Protecting email from WannaCry worm
- Article Number: 000012824
- Products: Email Security Gateway, Email Security Gateway Anywhere, Forcepoint Email Security, Forcepoint Email Security Cloud, TRITON AP-EMAIL
- Version: All versions, 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6
- Last Published Date: June 17, 2020
On May 12, 2017, a significantly widespread malware outbreak known as the WannaCry worm was identified. This article will highlight the key steps to help protect this threat from your Forcepoint AP-Email, Email Security Gateway, or Cloud Email Security products.
Forcepoint AP-Email or Email Security Gateway
Forcepoint has a specific virus signature in place for the WannaCry (WCry, and WannaCrypt0r 2.0) worm that came to light starting May 12, 2017. For your Forcepoint AP-Email on premises system to be fully protected it is critical that you have the most recent databases downloaded.
Look to see if the databases are current:
Note Upgrading AP-Email to version 8.2 and apply HF2 or later includes the additional protection of the "Yara" scanning engine. Details of upgrading your version of AP-Email (and ESG) can be found on the Upgrade Centers page.
Make sure the URL Analysis rule is enabled and on all policies:
Hide the actual URL from end-users:
Cloud Email Security
In the Cloud Email Security (CES) product, the databases are constantly updated. However, additional protection can be gained by opening each policy in your cloud email account and clicking the AntiVirus tab, then selecting Quarantine all messages containing encrypted archive files and Quarantine all encrypted messages.
If you are using the CES product and you have the URL Sandboxing add-on license, you can gain additional protection by turning on URL Sandboxing. Open each policy in your cloud account and click the URL Sandboxing tab. Make sure Analyze suspicious URLs is selected, and for maximum protection clear the box next to Allow the recipient to follow links to unclassified URLs.
Keywords: email blocking; quarantine; cloud email issue; encryption file issue; malware detection issue