KB Article | Forcepoint Support

Problem Description

You want to check that your organization is protected against WannaCryptor ransomware (also known as WannaCry, WanaCrypt0r, WCrypt, or WCRY)

Resolution

Important Forcepoint protects against Wannacryptor as long as databases used for protection are up to date and the security category is blocked in your policy.

To check if you are protected:

Look to see if the Forcepoint APX Master Database is up to date.
  1. Open TRITON Manager and click Web.
  2. On the Main tab, click Status, click Dashboard, and click Database Download.
  3. Check Database update status.
Note If the database is not up to date, initiate a database download by selecting the Filtering Service IP and clicking Update.

Verify that the scanning data files in the Forcepoint AP-Web Content Gateway are up to date.
  1. Open AP-WEB Content Gateway and click Monitor.
  2. Click Monitor, click My Proxy, and click Summary.
  3. Check the Security Scanning, Integrated Anti-Virus and that the date under Latest Update is for today's date. All of the other databases should be showing up to date, however some will have older dates.
Check that the security category is blocked in Forcepoint TRITON APX.
  1. Open TRITON Manager and click Web.
  2. On the Main, click Policy Management, click Polices and select the policy name.
  3. Under Category Filter look for the security category.
  4. If this is not already blocked for your policy, set the action to Block.




Keywords: wannacryptor; wannacry; wcrypt; wcry; wannacrypt04; ransomware

Article Feedback



Thank you for the feedback and comments.