Does Fortigate stop Emotet & Trickbot malware from entering into our environment?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
in my opinion it is very important that you activate "Redirect botnet C&C requests to Block Portal" in DNS filters (and use it in your policies), additionally SSL-deep-inspection is a must-have. But it is not only a firewall-thing to stop Emotet. As the trojan comes with documents (XLSx, DOCx for example), you also have to watch you "Office-Settings". E.g. do not activate macros automatically. Or even block Emails with macro-documents in the attachment.
If you are in a corporate environment, you have to continuously inform your users too.
We had 4-5 times were a user activated the macro (by clicking on activate content). The fortigate then blocks the connection attempt to the "hackers" server (Botnet) and was not able to download additional "bad things". So we had a lot of luck to have a Fortigate-unit.
Just my 2 cents!
OMG, this problems always appears when you don't even expect it. I hate viruses and this kind of malware. First of all, virus destroys your software and makes it delete your files, memory and so on, till it will be blank on there. It is the worst thing ever... I had several times such problem and now I know for sure what should you do. You need to clean your registry with one of dedicated tools. It will give you the possibility to secure your software in the future as well. There are several good services that professionally clean these tools. I used this one https://thinkmobiles.com/blog/best-registry-cleaner-tools/
Well I think the only suitable way to prevent you from those is to forbid a bunch of extensions for mail attachements. They all come with compromitted documents or similar.
We here have forbidden a load of those file formats in email extensions and since then (about 2yrs) we didn't have not a single Infection with those.
False positive do occur of course but in this case the user has to inform us and we check that mail and if we approve that is a false positive and has no infection we permit the mail to go to the user.
We do that directly on our external mailserver.
This is the main main entrance for all the scare- and ransomware stuff! Probavly you could also handle that with the FortiGate's Mailfilter.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.