacry".

tanr

New Member

The IPS signature, MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution, has target type Server, even though the IPS description says this also effects Windows 7, 8, etc.

See https://fortiguard.com/encyclopedia/ips/43796 for the description.

So the IPS signature won't automatically protect client systems if your IPS sensors' filters have Location: Clients.

I noticed that MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution is also listed under IPS "Rate Based Signatures" for each IPS sensor, though it is disabled. Anybody know if you can set threshold and duration for a rate based signature so it blocks on the first one?

tanr

New Member

Forgot to add, I just added the MS.SMB.Server.SMB1.Trans2.Secondary.Handling.Code.Execution, set to block, as a specific IPS signature for each of my IPS Windows client sensor profiles.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded