Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Drive-by downloads: Can you get malware just from visiting a website?
Message
<blockquote data-quote="danb" data-source="post: 937565" data-attributes="member: 62850"><p>Actually, AutoPilot blocks this attack just fine. I am guessing that have your WLC set to "Allow Safe WhitelistCloud items when OFF or AutoPilot", which would allow this attack when VS is OFF or on AutoPilot.</p><p></p><p>[ATTACH=full]256511[/ATTACH]</p><p></p><p>SRP does not evaluate the parent process in the attack chain (or parse the command line asaik), so it is blind to a lot of advanced attacks, and to elevated attacks.</p><p></p><p>Here are a couple of different ways security products can mitigate against this attack.</p><p></p><p>1. They can globally block appdata and programdata, which is not granular and results in a lot of unwanted blocks.</p><p></p><p>2. They can evaluate the entire attack chain, which is granular and reduces the number of unwanted blocks, and <u>properly</u> block what needs to be blocked. Evaluating the entire attack chain is absolutely vital if you really want to create a robust "lock"... evaluating the parent process is actually just as vital as evaluating the child process.</p></blockquote><p></p>
[QUOTE="danb, post: 937565, member: 62850"] Actually, AutoPilot blocks this attack just fine. I am guessing that have your WLC set to "Allow Safe WhitelistCloud items when OFF or AutoPilot", which would allow this attack when VS is OFF or on AutoPilot. [ATTACH type="full"]256511[/ATTACH] SRP does not evaluate the parent process in the attack chain (or parse the command line asaik), so it is blind to a lot of advanced attacks, and to elevated attacks. Here are a couple of different ways security products can mitigate against this attack. 1. They can globally block appdata and programdata, which is not granular and results in a lot of unwanted blocks. 2. They can evaluate the entire attack chain, which is granular and reduces the number of unwanted blocks, and [U]properly[/U] block what needs to be blocked. Evaluating the entire attack chain is absolutely vital if you really want to create a robust "lock"... evaluating the parent process is actually just as vital as evaluating the child process. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
