Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
simonorch
Contributor

Custom rule to mark as suspicious a specific exe file?

We recently saw several instances of malware\ransomware downloaded via an email URL using sandboxing avoidance techniques. The most obvious was sleep.exe being executed multiple times and was seen in the trace file.

 

Would it be possible to create a rule (yara?) that would mark a URL\file as malicious if sleep.exe was executed?

 

thanks for any advice

NSE8 Fortinet Expert partner - Norway

NSE8 Fortinet Expert partner - Norway
0 REPLIES 0
Labels
Top Kudoed Authors